[jira] [Commented] (PROTON-334) SASL Implementation for Proton C
[ https://issues.apache.org/jira/browse/PROTON-334?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14504472#comment-14504472 ] ASF GitHub Bot commented on PROTON-334: --- Github user asfgit closed the pull request at: https://github.com/apache/qpid-proton/pull/17 SASL Implementation for Proton C Key: PROTON-334 URL: https://issues.apache.org/jira/browse/PROTON-334 Project: Qpid Proton Issue Type: Wish Components: proton-c Reporter: Ted Ross Assignee: Andrew Stitcher It would be desirable to have the ability to use a plug-in module for SASL in Proton. The following implementations could then be developed: 1) A portable stand-alone plugin that does ANONYMOUS, PLAIN, and EXTERNAL 2) A Cyrus-Sasl based plugin for Linux 3) A Windows plugin -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (PROTON-334) SASL Implementation for Proton C
[ https://issues.apache.org/jira/browse/PROTON-334?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14504471#comment-14504471 ] ASF subversion and git services commented on PROTON-334: Commit b3bf328fda4e815b29dbffe08b6b710959706097 in qpid-proton's branch refs/heads/master from [~astitcher] [ https://git-wip-us.apache.org/repos/asf?p=qpid-proton.git;h=b3bf328 ] Land initial tranch of SASL work for PROTON-334 This closes #17 SASL Implementation for Proton C Key: PROTON-334 URL: https://issues.apache.org/jira/browse/PROTON-334 Project: Qpid Proton Issue Type: Wish Components: proton-c Reporter: Ted Ross Assignee: Andrew Stitcher It would be desirable to have the ability to use a plug-in module for SASL in Proton. The following implementations could then be developed: 1) A portable stand-alone plugin that does ANONYMOUS, PLAIN, and EXTERNAL 2) A Cyrus-Sasl based plugin for Linux 3) A Windows plugin -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (PROTON-334) SASL Implementation for Proton C
[ https://issues.apache.org/jira/browse/PROTON-334?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14504469#comment-14504469 ] ASF subversion and git services commented on PROTON-334: Commit 4a09c6a17f865df10f53fa61c8d2bc88d4627bb0 in qpid-proton's branch refs/heads/master from [~astitcher] [ https://git-wip-us.apache.org/repos/asf?p=qpid-proton.git;h=4a09c6a ] PROTON-334: SASL Implementation for Proton-C using Cyrus SASL This work Adds some new APIs to the transport and connection objects to make a higher level abstraction for authentication. This generally makes it much easier to use authentication. It also vastly changes the Proton C API for SASL and deprecates nearly all of the previous interface that allowed reading and writing individual SASL frames. SASL Implementation for Proton C Key: PROTON-334 URL: https://issues.apache.org/jira/browse/PROTON-334 Project: Qpid Proton Issue Type: Wish Components: proton-c Reporter: Ted Ross Assignee: Andrew Stitcher It would be desirable to have the ability to use a plug-in module for SASL in Proton. The following implementations could then be developed: 1) A portable stand-alone plugin that does ANONYMOUS, PLAIN, and EXTERNAL 2) A Cyrus-Sasl based plugin for Linux 3) A Windows plugin -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[GitHub] qpid-proton pull request: PROTON-334: SASL Implementation for Prot...
Github user asfgit closed the pull request at: https://github.com/apache/qpid-proton/pull/17 --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[jira] [Commented] (PROTON-334) SASL Implementation for Proton C
[ https://issues.apache.org/jira/browse/PROTON-334?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14504470#comment-14504470 ] ASF subversion and git services commented on PROTON-334: Commit 7cf0ababd4e59a54a1fb7cb7b535f4a75a2fcd9c in qpid-proton's branch refs/heads/master from [~astitcher] [ https://git-wip-us.apache.org/repos/asf?p=qpid-proton.git;h=7cf0aba ] PROTON-334: Tidied up Cyrus SASL detection in CMake - The CMake output messages now make some sense - Tidied up a few other little CMake annoyances SASL Implementation for Proton C Key: PROTON-334 URL: https://issues.apache.org/jira/browse/PROTON-334 Project: Qpid Proton Issue Type: Wish Components: proton-c Reporter: Ted Ross Assignee: Andrew Stitcher It would be desirable to have the ability to use a plug-in module for SASL in Proton. The following implementations could then be developed: 1) A portable stand-alone plugin that does ANONYMOUS, PLAIN, and EXTERNAL 2) A Cyrus-Sasl based plugin for Linux 3) A Windows plugin -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (PROTON-334) SASL Implementation for Proton C
[ https://issues.apache.org/jira/browse/PROTON-334?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14505468#comment-14505468 ] ASF GitHub Bot commented on PROTON-334: --- Github user dcristoloveanu commented on the pull request: https://github.com/apache/qpid-proton/pull/19#issuecomment-94899556 I'll take a look at PROTON-334 and see if we need anything extra. If so, I'll create another pull request. Could we merge in this pull request, as I removed the new SASL API from it? Thanks, /Dan SASL Implementation for Proton C Key: PROTON-334 URL: https://issues.apache.org/jira/browse/PROTON-334 Project: Qpid Proton Issue Type: Wish Components: proton-c Reporter: Ted Ross Assignee: Andrew Stitcher It would be desirable to have the ability to use a plug-in module for SASL in Proton. The following implementations could then be developed: 1) A portable stand-alone plugin that does ANONYMOUS, PLAIN, and EXTERNAL 2) A Cyrus-Sasl based plugin for Linux 3) A Windows plugin -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Created] (PROTON-855) Add axTLS (embedded SSL) support to proton-c
Tomasz Nowicki created PROTON-855: - Summary: Add axTLS (embedded SSL) support to proton-c Key: PROTON-855 URL: https://issues.apache.org/jira/browse/PROTON-855 Project: Qpid Proton Issue Type: New Feature Components: proton-c Affects Versions: 0.9 Environment: Platform independent Reporter: Tomasz Nowicki Fix For: 0.10 The axTLS embedded SSL project is a highly configurable client/server TLSv1 SSL library designed for platforms with small memory requirements. It comes with a small HTTP/HTTPS server and additional test tools. axTLS It's free! (BSD style licensing) http://axtls.sourceforge.net/ axTLS integration with proton is done on socket layer(posix layer). On the other hand OpenSSL integration with proton is done on the transport layer. To use both solutions we had to add two methods pn_ssl_recv i pn_ssl_send (daclared in include/ssl_io.h) which in openssl mode, without crypting, invoke native proton pn_send and pn_receive (io.c). In axTLS mode, those methods are replaced with proper axtls comunication methods. Those are defined in openssl.c, ssl_stub.c, axtls.c and located in src/ssl. Methods pn_ssl_recv and pn_ssl_send replace original pn_send and pn_recv used in pni_connection_writable(pn_selectable_t *sel), pni_connection_readable(pn_selectable_t *sel) (connection.c). Moreover we introduced new file axtls.c located in src/ssl. The file is an equivalent of openssl.c, implementing base ssl methods: PN_EXTERN pn_ssl_domain_t *pn_ssl_domain( pn_ssl_mode_t mode); PN_EXTERN void pn_ssl_domain_free( pn_ssl_domain_t *domain ); etc Example of axTLS integration with ex ActiveMQ: http://mail-archives.us.apache.org/mod_mbox/qpid-proton/201501.mbox/%3ccacl1bnc5jerbnikd_4fgkjqh13h5nl_2z-sszp3jg2t+ywa...@mail.gmail.com%3E -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (PROTON-856) idle timeout doesn't work in openssl mode
