Re: QPID C++ Client SSL Environment Variables

[Chris Whelan]

Hello again,

To provide some additional context, in an attempt to improve security
somewhat I wanted to set the QPID_SSL_CERT_PASSWORD_FILE environment
variable dynamically so the file does not remain in a known location with
the plain text password.  It would be great if there were another QPID
environment variable that could be populated with the actual password value
rather than a path so a file on the file system does not even need to be
created.  I understand that it can still be accessed by root and the owner
from another process, but it seems at least to be an incremental
improvement.

Regards,

Chris Whelan 



--
Sent from: http://qpid.2158936.n2.nabble.com/Apache-Qpid-users-f2158936.html

-
To unsubscribe, e-mail: users-unsubscr...@qpid.apache.org
For additional commands, e-mail: users-h...@qpid.apache.org

Re: QPID C++ Client SSL Environment Variables

[Chris Whelan]

Thank you Gordon for providing the location info.  I was able to correct my 
problem by using setenv rather than putenv.

P.S.  Apologies for my mail footer - sadly I cannot control it.  I will need to 
re-subscribe with another email address.


Please join Systems & Software at the
upcoming HCTC in Chicago, October 29 – November 2, 2018.
Register Now
–
Early Bird Registration ends August
22!
Chris Whelan
Manager, Research & Development
P: 802-865-1170x82309
F: 802-865-1171
E: cwhe...@harriscomputer.com
10 E
Allen Street
Suite 201
Winooski, VT 05404
www.ssivt.com
This message has been sent on behalf
of a company that is part of the Harris Operating Group of
Constellation Software Inc. These companies are listed
here
.
If you
prefer not to be contacted by Harris Operating Group
please notify
us
.
This message is intended exclusively for the
individual or entity to which it is addressed. This communication
may contain information that is proprietary, privileged or
confidential or otherwise legally exempt from disclosure. If you are
not the named addressee, you are not authorized to read, print,
retain, copy or disseminate this message or any part of it. If you
have received this message in error, please notify the sender
immediately by e-mail and delete all copies of the
message.


From: Gordon Sim 
Sent: Thursday, August 9, 2018 5:08 PM
To: users@qpid.apache.org
Subject: [EXTERNAL] Re: QPID C++ Client SSL Environment Variables

On 09/08/18 21:37, Chris Whelan wrote:
> Hello,
>
> I am facing a problem with programmatically setting the
> QPID_SSL_CERT_PASSWORD_FILE environment variable in my program.  It
> appears that although I have not directly referenced any QPID classes at
> the point where I set the environment variable via putenv, the QPID
> client code has already read the QPID_SSL_CERT_PASSWORD_FILE variable
> and as it does not reflect the updated value.  I did some research
> online and it appears that this issue was encountered and subsequently
> fixed a long time ago (refer to below links) and the fix seems to be
> included in the version .34 client I am using.
>
> http://qpid.2158936.n2.nabble.com/SSL-environment-variables-for-C-clients-td7608275.html
>
> https://issues.apache.org/jira/browse/QPID-5788  (lazy initialisation of
> NSS)
>
> I performed a search through the qpid C++ client source files and I
> cannot even find a reference to the QPID_SSL_CERT_PASSWORD_FILE
> literal.  Any advice on how to solve this issue or additional clarifying
> information that can be provided would be greatly appreciated.

The options are loaded in src/qpid/client/SslConnector.cpp, starting
line 130 or there abouts. Unfortuanetly there are no log statements
around there that we could just enable. Can you add a couple, to check
that the configuration is happening when you expect (should be on the
first connect I think), and verify the values loaded?

-
To unsubscribe, e-mail: users-unsubscr...@qpid.apache.org
For additional commands, e-mail: users-h...@qpid.apache.org


-
To unsubscribe, e-mail: users-unsubscr...@qpid.apache.org
For additional commands, e-mail: users-h...@qpid.apache.org

Re: QPID C++ Client SSL Environment Variables

[Gordon Sim]

On 09/08/18 21:37, Chris Whelan wrote:

Hello,

I am facing a problem with programmatically setting the 
QPID_SSL_CERT_PASSWORD_FILE environment variable in my program.  It 
appears that although I have not directly referenced any QPID classes at 
the point where I set the environment variable via putenv, the QPID 
client code has already read the QPID_SSL_CERT_PASSWORD_FILE variable 
and as it does not reflect the updated value.  I did some research 
online and it appears that this issue was encountered and subsequently 
fixed a long time ago (refer to below links) and the fix seems to be 
included in the version .34 client I am using.


http://qpid.2158936.n2.nabble.com/SSL-environment-variables-for-C-clients-td7608275.html

https://issues.apache.org/jira/browse/QPID-5788  (lazy initialisation of 
NSS)


I performed a search through the qpid C++ client source files and I 
cannot even find a reference to the QPID_SSL_CERT_PASSWORD_FILE 
literal.  Any advice on how to solve this issue or additional clarifying 
information that can be provided would be greatly appreciated.


The options are loaded in src/qpid/client/SslConnector.cpp, starting 
line 130 or there abouts. Unfortuanetly there are no log statements 
around there that we could just enable. Can you add a couple, to check 
that the configuration is happening when you expect (should be on the 
first connect I think), and verify the values loaded?


-
To unsubscribe, e-mail: users-unsubscr...@qpid.apache.org
For additional commands, e-mail: users-h...@qpid.apache.org