Re: Proton-c SSL Connection
I figured out some of the issue, and I believe that it had to do with the client not finding the proper trust store. I am now getting the following with PN_TRACE_FRM=1: [0x1d45e00]: - AMQP [0x1d45e00]:0 - @open(16) [container-id=dc8f96e5-4f0f-4944-8793-acec19793c40, hostname=127.0.0.1] [0x1d45e00]:0 - @begin(17) [next-outgoing-id=0, incoming-window=2147483647, outgoing-window=0] [0x1d45e00]:0 - @attach(18) [name=topic://test, handle=0, role=true, snd-settle-mode=2, rcv-settle-mode=0, source=@source(40) [address=topic://test, durable=0, timeout=0, dynamic=false], target=@target(41) [address=topic://test, durable=0, timeout=0, dynamic=false], initial-delivery-count=0] [0x1d45e00]:0 - @flow(19) [incoming-window=2147483647, next-outgoing-id=0, outgoing-window=0, handle=0, delivery-count=0, link-credit=1024, drain=false] [0x1d45e00]:0 - @close(24) [error=@error(29) [condition=:amqp:connection:framing-error, description=SSL Failure: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed]] [0x1d45e00]: - EOS [0x1d45e00]: - EOS Any thoughts as to what may be causing it? -- View this message in context: http://qpid.2158936.n2.nabble.com/Proton-c-SSL-Connection-tp7627249p7627367.html Sent from the Apache Qpid Proton mailing list archive at Nabble.com.
AW: Proton-c SSL Connection
It seems like your client is not able to verify the server certificate against your trust store. I had this kind of problems using proton-j the last days, but this had to do with client authentication with a certificate. You could try to use openssl to check that, e.g. openssl verify -CAfile file containing the certificates of your trust store server certificate. See https://www.openssl.org/docs/apps/verify.html for more details. Mit freundlichen Grüßen / With kind regards, Julien Charon Avitech GmbH Engineering AxL Tel.: +49 (0)7541/282-177 Fax: +49 (0)7541/282-199 e-mail: julien.cha...@avitech.aero Avitech GmbH Principal Office: Bahnhofplatz 1 | 88045 Friedrichshafen | Germany Court Registration: Amtsgericht Ulm | HRB 728293 Geschäftsführer/Managing Director: Antonio Maria Gonzalez Gorostiza http://avitech.aero This message may contain confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. -Ursprüngliche Nachricht- Von: logty [mailto:loganba...@gmail.com] Gesendet: Montag, 29. Juni 2015 20:49 An: proton@qpid.apache.org Betreff: Re: Proton-c SSL Connection I figured out some of the issue, and I believe that it had to do with the client not finding the proper trust store. I am now getting the following with PN_TRACE_FRM=1: [0x1d45e00]: - AMQP [0x1d45e00]:0 - @open(16) [container-id=dc8f96e5-4f0f-4944-8793-acec19793c40, hostname=127.0.0.1] [0x1d45e00]:0 - @begin(17) [next-outgoing-id=0, incoming-window=2147483647, outgoing-window=0] [0x1d45e00]:0 - @attach(18) [name=topic://test, handle=0, role=true, snd-settle-mode=2, rcv-settle-mode=0, source=@source(40) [address=topic://test, durable=0, timeout=0, dynamic=false], target=@target(41) [address=topic://test, durable=0, timeout=0, dynamic=false], initial-delivery-count=0] [0x1d45e00]:0 - @flow(19) [incoming-window=2147483647, next-outgoing-id=0, outgoing-window=0, handle=0, delivery-count=0, link-credit=1024, drain=false] [0x1d45e00]:0 - @close(24) [error=@error(29) [condition=:amqp:connection:framing-error, description=SSL Failure: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed]] [0x1d45e00]: - EOS [0x1d45e00]: - EOS Any thoughts as to what may be causing it? -- View this message in context: http://qpid.2158936.n2.nabble.com/Proton-c-SSL-Connection-tp7627249p7627367.html Sent from the Apache Qpid Proton mailing list archive at Nabble.com.