[ https://issues.apache.org/jira/browse/PROTON-856?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Adam Curylo updated PROTON-856: --- Description: pn_transport_set_idle_timeout doesn't work properly for ssl connection. There is a proper transport-error message (PN_TRANSPORT_ERROR amqp:resource-limit-exceeded: local-idle-timeout expired ) after timeout but connections still remains. It is different (wrong) behaviour than unencrypted connection. I've used for check it following example code (connection with ActiveMQ message broker): {code} #include proton/reactor.h #include proton/handlers.h #include proton/engine.h #include proton/message.h #include proton/ssl.h #include assert.h #include stdio.h #include string.h typedef pn_handler_t client_t; typedef struct { const char *hostname; const char *queue; const char *container; pn_session_t * session; pn_ssl_domain_t *sslDomain; } client_state_t; client_state_t *client_state(client_t *client) { return (client_state_t *) pn_handler_mem(client); } void client_cleanup(client_t *client) { client_state_t *cs = client_state(client); (void)cs; } void client_dispatch(pn_handler_t *client, pn_event_t *event, pn_event_type_t eventType) { client_state_t *state = client_state(client); switch (eventType) { case PN_TRANSPORT: { pn_transport_t * transport = pn_event_transport(event); assert(transport); pn_transport_set_idle_timeout(transport, 2); } break; case PN_TRANSPORT_ERROR: { pn_transport_t * transport = pn_event_transport(event); pn_error_t * error = pn_transport_error(transport); printf(PN_TRANSPORT_ERROR %s \n, pn_error_text(error)); } break; case PN_SELECTABLE_INIT: { //OpenSSL mode if (state-sslDomain == NULL) { state-sslDomain = pn_ssl_domain(PN_SSL_MODE_CLIENT); } if (pn_ssl_domain_set_credentials(state-sslDomain, ./device.polyx.crt, ./device.polyx.key, NULL) == 0) { pn_connection_t * conn = pn_session_connection(state-session); pn_transport_t * transport = pn_connection_transport(conn); assert(transport); pn_ssl_init(pn_ssl(transport), state-sslDomain, NULL); } } break; case PN_DELIVERY: { pn_link_t *link = pn_event_link(event); pn_delivery_t *dlv = pn_event_delivery(event); if (pn_link_is_receiver(link) !pn_delivery_partial(dlv)) { char buf[1024]; ssize_t n = pn_link_recv(link, buf, 1024); if (n 0) { pn_message_t *msg = pn_message(); pn_message_decode(msg, buf, n); pn_string_t *str = pn_string(NULL); pn_inspect(msg, str); printf(Got: %s\n, pn_string_get(str)); pn_message_free(msg); pn_free(str); } pn_delivery_settle(dlv); } } break; default: break; } } client_t *client_handler(const char *hostName, const char * queueName, const char * containerName) { client_t *client = pn_handler_new(client_dispatch, sizeof(client_state_t), client_cleanup); client_state_t *state = client_state(client); state-hostname = hostName; state-queue = queueName; state-container = containerName; state-sslDomain = NULL; state-session = NULL; return client; } int main(int argc, const char **argv) { pn_reactor_t *reactor = pn_reactor(); pn_handler_t *root = pn_reactor_get_handler(reactor); client_t *client = client_handler(localhost:5671, queue://example, example); pn_handler_add(root, client); pn_handler_add(root, pn_flowcontroller(1024)); pn_handler_add(root, pn_handshaker()); client_state_t *state = client_state(client); pn_connection_t *conn = pn_reactor_connection(reactor, client); pn_connection_set_container(conn, state-container); pn_connection_set_hostname(conn, state-hostname); pn_connection_open(conn); state-session = pn_session(conn); pn_session_open(state-session); pn_link_t * link = pn_receiver(state-session, state-container); pn_terminus_set_address(pn_link_source(link), state-queue); pn_terminus_set_address(pn_link_target(link), state-queue); pn_link_set_snd_settle_mode(link, PN_SND_UNSETTLED); pn_link_set_rcv_settle_mode(link, PN_RCV_SECOND); pn_link_open(link); pn_link_flow(link, 1); pn_reactor_run(reactor); if (state-sslDomain != NULL) { pn_ssl_domain_free(state-sslDomain); } pn_reactor_free(reactor); return 0; } {code} was: pn_transport_set_idle_timeout doesn't work properly for ssl connection. There is a proper transport-error message (PN_TRANSPORT_ERROR
[jira] [Updated] (PROTON-855) Add axTLS (embedded SSL) support to proton-c
[ https://issues.apache.org/jira/browse/PROTON-855?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Tomasz Nowicki updated PROTON-855: -- Description: The axTLS embedded SSL project is a highly configurable client/server TLSv1 SSL library designed for platforms with small memory requirements. It comes with a small HTTP/HTTPS server and additional test tools. axTLS It's free! (BSD style licensing) http://axtls.sourceforge.net/ axTLS integration with proton is done on socket layer(posix layer). On the other hand OpenSSL integration with proton is done on the transport layer. To use both solutions we had to add two methods pn_ssl_recv i pn_ssl_send (daclared in include/ssl_io.h) which in openssl mode, without crypting, invoke native proton pn_send and pn_receive (io.c). In axTLS mode, those methods are replaced with proper axtls comunication methods. Those are defined in openssl.c, ssl_stub.c, axtls.c and located in src/ssl. Methods pn_ssl_recv and pn_ssl_send replace original pn_send and pn_recv used in pni_connection_writable(pn_selectable_t *sel), pni_connection_readable(pn_selectable_t *sel) (connection.c). Moreover we introduced new file axtls.c located in src/ssl. The file is an equivalent of openssl.c, implementing base ssl methods: PN_EXTERN pn_ssl_domain_t *pn_ssl_domain( pn_ssl_mode_t mode); PN_EXTERN void pn_ssl_domain_free( pn_ssl_domain_t *domain ); etc Example of axTLS integration with ex ActiveMQ atatched(axtls_proton_example.c): It's based on http://mail-archives.us.apache.org/mod_mbox/qpid-proton/201501.mbox/%3ccacl1bnc5jerbnikd_4fgkjqh13h5nl_2z-sszp3jg2t+ywa...@mail.gmail.com%3E was: The axTLS embedded SSL project is a highly configurable client/server TLSv1 SSL library designed for platforms with small memory requirements. It comes with a small HTTP/HTTPS server and additional test tools. axTLS It's free! (BSD style licensing) http://axtls.sourceforge.net/ axTLS integration with proton is done on socket layer(posix layer). On the other hand OpenSSL integration with proton is done on the transport layer. To use both solutions we had to add two methods pn_ssl_recv i pn_ssl_send (daclared in include/ssl_io.h) which in openssl mode, without crypting, invoke native proton pn_send and pn_receive (io.c). In axTLS mode, those methods are replaced with proper axtls comunication methods. Those are defined in openssl.c, ssl_stub.c, axtls.c and located in src/ssl. Methods pn_ssl_recv and pn_ssl_send replace original pn_send and pn_recv used in pni_connection_writable(pn_selectable_t *sel), pni_connection_readable(pn_selectable_t *sel) (connection.c). Moreover we introduced new file axtls.c located in src/ssl. The file is an equivalent of openssl.c, implementing base ssl methods: PN_EXTERN pn_ssl_domain_t *pn_ssl_domain( pn_ssl_mode_t mode); PN_EXTERN void pn_ssl_domain_free( pn_ssl_domain_t *domain ); etc Example of axTLS integration with ex ActiveMQ: http://mail-archives.us.apache.org/mod_mbox/qpid-proton/201501.mbox/%3ccacl1bnc5jerbnikd_4fgkjqh13h5nl_2z-sszp3jg2t+ywa...@mail.gmail.com%3E Add axTLS (embedded SSL) support to proton-c Key: PROTON-855 URL: https://issues.apache.org/jira/browse/PROTON-855 Project: Qpid Proton Issue Type: New Feature Components: proton-c Affects Versions: 0.9 Environment: Platform independent Reporter: Tomasz Nowicki Labels: features Fix For: 0.10 Attachments: axtls.c, axtls_proton_example.c, qpidproton-AXTLS.patch, ssl_io.h Original Estimate: 0h Remaining Estimate: 0h The axTLS embedded SSL project is a highly configurable client/server TLSv1 SSL library designed for platforms with small memory requirements. It comes with a small HTTP/HTTPS server and additional test tools. axTLS It's free! (BSD style licensing) http://axtls.sourceforge.net/ axTLS integration with proton is done on socket layer(posix layer). On the other hand OpenSSL integration with proton is done on the transport layer. To use both solutions we had to add two methods pn_ssl_recv i pn_ssl_send (daclared in include/ssl_io.h) which in openssl mode, without crypting, invoke native proton pn_send and pn_receive (io.c). In axTLS mode, those methods are replaced with proper axtls comunication methods. Those are defined in openssl.c, ssl_stub.c, axtls.c and located in src/ssl. Methods pn_ssl_recv and pn_ssl_send replace original pn_send and pn_recv used in pni_connection_writable(pn_selectable_t *sel), pni_connection_readable(pn_selectable_t *sel) (connection.c). Moreover we introduced new file axtls.c located in src/ssl. The file is an equivalent of openssl.c, implementing base ssl methods: PN_EXTERN pn_ssl_domain_t *pn_ssl_domain( pn_ssl_mode_t mode); PN_EXTERN void pn_ssl_domain_free(
[GitHub] qpid-proton pull request: PROTON-853: stop erroneous attach being ...
