Ok, Jakub, but we still need to have the patch(es) attached to a jira and make sure you check the box granting rights to ASF, or we can't use it.
I just checked and did not see an existing jira for this issue (though it has been discussed on the mailing list recently), so please go ahead and open a new jira, and attach your patches to that. Thanks! -Steve > -----Original Message----- > From: Jakub Scholz [mailto:[email protected]] > Sent: Wednesday, March 07, 2012 4:22 AM > To: [email protected] > Subject: Re: SSL Client Authentication support for C++ on Windows > > BTW: The attachment was probably discarded by the mailing list server, so I > uploaded it to http://pastebin.com/gb1RnUYk ... the URL will hopefully > survive :-) > > On Wed, Mar 7, 2012 at 00:47, Jakub Scholz <[email protected]> wrote: > > Hi, > > > > I played a bit with the support for SSL client authentication in the > > C++ API for Windows. It seems that I got it working, at least against > > our Red Hat MRG 2.0 (Qpid 0.10) brokers ... I did following changes: > > 1) Added a support for SASL EXTERNAL mechanism > > 2) Added new connection option ssl-cert-store which allows to select > > the certificate store which should be used to search for the > > certificate. If not specified, the default "Personal" store is used. > > 3) Changed the SSL Connector to try to load the private key if > > EXTERNAL mechanism has been selected > > 4) The username for the SASL EXTERNAL mechanism is used from the > > "username" connection option. The username is also used to find the > > right certificate, since the username has to be in the subject of the > > certificate. I was considering adding new option for this, but this > > approach seemed to be the best. > > > > Currently, I'm aware of few limitations: > > 1) when the SSL client authentication is enabled on the broker, the > > client can connect only with EXTERNAL, not with PLAIN. But this > > problem was there already before my changes ... I have some idea where > > the problem is, but I'm not sure whether I will manage to fix it ... > > 2) When there are multiple certificates with a matching subject, the > > first one is always used. I didn't found any better method for > > selecting the certificate ... > > > > Also, the current version is developed against 0.14 source codes, > > because I had some problems getting the trunk to compile&work ... I > > have to look at it ... > > > > The patch is attached. If someone wants to try it right now, feel free > > to do so. Also if anyone has some comments, please share them. > > Otherwise, I will try to reconcile the patch to trunk and will attach > > the patch to some JIRA Issue ... either existing one or a new one - > > I'm not sure whether there already is some open JIRA covering it. > > > > Regards > > JAkub > > > > PS: I didn't looked into the .NET API yet. Does someone know whether > > the .NET API needs to be somehow modified or are the modifications in > > the C++ APIs automatically used by the .NET? > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] For additional > commands, e-mail: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
