Found the bug. Creating JIRA...
pc ---- http://colby.id.au On Thu, Feb 9, 2012 at 2:51 PM, Paul Colby <[email protected]> wrote: > Hi guys, > > Did something change with the way we enable SSL for clients in 0.14? > > I'm trying 0.14 cpp clients to talk to 0.14 cpp brokers. > > My current setup works correctly (ie uses SSL) with 0.12 client / servers, > but not 0.14. > > I'm setting the client-side transport option to SSL. The, if I > intentionally don't set the NSS environment vars, then I (correctly) get > the Qpid error "SSL connector not enabled, you must set QPID_SSL_CERT_DB to > enable it.". If I set the env vars, then the error goes away, but the > connection just hangs for about 5 minutes trying to connect to the broker. > After the 5 minutes or so, the client stops with "Traffic timeout", and > the broker reports a read failed error. > > If I stop the broker, and run netcat to listen on port 5671, I can see the > client begins with "AMQP" - in the clear, ie NOT an SSL handshake. Whereas > the exact same code compiled against the 0.12 client libs begins with > non-printable SSL handshake data. So it looks to me like the client is not > performing an SSL handshake (and presumably the broker is waiting for one, > since this is the broker's SSL-only port). > > Could this be a change as a result of > https://issues.apache.org/jira/browse/QPID-3514 ? Or do we need to do > something different / extra to enable client-side SSL in 0.14? > > PS Non-SSL connections (via 5672) are working fine. > > Thanks! > > pc > ---- > http://colby.id.au >