Github user dnwe commented on the pull request: https://github.com/apache/qpid-proton/pull/21#issuecomment-94719493 @gemmellr sure, just pulling in this PR now and will run some scenarios through it --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[jira] [Commented] (PROTON-853) [proton-j] the transport emitted a new link attach for a link in the process of being detached
[ https://issues.apache.org/jira/browse/PROTON-853?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14504665#comment-14504665 ] ASF GitHub Bot commented on PROTON-853: --- Github user dnwe commented on the pull request: https://github.com/apache/qpid-proton/pull/21#issuecomment-94719493 @gemmellr sure, just pulling in this PR now and will run some scenarios through it [proton-j] the transport emitted a new link attach for a link in the process of being detached -- Key: PROTON-853 URL: https://issues.apache.org/jira/browse/PROTON-853 Project: Qpid Proton Issue Type: Bug Components: proton-j Affects Versions: 0.9 Reporter: Robbie Gemmell When upgrading to use 0.9 for the JMS client, we see some NPEs on the client as it tries processing the events being emitted by the connection. This was due to multiple link attach and detach frames arriving in the for the same consumer link. What appears to be happening is that while closing the consumer, after the client emits its detach frame proton then emits a new attach frame for the link, before the server responds to the original detach, even though the client made no attempt to recreate the consumer. It looks like the clients handling of a flow frame which arrived after it emitted the original detach meant that the link was modified, and the transport reacted by sending out a new attach. This appears to be due to a change made in 0.9 for PROTON-154. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
Re: problems with master after sasl changes
On 21 April 2015 at 14:48, Robbie Gemmell robbie.gemm...@gmail.com wrote: On 21 April 2015 at 12:52, Rafael Schloming r...@alum.mit.edu wrote: I'm seeing a couple of issues with the recently landed sasl changes. I'm getting four test failures in the python tests (see details at the end). I'm also seeing interop issues with the proton.js built prior to these changes, and with these changes in place the javascript build seems to be messed up (not finding new symbols). Is anyone else seeing similar issues? --Rafael proton_tests.sasl.SaslTest.testPipelined2 fail Error during test: Traceback (most recent call last): File /home/rhs/proton/tests/python/proton-test, line 355, in run phase() File /home/rhs/proton/tests/python/proton_tests/sasl.py, line 161, in testPipelined2 assert len(out1) 0 AssertionError proton_tests.sasl.SaslTest.testPipelinedClient ... fail Error during test: Traceback (most recent call last): File /home/rhs/proton/tests/python/proton-test, line 355, in run phase() File /home/rhs/proton/tests/python/proton_tests/sasl.py, line 68, in testPipelinedClient assert self.s1.outcome == SASL.OK AssertionError proton_tests.sasl.SaslTest.testPipelinedClientFail ... fail Error during test: Traceback (most recent call last): File /home/rhs/proton/tests/python/proton-test, line 355, in run phase() File /home/rhs/proton/tests/python/proton_tests/sasl.py, line 95, in testPipelinedClientFail assert self.s1.outcome == SASL.AUTH AssertionError proton_tests.sasl.SaslTest.testSaslAndAmqpInSingleChunk .. fail Error during test: Traceback (most recent call last): File /home/rhs/proton/tests/python/proton-test, line 355, in run phase() File /home/rhs/proton/tests/python/proton_tests/sasl.py, line 140, in testSaslAndAmqpInSingleChunk assert self.s2.outcome == SASL.OK AssertionError I dont have the javascript bits building, but the python tests are all passing for me. I updated, used git clean to do a clean up, then did a fresh build. Snippet of the SASL tests from ctest -V -R python-test: 2: proton_tests.sasl.SaslTest.testFracturedSASL pass 2: proton_tests.sasl.SaslTest.testPipelined2 ... pass 2: [0x4e009d0]:Authenticated user: anonymous with mechanism ANONYMOUS 2: proton_tests.sasl.SaslTest.testPipelinedClient .. pass 2: [0x4e03f10]:sasl error: SASL(-1): generic failure: Client mechanism not in mechanism inclusion list. 2: proton_tests.sasl.SaslTest.testPipelinedClientFail .. pass 2: [0x4e054c0]:Authenticated user: anonymous with mechanism ANONYMOUS 2: proton_tests.sasl.SaslTest.testSaslAndAmqpInSingleChunk . pass 2: proton_tests.sasl.SaslTest.testSaslSkipped .. pass 2: proton_tests.sasl.SaslTest.testSaslSkippedFail .. pass 2: proton_tests.sasl.SaslTest.test_singleton ... pass The only bit I wonder about (wihtout bothing to look further) is the 'generic failure' message in the middle. Of course, I might have spoke too soon. The Java build fails running a few of the tests: proton_tests.sasl.SaslTest.testSaslSkipped .. fail Error during test: Traceback (most recent call last): File /home/gemmellr/workspace/proton-throwaway/tests/python/proton-test, line 355, in run phase() File /home/gemmellr/workspace/proton-throwaway/tests/python/proton_tests/sasl.py, line 215, in testSaslSkipped self.t2.require_auth(False) File /home/gemmellr/workspace/proton-throwaway/tests/../proton-c/bindings/python/proton/__init__.py, line 3181, in require_auth pn_transport_require_auth(self._impl, bool) NameError: global name 'pn_transport_require_auth' is not defined proton_tests.sasl.SaslTest.testSaslSkippedFail .. fail Error during test: Traceback (most recent call last): File /home/gemmellr/workspace/proton-throwaway/tests/python/proton-test, line 355, in run phase() File /home/gemmellr/workspace/proton-throwaway/tests/python/proton_tests/sasl.py, line 227, in testSaslSkippedFail self.t2.require_auth(True) File /home/gemmellr/workspace/proton-throwaway/tests/../proton-c/bindings/python/proton/__init__.py, line 3181, in require_auth pn_transport_require_auth(self._impl, bool) NameError: global name 'pn_transport_require_auth' is not defined proton_tests.transport.TransportTest.testEOSAfterSASL ... fail Error during test: Traceback (most recent call last): File /home/gemmellr/workspace/proton-throwaway/tests/python/proton-test, line 355, in run phase() File
Re: problems with master after sasl changes
On 21 April 2015 at 12:52, Rafael Schloming r...@alum.mit.edu wrote: I'm seeing a couple of issues with the recently landed sasl changes. I'm getting four test failures in the python tests (see details at the end). I'm also seeing interop issues with the proton.js built prior to these changes, and with these changes in place the javascript build seems to be messed up (not finding new symbols). Is anyone else seeing similar issues? --Rafael proton_tests.sasl.SaslTest.testPipelined2 fail Error during test: Traceback (most recent call last): File /home/rhs/proton/tests/python/proton-test, line 355, in run phase() File /home/rhs/proton/tests/python/proton_tests/sasl.py, line 161, in testPipelined2 assert len(out1) 0 AssertionError proton_tests.sasl.SaslTest.testPipelinedClient ... fail Error during test: Traceback (most recent call last): File /home/rhs/proton/tests/python/proton-test, line 355, in run phase() File /home/rhs/proton/tests/python/proton_tests/sasl.py, line 68, in testPipelinedClient assert self.s1.outcome == SASL.OK AssertionError proton_tests.sasl.SaslTest.testPipelinedClientFail ... fail Error during test: Traceback (most recent call last): File /home/rhs/proton/tests/python/proton-test, line 355, in run phase() File /home/rhs/proton/tests/python/proton_tests/sasl.py, line 95, in testPipelinedClientFail assert self.s1.outcome == SASL.AUTH AssertionError proton_tests.sasl.SaslTest.testSaslAndAmqpInSingleChunk .. fail Error during test: Traceback (most recent call last): File /home/rhs/proton/tests/python/proton-test, line 355, in run phase() File /home/rhs/proton/tests/python/proton_tests/sasl.py, line 140, in testSaslAndAmqpInSingleChunk assert self.s2.outcome == SASL.OK AssertionError I dont have the javascript bits building, but the python tests are all passing for me. I updated, used git clean to do a clean up, then did a fresh build. Snippet of the SASL tests from ctest -V -R python-test: 2: proton_tests.sasl.SaslTest.testFracturedSASL pass 2: proton_tests.sasl.SaslTest.testPipelined2 ... pass 2: [0x4e009d0]:Authenticated user: anonymous with mechanism ANONYMOUS 2: proton_tests.sasl.SaslTest.testPipelinedClient .. pass 2: [0x4e03f10]:sasl error: SASL(-1): generic failure: Client mechanism not in mechanism inclusion list. 2: proton_tests.sasl.SaslTest.testPipelinedClientFail .. pass 2: [0x4e054c0]:Authenticated user: anonymous with mechanism ANONYMOUS 2: proton_tests.sasl.SaslTest.testSaslAndAmqpInSingleChunk . pass 2: proton_tests.sasl.SaslTest.testSaslSkipped .. pass 2: proton_tests.sasl.SaslTest.testSaslSkippedFail .. pass 2: proton_tests.sasl.SaslTest.test_singleton ... pass The only bit I wonder about (wihtout bothing to look further) is the 'generic failure' message in the middle.
