Hi Steve, Yes, I know. There are still some unresolved issues as mentioned in the first email and I also need to check how does it work against the trunk - this version is prepared against 0.14 release. The patch here is mainly for the people who want to give it a try ... once I have that, I will create an JIRA and attached with the licence granted.
Regards Jakub On Wed, Mar 7, 2012 at 18:13, Steve Huston <[email protected]> wrote: > Ok, Jakub, but we still need to have the patch(es) attached to a jira and > make sure you check the box granting rights to ASF, or we can't use it. > > I just checked and did not see an existing jira for this issue (though it > has been discussed on the mailing list recently), so please go ahead and > open a new jira, and attach your patches to that. > > Thanks! > -Steve > >> -----Original Message----- >> From: Jakub Scholz [mailto:[email protected]] >> Sent: Wednesday, March 07, 2012 4:22 AM >> To: [email protected] >> Subject: Re: SSL Client Authentication support for C++ on Windows >> >> BTW: The attachment was probably discarded by the mailing list server, > so I >> uploaded it to http://pastebin.com/gb1RnUYk ... the URL will hopefully >> survive :-) >> >> On Wed, Mar 7, 2012 at 00:47, Jakub Scholz <[email protected]> wrote: >> > Hi, >> > >> > I played a bit with the support for SSL client authentication in the >> > C++ API for Windows. It seems that I got it working, at least against >> > our Red Hat MRG 2.0 (Qpid 0.10) brokers ... I did following changes: >> > 1) Added a support for SASL EXTERNAL mechanism >> > 2) Added new connection option ssl-cert-store which allows to select >> > the certificate store which should be used to search for the >> > certificate. If not specified, the default "Personal" store is used. >> > 3) Changed the SSL Connector to try to load the private key if >> > EXTERNAL mechanism has been selected >> > 4) The username for the SASL EXTERNAL mechanism is used from the >> > "username" connection option. The username is also used to find the >> > right certificate, since the username has to be in the subject of the >> > certificate. I was considering adding new option for this, but this >> > approach seemed to be the best. >> > >> > Currently, I'm aware of few limitations: >> > 1) when the SSL client authentication is enabled on the broker, the >> > client can connect only with EXTERNAL, not with PLAIN. But this >> > problem was there already before my changes ... I have some idea where >> > the problem is, but I'm not sure whether I will manage to fix it ... >> > 2) When there are multiple certificates with a matching subject, the >> > first one is always used. I didn't found any better method for >> > selecting the certificate ... >> > >> > Also, the current version is developed against 0.14 source codes, >> > because I had some problems getting the trunk to compile&work ... I >> > have to look at it ... >> > >> > The patch is attached. If someone wants to try it right now, feel free >> > to do so. Also if anyone has some comments, please share them. >> > Otherwise, I will try to reconcile the patch to trunk and will attach >> > the patch to some JIRA Issue ... either existing one or a new one - >> > I'm not sure whether there already is some open JIRA covering it. >> > >> > Regards >> > JAkub >> > >> > PS: I didn't looked into the .NET API yet. Does someone know whether >> > the .NET API needs to be somehow modified or are the modifications in >> > the C++ APIs automatically used by the .NET? >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: [email protected] For additional >> commands, e-mail: [email protected] > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