Re: Proton-c SSL Connection
The url I am using is: amqps://127.0.0.1:5671/topic://test I have been using amqps as the scheme, and server side it is set up as ssl, and I am connecting over 5671. -- View this message in context: http://qpid.2158936.n2.nabble.com/Proton-c-SSL-Connection-tp7627249p7627276.html Sent from the Apache Qpid Proton mailing list archive at Nabble.com.
Re: Proton-c SSL Connection
On 06/24/2015 09:52 PM, logty wrote: Hi all, I have been trying to establish an SSL connection with proton-c on an apache apollo server but have not been having any luck yet. I have tried setting up certificates and key/trust stores with keytool, and linking to them with pn_messenger_set_private_key and pn_messenger_set_certificate. I have also tried correctly setting up the server. None of this is working at the moment, any thoughts/tutorials anyone can direct me to? What url are you giving to messenger? Are you using 'amqps' as the scheme? Are you connecting over 5671? This is what I am getting with PN_TRACE_FRM=1: [0x1d2de30]: - AMQP [0x1d2de30]:0 - @open(16) [container-id=16bddb71-593c-4493-b773-554875740222, hostname=127.0.0.1] [0x1d2de30]:0 - @begin(17) [next-outgoing-id=0, incoming-window=2147483647, outgoing-window=0] [0x1d2de30]:0 - @attach(18) [name=, handle=0, role=true, snd-settle-mode=2, rcv-settle-mode=0, source=@source(40) [durable=0, timeout=0, dynamic=false], target=@target(41) [durable=0, timeout=0, dynamic=false], initial-delivery-count=0] [0x1d2de30]:0 - @flow(19) [incoming-window=2147483647, next-outgoing-id=0, outgoing-window=0, handle=0, delivery-count=0, link-credit=1024, drain=false] [0x1d2de30]:0 - @close(24) [error=@error(29) [condition=:amqp:connection:framing-error, description=AMQP header mismatch: Unknown protocol ['\x15\x03\x01\x00\x02\x02P']]] MY first guess based on this error is that one or other peer is not actually using SSL, so either the header is not being decoded or was not encoded to begin with. [0x1d2de30]: - EOS
Proton-c SSL Connection
Hi all, I have been trying to establish an SSL connection with proton-c on an apache apollo server but have not been having any luck yet. I have tried setting up certificates and key/trust stores with keytool, and linking to them with pn_messenger_set_private_key and pn_messenger_set_certificate. I have also tried correctly setting up the server. None of this is working at the moment, any thoughts/tutorials anyone can direct me to? This is what I am getting with PN_TRACE_FRM=1: [0x1d2de30]: - AMQP [0x1d2de30]:0 - @open(16) [container-id=16bddb71-593c-4493-b773-554875740222, hostname=127.0.0.1] [0x1d2de30]:0 - @begin(17) [next-outgoing-id=0, incoming-window=2147483647, outgoing-window=0] [0x1d2de30]:0 - @attach(18) [name=, handle=0, role=true, snd-settle-mode=2, rcv-settle-mode=0, source=@source(40) [durable=0, timeout=0, dynamic=false], target=@target(41) [durable=0, timeout=0, dynamic=false], initial-delivery-count=0] [0x1d2de30]:0 - @flow(19) [incoming-window=2147483647, next-outgoing-id=0, outgoing-window=0, handle=0, delivery-count=0, link-credit=1024, drain=false] [0x1d2de30]:0 - @close(24) [error=@error(29) [condition=:amqp:connection:framing-error, description=AMQP header mismatch: Unknown protocol ['\x15\x03\x01\x00\x02\x02P']]] [0x1d2de30]: - EOS -- View this message in context: http://qpid.2158936.n2.nabble.com/Proton-c-SSL-Connection-tp7627249.html Sent from the Apache Qpid Proton mailing list archive at Nabble.com.