[jira] [Updated] (PROTON-855) Add axTLS (embedded SSL) support to proton-c
[ https://issues.apache.org/jira/browse/PROTON-855?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Tomasz Nowicki updated PROTON-855: -- Attachment: qpidproton-AXTLS.patch Add axTLS (embedded SSL) support to proton-c Key: PROTON-855 URL: https://issues.apache.org/jira/browse/PROTON-855 Project: Qpid Proton Issue Type: New Feature Components: proton-c Affects Versions: 0.9 Environment: Platform independent Reporter: Tomasz Nowicki Labels: features Fix For: 0.10 Attachments: axtls.c, axtls_proton_example.c, qpidproton-AXTLS.patch, ssl_io.h Original Estimate: 0h Remaining Estimate: 0h The axTLS embedded SSL project is a highly configurable client/server TLSv1 SSL library designed for platforms with small memory requirements. It comes with a small HTTP/HTTPS server and additional test tools. axTLS It's free! (BSD style licensing) http://axtls.sourceforge.net/ axTLS integration with proton is done on socket layer(posix layer). On the other hand OpenSSL integration with proton is done on the transport layer. To use both solutions we had to add two methods pn_ssl_recv i pn_ssl_send (daclared in include/ssl_io.h) which in openssl mode, without crypting, invoke native proton pn_send and pn_receive (io.c). In axTLS mode, those methods are replaced with proper axtls comunication methods. Those are defined in openssl.c, ssl_stub.c, axtls.c and located in src/ssl. Methods pn_ssl_recv and pn_ssl_send replace original pn_send and pn_recv used in pni_connection_writable(pn_selectable_t *sel), pni_connection_readable(pn_selectable_t *sel) (connection.c). Moreover we introduced new file axtls.c located in src/ssl. The file is an equivalent of openssl.c, implementing base ssl methods: PN_EXTERN pn_ssl_domain_t *pn_ssl_domain( pn_ssl_mode_t mode); PN_EXTERN void pn_ssl_domain_free( pn_ssl_domain_t *domain ); etc Example of axTLS integration with ex ActiveMQ atatched(axtls_proton_example.c): It's based on http://mail-archives.us.apache.org/mod_mbox/qpid-proton/201501.mbox/%3ccacl1bnc5jerbnikd_4fgkjqh13h5nl_2z-sszp3jg2t+ywa...@mail.gmail.com%3E -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (PROTON-855) Add axTLS (embedded SSL) support to proton-c
[ https://issues.apache.org/jira/browse/PROTON-855?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Tomasz Nowicki updated PROTON-855: -- Attachment: (was: qpidproton-AXTLS.patch) Add axTLS (embedded SSL) support to proton-c Key: PROTON-855 URL: https://issues.apache.org/jira/browse/PROTON-855 Project: Qpid Proton Issue Type: New Feature Components: proton-c Affects Versions: 0.9 Environment: Platform independent Reporter: Tomasz Nowicki Labels: features Fix For: 0.10 Attachments: axtls.c, axtls_proton_example.c, qpidproton-AXTLS.patch, ssl_io.h Original Estimate: 0h Remaining Estimate: 0h The axTLS embedded SSL project is a highly configurable client/server TLSv1 SSL library designed for platforms with small memory requirements. It comes with a small HTTP/HTTPS server and additional test tools. axTLS It's free! (BSD style licensing) http://axtls.sourceforge.net/ axTLS integration with proton is done on socket layer(posix layer). On the other hand OpenSSL integration with proton is done on the transport layer. To use both solutions we had to add two methods pn_ssl_recv i pn_ssl_send (daclared in include/ssl_io.h) which in openssl mode, without crypting, invoke native proton pn_send and pn_receive (io.c). In axTLS mode, those methods are replaced with proper axtls comunication methods. Those are defined in openssl.c, ssl_stub.c, axtls.c and located in src/ssl. Methods pn_ssl_recv and pn_ssl_send replace original pn_send and pn_recv used in pni_connection_writable(pn_selectable_t *sel), pni_connection_readable(pn_selectable_t *sel) (connection.c). Moreover we introduced new file axtls.c located in src/ssl. The file is an equivalent of openssl.c, implementing base ssl methods: PN_EXTERN pn_ssl_domain_t *pn_ssl_domain( pn_ssl_mode_t mode); PN_EXTERN void pn_ssl_domain_free( pn_ssl_domain_t *domain ); etc Example of axTLS integration with ex ActiveMQ atatched(axtls_proton_example.c): It's based on http://mail-archives.us.apache.org/mod_mbox/qpid-proton/201501.mbox/%3ccacl1bnc5jerbnikd_4fgkjqh13h5nl_2z-sszp3jg2t+ywa...@mail.gmail.com%3E -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (PROTON-855) Add axTLS (embedded SSL) support to proton-c
[ https://issues.apache.org/jira/browse/PROTON-855?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Tomasz Nowicki updated PROTON-855: -- Attachment: axtls.c qpidproton-AXTLS.patch Add axTLS (embedded SSL) support to proton-c Key: PROTON-855 URL: https://issues.apache.org/jira/browse/PROTON-855 Project: Qpid Proton Issue Type: New Feature Components: proton-c Affects Versions: 0.9 Environment: Platform independent Reporter: Tomasz Nowicki Labels: features Fix For: 0.10 Attachments: axtls.c, qpidproton-AXTLS.patch Original Estimate: 0h Remaining Estimate: 0h The axTLS embedded SSL project is a highly configurable client/server TLSv1 SSL library designed for platforms with small memory requirements. It comes with a small HTTP/HTTPS server and additional test tools. axTLS It's free! (BSD style licensing) http://axtls.sourceforge.net/ axTLS integration with proton is done on socket layer(posix layer). On the other hand OpenSSL integration with proton is done on the transport layer. To use both solutions we had to add two methods pn_ssl_recv i pn_ssl_send (daclared in include/ssl_io.h) which in openssl mode, without crypting, invoke native proton pn_send and pn_receive (io.c). In axTLS mode, those methods are replaced with proper axtls comunication methods. Those are defined in openssl.c, ssl_stub.c, axtls.c and located in src/ssl. Methods pn_ssl_recv and pn_ssl_send replace original pn_send and pn_recv used in pni_connection_writable(pn_selectable_t *sel), pni_connection_readable(pn_selectable_t *sel) (connection.c). Moreover we introduced new file axtls.c located in src/ssl. The file is an equivalent of openssl.c, implementing base ssl methods: PN_EXTERN pn_ssl_domain_t *pn_ssl_domain( pn_ssl_mode_t mode); PN_EXTERN void pn_ssl_domain_free( pn_ssl_domain_t *domain ); etc Example of axTLS integration with ex ActiveMQ: http://mail-archives.us.apache.org/mod_mbox/qpid-proton/201501.mbox/%3ccacl1bnc5jerbnikd_4fgkjqh13h5nl_2z-sszp3jg2t+ywa...@mail.gmail.com%3E -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (PROTON-856) idle timeout doesn't work in openssl mode
[ https://issues.apache.org/jira/browse/PROTON-856?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Adam Curylo updated PROTON-856: --- Description: pn_transport_set_idle_timeout doesn't work properly for ssl connection. There is a proper transport-error message (PN_TRANSPORT_ERROR amqp:resource-limit-exceeded: local-idle-timeout expired ) after timeout but connections still remains. It is different (wrong) behaviour than for unencrypted connection. I've used for check it following example code (connection with ActiveMQ message broker): #include proton/reactor.h #include proton/handlers.h #include proton/engine.h #include proton/message.h #include proton/ssl.h #include proton/ssl_io.h #include assert.h #include stdio.h #include string.h typedef pn_handler_t client_t; typedef struct { const char *hostname; const char *queue; const char *container; pn_session_t * session; pn_ssl_domain_t *sslDomain; } client_state_t; client_state_t *client_state(client_t *client) { return (client_state_t *) pn_handler_mem(client); } void client_cleanup(client_t *client) { client_state_t *cs = client_state(client); (void)cs; } void client_dispatch(pn_handler_t *client, pn_event_t *event, pn_event_type_t eventType) { client_state_t *state = client_state(client); switch (eventType) { case PN_TRANSPORT: { pn_transport_t * transport = pn_event_transport(event); assert(transport); pn_transport_set_idle_timeout(transport, 2); } break; case PN_TRANSPORT_ERROR: { pn_transport_t * transport = pn_event_transport(event); pn_error_t * error = pn_transport_error(transport); printf(PN_TRANSPORT_ERROR %s \n, pn_error_text(error)); } break; case PN_SELECTABLE_INIT: { //OpenSSL mode if (state-sslDomain == NULL) { state-sslDomain = pn_ssl_domain(PN_SSL_MODE_CLIENT); } if (pn_ssl_domain_set_credentials(state-sslDomain, ./device.polyx.crt, ./device.polyx.key, NULL) == 0) { pn_connection_t * conn = pn_session_connection(state-session); pn_transport_t * transport = pn_connection_transport(conn); assert(transport); pn_ssl_init(pn_ssl(transport), state-sslDomain, NULL); } } break; case PN_DELIVERY: { pn_link_t *link = pn_event_link(event); pn_delivery_t *dlv = pn_event_delivery(event); if (pn_link_is_receiver(link) !pn_delivery_partial(dlv)) { char buf[1024]; ssize_t n = pn_link_recv(link, buf, 1024); if (n 0) { pn_message_t *msg = pn_message(); pn_message_decode(msg, buf, n); pn_string_t *str = pn_string(NULL); pn_inspect(msg, str); printf(Got: %s\n, pn_string_get(str)); pn_message_free(msg); pn_free(str); } pn_delivery_settle(dlv); } } break; default: break; } } client_t *client_handler(const char *hostName, const char * queueName, const char * containerName) { client_t *client = pn_handler_new(client_dispatch, sizeof(client_state_t), client_cleanup); client_state_t *state = client_state(client); state-hostname = hostName; state-queue = queueName; state-container = containerName; state-sslDomain = NULL; state-session = NULL; return client; } int main(int argc, const char **argv) { pn_reactor_t *reactor = pn_reactor(); pn_handler_t *root = pn_reactor_get_handler(reactor); client_t *client = client_handler(localhost:5671, queue://example, example); pn_handler_add(root, client); pn_handler_add(root, pn_flowcontroller(1024)); pn_handler_add(root, pn_handshaker()); client_state_t *state = client_state(client); pn_connection_t *conn = pn_reactor_connection(reactor, client); pn_connection_set_container(conn, state-container); pn_connection_set_hostname(conn, state-hostname); pn_connection_open(conn); state-session = pn_session(conn); pn_session_open(state-session); pn_link_t * link = pn_receiver(state-session, state-container); pn_terminus_set_address(pn_link_source(link), state-queue); pn_terminus_set_address(pn_link_target(link), state-queue); pn_link_set_snd_settle_mode(link, PN_SND_UNSETTLED); pn_link_set_rcv_settle_mode(link, PN_RCV_SECOND); pn_link_open(link); pn_link_flow(link, 1); pn_reactor_run(reactor); if (state-sslDomain != NULL) { pn_ssl_domain_free(state-sslDomain); } pn_reactor_free(reactor); return 0; } was: pn_transport_set_idle_timeout doesn't work properly for ssl connection. There is a proper transport-error message
[jira] [Updated] (PROTON-855) Add axTLS (embedded SSL) support to proton-c
[ https://issues.apache.org/jira/browse/PROTON-855?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Tomasz Nowicki updated PROTON-855: -- Attachment: ssl_io.h Add axTLS (embedded SSL) support to proton-c Key: PROTON-855 URL: https://issues.apache.org/jira/browse/PROTON-855 Project: Qpid Proton Issue Type: New Feature Components: proton-c Affects Versions: 0.9 Environment: Platform independent Reporter: Tomasz Nowicki Labels: features Fix For: 0.10 Attachments: axtls.c, qpidproton-AXTLS.patch, ssl_io.h Original Estimate: 0h Remaining Estimate: 0h The axTLS embedded SSL project is a highly configurable client/server TLSv1 SSL library designed for platforms with small memory requirements. It comes with a small HTTP/HTTPS server and additional test tools. axTLS It's free! (BSD style licensing) http://axtls.sourceforge.net/ axTLS integration with proton is done on socket layer(posix layer). On the other hand OpenSSL integration with proton is done on the transport layer. To use both solutions we had to add two methods pn_ssl_recv i pn_ssl_send (daclared in include/ssl_io.h) which in openssl mode, without crypting, invoke native proton pn_send and pn_receive (io.c). In axTLS mode, those methods are replaced with proper axtls comunication methods. Those are defined in openssl.c, ssl_stub.c, axtls.c and located in src/ssl. Methods pn_ssl_recv and pn_ssl_send replace original pn_send and pn_recv used in pni_connection_writable(pn_selectable_t *sel), pni_connection_readable(pn_selectable_t *sel) (connection.c). Moreover we introduced new file axtls.c located in src/ssl. The file is an equivalent of openssl.c, implementing base ssl methods: PN_EXTERN pn_ssl_domain_t *pn_ssl_domain( pn_ssl_mode_t mode); PN_EXTERN void pn_ssl_domain_free( pn_ssl_domain_t *domain ); etc Example of axTLS integration with ex ActiveMQ: http://mail-archives.us.apache.org/mod_mbox/qpid-proton/201501.mbox/%3ccacl1bnc5jerbnikd_4fgkjqh13h5nl_2z-sszp3jg2t+ywa...@mail.gmail.com%3E -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[GitHub] qpid-proton pull request: PROTON-853: stop erroneous attach being ...
Github user rhs commented on the pull request: https://github.com/apache/qpid-proton/pull/21#issuecomment-94755563 +1 from me Initially I thought this wouldn't account for detach properly, but looking at the code I managed to convince myself that it will. If you have time, however, it would be nice to augment/add a test of the detach scenario. --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[jira] [Commented] (PROTON-853) [proton-j] the transport emitted a new link attach for a link in the process of being detached
[ https://issues.apache.org/jira/browse/PROTON-853?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14504801#comment-14504801 ] ASF GitHub Bot commented on PROTON-853: --- Github user rhs commented on the pull request: https://github.com/apache/qpid-proton/pull/21#issuecomment-94755563 +1 from me Initially I thought this wouldn't account for detach properly, but looking at the code I managed to convince myself that it will. If you have time, however, it would be nice to augment/add a test of the detach scenario. [proton-j] the transport emitted a new link attach for a link in the process of being detached -- Key: PROTON-853 URL: https://issues.apache.org/jira/browse/PROTON-853 Project: Qpid Proton Issue Type: Bug Components: proton-j Affects Versions: 0.9 Reporter: Robbie Gemmell When upgrading to use 0.9 for the JMS client, we see some NPEs on the client as it tries processing the events being emitted by the connection. This was due to multiple link attach and detach frames arriving in the for the same consumer link. What appears to be happening is that while closing the consumer, after the client emits its detach frame proton then emits a new attach frame for the link, before the server responds to the original detach, even though the client made no attempt to recreate the consumer. It looks like the clients handling of a flow frame which arrived after it emitted the original detach meant that the link was modified, and the transport reacted by sending out a new attach. This appears to be due to a change made in 0.9 for PROTON-154. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (PROTON-334) SASL Implementation for Proton C
[ https://issues.apache.org/jira/browse/PROTON-334?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14505176#comment-14505176 ] ASF GitHub Bot commented on PROTON-334: --- Github user astitcher commented on the pull request: https://github.com/apache/qpid-proton/pull/19#issuecomment-94854481 @dcristoloveanu I've landed PROTON-334 now, so you should check that trunk now does what you want. SASL Implementation for Proton C Key: PROTON-334 URL: https://issues.apache.org/jira/browse/PROTON-334 Project: Qpid Proton Issue Type: Wish Components: proton-c Reporter: Ted Ross Assignee: Andrew Stitcher It would be desirable to have the ability to use a plug-in module for SASL in Proton. The following implementations could then be developed: 1) A portable stand-alone plugin that does ANONYMOUS, PLAIN, and EXTERNAL 2) A Cyrus-Sasl based plugin for Linux 3) A Windows plugin -- This message was sent by Atlassian JIRA (v6.3.4#6332)
Re: problems with master after sasl changes
On Tue, 2015-04-21 at 14:56 +0100, Robbie Gemmell wrote: On 21 April 2015 at 14:48, Robbie Gemmell robbie.gemm...@gmail.com wrote: On 21 April 2015 at 12:52, Rafael Schloming r...@alum.mit.edu wrote: I'm seeing a couple of issues with the recently landed sasl changes. I'm getting four test failures in the python tests (see details at the end). I'm also seeing interop issues with the proton.js built prior to these changes, and with these changes in place the javascript build seems to be messed up (not finding new symbols). Is anyone else seeing similar issues? Those failures *were* certainly there along the development process, in my builds they're gone. I have to admit that I don't have the emscripten environment so I have tested the javascript work, so let me know if this is the result from javascript tests, and I guess I'll have to put some effort into getting that environment. ... Of course, I might have spoke too soon. The Java build fails running a few of the tests: This is usually caused by out of date jython bits, the maven rules don't seem to clean enough, try removing all the target directories from the source tree, then failing that all the py$class files. My java tests are running. Andrew
[GitHub] qpid-proton pull request: Mbed minor changes and sasl mech
Github user astitcher commented on the pull request: https://github.com/apache/qpid-proton/pull/19#issuecomment-94854481 @dcristoloveanu I've landed PROTON-334 now, so you should check that trunk now does what you want. --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[jira] [Created] (PROTON-856) idle timeout doesn't work in openssl mode
Adam Curylo created PROTON-856: -- Summary: idle timeout doesn't work in openssl mode Key: PROTON-856 URL: https://issues.apache.org/jira/browse/PROTON-856 Project: Qpid Proton Issue Type: Bug Components: proton-c Affects Versions: 0.9 Environment: Kubuntu 12.04 LTS (64 bit), Intel Core i5, 2 Gb of RAM on VMware Player. ActiveMQ broker on localhost machine. Reporter: Adam Curylo pn_transport_set_idle_timeout doesn't work properly for ssl connection. There is a proper transport-error message (PN_TRANSPORT_ERROR amqp:resource-limit-exceeded: local-idle-timeout expired ) after timeout but connections still remains. It is different (wrong) behaviour than unencrypted connection. I've used for check it following example code (connection with ActiveMQ message broker): #include proton/reactor.h #include proton/handlers.h #include proton/engine.h #include proton/message.h #include proton/ssl.h #include proton/ssl_io.h #include assert.h #include stdio.h #include string.h typedef pn_handler_t client_t; typedef struct { const char *hostname; const char *queue; const char *container; pn_session_t * session; pn_ssl_domain_t *sslDomain; } client_state_t; client_state_t *client_state(client_t *client) { return (client_state_t *) pn_handler_mem(client); } void client_cleanup(client_t *client) { client_state_t *cs = client_state(client); (void)cs; } void client_dispatch(pn_handler_t *client, pn_event_t *event, pn_event_type_t eventType) { client_state_t *state = client_state(client); switch (eventType) { case PN_TRANSPORT: { pn_transport_t * transport = pn_event_transport(event); assert(transport); pn_transport_set_idle_timeout(transport, 2); } break; case PN_TRANSPORT_ERROR: { pn_transport_t * transport = pn_event_transport(event); pn_error_t * error = pn_transport_error(transport); printf(PN_TRANSPORT_ERROR %s \n, pn_error_text(error)); } break; case PN_SELECTABLE_INIT: { //OpenSSL mode if (state-sslDomain == NULL) { state-sslDomain = pn_ssl_domain(PN_SSL_MODE_CLIENT); } if (pn_ssl_domain_set_credentials(state-sslDomain, ./device.polyx.crt, ./device.polyx.key, NULL) == 0) { pn_connection_t * conn = pn_session_connection(state-session); pn_transport_t * transport = pn_connection_transport(conn); assert(transport); pn_ssl_init(pn_ssl(transport), state-sslDomain, NULL); } } break; case PN_DELIVERY: { pn_link_t *link = pn_event_link(event); pn_delivery_t *dlv = pn_event_delivery(event); if (pn_link_is_receiver(link) !pn_delivery_partial(dlv)) { char buf[1024]; ssize_t n = pn_link_recv(link, buf, 1024); if (n 0) { pn_message_t *msg = pn_message(); pn_message_decode(msg, buf, n); pn_string_t *str = pn_string(NULL); pn_inspect(msg, str); printf(Got: %s\n, pn_string_get(str)); pn_message_free(msg); pn_free(str); } pn_delivery_settle(dlv); } } break; default: break; } } client_t *client_handler(const char *hostName, const char * queueName, const char * containerName) { client_t *client = pn_handler_new(client_dispatch, sizeof(client_state_t), client_cleanup); client_state_t *state = client_state(client); state-hostname = hostName; state-queue = queueName; state-container = containerName; state-sslDomain = NULL; state-session = NULL; return client; } int main(int argc, const char **argv) { pn_reactor_t *reactor = pn_reactor(); pn_handler_t *root = pn_reactor_get_handler(reactor); client_t *client = client_handler(localhost:5671, queue://example, example); pn_handler_add(root, client); pn_handler_add(root, pn_flowcontroller(1024)); pn_handler_add(root, pn_handshaker()); client_state_t *state = client_state(client); pn_connection_t *conn = pn_reactor_connection(reactor, client); pn_connection_set_container(conn, state-container); pn_connection_set_hostname(conn, state-hostname); pn_connection_open(conn); state-session = pn_session(conn); pn_session_open(state-session); pn_link_t * link = pn_receiver(state-session, state-container); pn_terminus_set_address(pn_link_source(link), state-queue); pn_terminus_set_address(pn_link_target(link), state-queue); pn_link_set_snd_settle_mode(link, PN_SND_UNSETTLED); pn_link_set_rcv_settle_mode(link, PN_RCV_SECOND); pn_link_open(link); pn_link_flow(link, 1);
[jira] [Updated] (PROTON-856) idle timeout doesn't work in openssl mode
[ https://issues.apache.org/jira/browse/PROTON-856?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Adam Curylo updated PROTON-856: --- Description: pn_transport_set_idle_timeout doesn't work properly for ssl connection. There is a proper transport-error message (PN_TRANSPORT_ERROR amqp:resource-limit-exceeded: local-idle-timeout expired ) after timeout but connections still remains. It is different (wrong) behaviour than unencrypted connection. I've used for check it following example code (connection with ActiveMQ message broker): {code} #include proton/reactor.h #include proton/handlers.h #include proton/engine.h #include proton/message.h #include proton/ssl.h #include proton/ssl_io.h #include assert.h #include stdio.h #include string.h typedef pn_handler_t client_t; typedef struct { const char *hostname; const char *queue; const char *container; pn_session_t * session; pn_ssl_domain_t *sslDomain; } client_state_t; client_state_t *client_state(client_t *client) { return (client_state_t *) pn_handler_mem(client); } void client_cleanup(client_t *client) { client_state_t *cs = client_state(client); (void)cs; } void client_dispatch(pn_handler_t *client, pn_event_t *event, pn_event_type_t eventType) { client_state_t *state = client_state(client); switch (eventType) { case PN_TRANSPORT: { pn_transport_t * transport = pn_event_transport(event); assert(transport); pn_transport_set_idle_timeout(transport, 2); } break; case PN_TRANSPORT_ERROR: { pn_transport_t * transport = pn_event_transport(event); pn_error_t * error = pn_transport_error(transport); printf(PN_TRANSPORT_ERROR %s \n, pn_error_text(error)); } break; case PN_SELECTABLE_INIT: { //OpenSSL mode if (state-sslDomain == NULL) { state-sslDomain = pn_ssl_domain(PN_SSL_MODE_CLIENT); } if (pn_ssl_domain_set_credentials(state-sslDomain, ./device.polyx.crt, ./device.polyx.key, NULL) == 0) { pn_connection_t * conn = pn_session_connection(state-session); pn_transport_t * transport = pn_connection_transport(conn); assert(transport); pn_ssl_init(pn_ssl(transport), state-sslDomain, NULL); } } break; case PN_DELIVERY: { pn_link_t *link = pn_event_link(event); pn_delivery_t *dlv = pn_event_delivery(event); if (pn_link_is_receiver(link) !pn_delivery_partial(dlv)) { char buf[1024]; ssize_t n = pn_link_recv(link, buf, 1024); if (n 0) { pn_message_t *msg = pn_message(); pn_message_decode(msg, buf, n); pn_string_t *str = pn_string(NULL); pn_inspect(msg, str); printf(Got: %s\n, pn_string_get(str)); pn_message_free(msg); pn_free(str); } pn_delivery_settle(dlv); } } break; default: break; } } client_t *client_handler(const char *hostName, const char * queueName, const char * containerName) { client_t *client = pn_handler_new(client_dispatch, sizeof(client_state_t), client_cleanup); client_state_t *state = client_state(client); state-hostname = hostName; state-queue = queueName; state-container = containerName; state-sslDomain = NULL; state-session = NULL; return client; } int main(int argc, const char **argv) { pn_reactor_t *reactor = pn_reactor(); pn_handler_t *root = pn_reactor_get_handler(reactor); client_t *client = client_handler(localhost:5671, queue://example, example); pn_handler_add(root, client); pn_handler_add(root, pn_flowcontroller(1024)); pn_handler_add(root, pn_handshaker()); client_state_t *state = client_state(client); pn_connection_t *conn = pn_reactor_connection(reactor, client); pn_connection_set_container(conn, state-container); pn_connection_set_hostname(conn, state-hostname); pn_connection_open(conn); state-session = pn_session(conn); pn_session_open(state-session); pn_link_t * link = pn_receiver(state-session, state-container); pn_terminus_set_address(pn_link_source(link), state-queue); pn_terminus_set_address(pn_link_target(link), state-queue); pn_link_set_snd_settle_mode(link, PN_SND_UNSETTLED); pn_link_set_rcv_settle_mode(link, PN_RCV_SECOND); pn_link_open(link); pn_link_flow(link, 1); pn_reactor_run(reactor); if (state-sslDomain != NULL) { pn_ssl_domain_free(state-sslDomain); } pn_reactor_free(reactor); return 0; } {code} was: pn_transport_set_idle_timeout doesn't work properly for ssl connection. There is a proper transport-error message
[jira] [Updated] (PROTON-855) Add axTLS (embedded SSL) support to proton-c
[ https://issues.apache.org/jira/browse/PROTON-855?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Tomasz Nowicki updated PROTON-855: -- Attachment: axtls_proton_example.c Add axTLS (embedded SSL) support to proton-c Key: PROTON-855 URL: https://issues.apache.org/jira/browse/PROTON-855 Project: Qpid Proton Issue Type: New Feature Components: proton-c Affects Versions: 0.9 Environment: Platform independent Reporter: Tomasz Nowicki Labels: features Fix For: 0.10 Attachments: axtls.c, axtls_proton_example.c, qpidproton-AXTLS.patch, ssl_io.h Original Estimate: 0h Remaining Estimate: 0h The axTLS embedded SSL project is a highly configurable client/server TLSv1 SSL library designed for platforms with small memory requirements. It comes with a small HTTP/HTTPS server and additional test tools. axTLS It's free! (BSD style licensing) http://axtls.sourceforge.net/ axTLS integration with proton is done on socket layer(posix layer). On the other hand OpenSSL integration with proton is done on the transport layer. To use both solutions we had to add two methods pn_ssl_recv i pn_ssl_send (daclared in include/ssl_io.h) which in openssl mode, without crypting, invoke native proton pn_send and pn_receive (io.c). In axTLS mode, those methods are replaced with proper axtls comunication methods. Those are defined in openssl.c, ssl_stub.c, axtls.c and located in src/ssl. Methods pn_ssl_recv and pn_ssl_send replace original pn_send and pn_recv used in pni_connection_writable(pn_selectable_t *sel), pni_connection_readable(pn_selectable_t *sel) (connection.c). Moreover we introduced new file axtls.c located in src/ssl. The file is an equivalent of openssl.c, implementing base ssl methods: PN_EXTERN pn_ssl_domain_t *pn_ssl_domain( pn_ssl_mode_t mode); PN_EXTERN void pn_ssl_domain_free( pn_ssl_domain_t *domain ); etc Example of axTLS integration with ex ActiveMQ: http://mail-archives.us.apache.org/mod_mbox/qpid-proton/201501.mbox/%3ccacl1bnc5jerbnikd_4fgkjqh13h5nl_2z-sszp3jg2t+ywa...@mail.gmail.com%3E -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (PROTON-853) [proton-j] the transport emitted a new link attach for a link in the process of being detached
[ https://issues.apache.org/jira/browse/PROTON-853?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14504726#comment-14504726 ] ASF GitHub Bot commented on PROTON-853: --- Github user gemmellr commented on the pull request: https://github.com/apache/qpid-proton/pull/21#issuecomment-94736378 Just a note to say, the new test will currently fail against proton-c just now, but Gordons fix from PROTON-850 resolves that. I mentioned this to him and he will push it in at some point. [proton-j] the transport emitted a new link attach for a link in the process of being detached -- Key: PROTON-853 URL: https://issues.apache.org/jira/browse/PROTON-853 Project: Qpid Proton Issue Type: Bug Components: proton-j Affects Versions: 0.9 Reporter: Robbie Gemmell When upgrading to use 0.9 for the JMS client, we see some NPEs on the client as it tries processing the events being emitted by the connection. This was due to multiple link attach and detach frames arriving in the for the same consumer link. What appears to be happening is that while closing the consumer, after the client emits its detach frame proton then emits a new attach frame for the link, before the server responds to the original detach, even though the client made no attempt to recreate the consumer. It looks like the clients handling of a flow frame which arrived after it emitted the original detach meant that the link was modified, and the transport reacted by sending out a new attach. This appears to be due to a change made in 0.9 for PROTON-154. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[GitHub] qpid-proton pull request: PROTON-853: stop erroneous attach being ...
Github user gemmellr commented on the pull request: https://github.com/apache/qpid-proton/pull/21#issuecomment-94736378 Just a note to say, the new test will currently fail against proton-c just now, but Gordons fix from PROTON-850 resolves that. I mentioned this to him and he will push it in at some point. --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[jira] [Updated] (PROTON-855) Add axTLS (embedded SSL) support to proton-c
[ https://issues.apache.org/jira/browse/PROTON-855?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Tomasz Nowicki updated PROTON-855: -- Attachment: qpidproton-AXTLS.patch Add axTLS (embedded SSL) support to proton-c Key: PROTON-855 URL: https://issues.apache.org/jira/browse/PROTON-855 Project: Qpid Proton Issue Type: New Feature Components: proton-c Affects Versions: 0.9 Environment: Platform independent Reporter: Tomasz Nowicki Labels: features Fix For: 0.10 Attachments: axtls.c, qpidproton-AXTLS.patch, ssl_io.h Original Estimate: 0h Remaining Estimate: 0h The axTLS embedded SSL project is a highly configurable client/server TLSv1 SSL library designed for platforms with small memory requirements. It comes with a small HTTP/HTTPS server and additional test tools. axTLS It's free! (BSD style licensing) http://axtls.sourceforge.net/ axTLS integration with proton is done on socket layer(posix layer). On the other hand OpenSSL integration with proton is done on the transport layer. To use both solutions we had to add two methods pn_ssl_recv i pn_ssl_send (daclared in include/ssl_io.h) which in openssl mode, without crypting, invoke native proton pn_send and pn_receive (io.c). In axTLS mode, those methods are replaced with proper axtls comunication methods. Those are defined in openssl.c, ssl_stub.c, axtls.c and located in src/ssl. Methods pn_ssl_recv and pn_ssl_send replace original pn_send and pn_recv used in pni_connection_writable(pn_selectable_t *sel), pni_connection_readable(pn_selectable_t *sel) (connection.c). Moreover we introduced new file axtls.c located in src/ssl. The file is an equivalent of openssl.c, implementing base ssl methods: PN_EXTERN pn_ssl_domain_t *pn_ssl_domain( pn_ssl_mode_t mode); PN_EXTERN void pn_ssl_domain_free( pn_ssl_domain_t *domain ); etc Example of axTLS integration with ex ActiveMQ: http://mail-archives.us.apache.org/mod_mbox/qpid-proton/201501.mbox/%3ccacl1bnc5jerbnikd_4fgkjqh13h5nl_2z-sszp3jg2t+ywa...@mail.gmail.com%3E -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (PROTON-855) Add axTLS (embedded SSL) support to proton-c
[ https://issues.apache.org/jira/browse/PROTON-855?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Tomasz Nowicki updated PROTON-855: -- Attachment: (was: qpidproton-AXTLS.patch) Add axTLS (embedded SSL) support to proton-c Key: PROTON-855 URL: https://issues.apache.org/jira/browse/PROTON-855 Project: Qpid Proton Issue Type: New Feature Components: proton-c Affects Versions: 0.9 Environment: Platform independent Reporter: Tomasz Nowicki Labels: features Fix For: 0.10 Attachments: axtls.c, qpidproton-AXTLS.patch, ssl_io.h Original Estimate: 0h Remaining Estimate: 0h The axTLS embedded SSL project is a highly configurable client/server TLSv1 SSL library designed for platforms with small memory requirements. It comes with a small HTTP/HTTPS server and additional test tools. axTLS It's free! (BSD style licensing) http://axtls.sourceforge.net/ axTLS integration with proton is done on socket layer(posix layer). On the other hand OpenSSL integration with proton is done on the transport layer. To use both solutions we had to add two methods pn_ssl_recv i pn_ssl_send (daclared in include/ssl_io.h) which in openssl mode, without crypting, invoke native proton pn_send and pn_receive (io.c). In axTLS mode, those methods are replaced with proper axtls comunication methods. Those are defined in openssl.c, ssl_stub.c, axtls.c and located in src/ssl. Methods pn_ssl_recv and pn_ssl_send replace original pn_send and pn_recv used in pni_connection_writable(pn_selectable_t *sel), pni_connection_readable(pn_selectable_t *sel) (connection.c). Moreover we introduced new file axtls.c located in src/ssl. The file is an equivalent of openssl.c, implementing base ssl methods: PN_EXTERN pn_ssl_domain_t *pn_ssl_domain( pn_ssl_mode_t mode); PN_EXTERN void pn_ssl_domain_free( pn_ssl_domain_t *domain ); etc Example of axTLS integration with ex ActiveMQ: http://mail-archives.us.apache.org/mod_mbox/qpid-proton/201501.mbox/%3ccacl1bnc5jerbnikd_4fgkjqh13h5nl_2z-sszp3jg2t+ywa...@mail.gmail.com%3E -- This message was sent by Atlassian JIRA (v6.3.4#6332)
problems with master after sasl changes
I'm seeing a couple of issues with the recently landed sasl changes. I'm getting four test failures in the python tests (see details at the end). I'm also seeing interop issues with the proton.js built prior to these changes, and with these changes in place the javascript build seems to be messed up (not finding new symbols). Is anyone else seeing similar issues? --Rafael proton_tests.sasl.SaslTest.testPipelined2 fail Error during test: Traceback (most recent call last): File /home/rhs/proton/tests/python/proton-test, line 355, in run phase() File /home/rhs/proton/tests/python/proton_tests/sasl.py, line 161, in testPipelined2 assert len(out1) 0 AssertionError proton_tests.sasl.SaslTest.testPipelinedClient ... fail Error during test: Traceback (most recent call last): File /home/rhs/proton/tests/python/proton-test, line 355, in run phase() File /home/rhs/proton/tests/python/proton_tests/sasl.py, line 68, in testPipelinedClient assert self.s1.outcome == SASL.OK AssertionError proton_tests.sasl.SaslTest.testPipelinedClientFail ... fail Error during test: Traceback (most recent call last): File /home/rhs/proton/tests/python/proton-test, line 355, in run phase() File /home/rhs/proton/tests/python/proton_tests/sasl.py, line 95, in testPipelinedClientFail assert self.s1.outcome == SASL.AUTH AssertionError proton_tests.sasl.SaslTest.testSaslAndAmqpInSingleChunk .. fail Error during test: Traceback (most recent call last): File /home/rhs/proton/tests/python/proton-test, line 355, in run phase() File /home/rhs/proton/tests/python/proton_tests/sasl.py, line 140, in testSaslAndAmqpInSingleChunk assert self.s2.outcome == SASL.OK AssertionError
Re: problems with master after sasl changes
On 21 April 2015 at 17:04, Andrew Stitcher astitc...@redhat.com wrote: On Tue, 2015-04-21 at 14:56 +0100, Robbie Gemmell wrote: On 21 April 2015 at 14:48, Robbie Gemmell robbie.gemm...@gmail.com wrote: On 21 April 2015 at 12:52, Rafael Schloming r...@alum.mit.edu wrote: I'm seeing a couple of issues with the recently landed sasl changes. I'm getting four test failures in the python tests (see details at the end). I'm also seeing interop issues with the proton.js built prior to these changes, and with these changes in place the javascript build seems to be messed up (not finding new symbols). Is anyone else seeing similar issues? Those failures *were* certainly there along the development process, in my builds they're gone. I have to admit that I don't have the emscripten environment so I have tested the javascript work, so let me know if this is the result from javascript tests, and I guess I'll have to put some effort into getting that environment. ... Of course, I might have spoke too soon. The Java build fails running a few of the tests: This is usually caused by out of date jython bits, the maven rules don't seem to clean enough, try removing all the target directories from the source tree, then failing that all the py$class files. My java tests are running. Andrew Yep that was my bad. Although I had done a git clean to blow everything away before running the proton-c build beforehand, I had made a copy of my checkout earlier to do test something out and ended up running the java build in that by mistake (noting the /proton-throwaway in the paths). Running them in the correct place, which had been cleaned, they do pass. The CI job agrees that everything is well.