So, after a vacation and few days spent with getting the trunk to work on my Windows XP machine (see JIRA QPID-3759 for more details) I finally managed to prepare the patch for trunk (well, it is pretty much the same as for 0.14). I also created the JIRA issue QPID-3914 where I attached the patch ... I hope it gets committed sooner then my Python patch for the same feature :-o
Regards Jakub On Wed, Mar 7, 2012 at 20:19, Steve Huston <[email protected]> wrote: > Ah, ok - thank you very much, Jakub! > >> -----Original Message----- >> From: Jakub Scholz [mailto:[email protected]] >> Sent: Wednesday, March 07, 2012 1:38 PM >> To: [email protected] >> Subject: Re: SSL Client Authentication support for C++ on Windows >> >> Hi Steve, >> >> Yes, I know. There are still some unresolved issues as mentioned in the > first >> email and I also need to check how does it work against the trunk - this >> version is prepared against 0.14 release. The patch here is mainly for > the >> people who want to give it a try ... once I have that, I will create an > JIRA and >> attached with the licence granted. >> >> Regards >> Jakub >> >> On Wed, Mar 7, 2012 at 18:13, Steve Huston <[email protected]> wrote: >> > Ok, Jakub, but we still need to have the patch(es) attached to a jira >> > and make sure you check the box granting rights to ASF, or we can't > use it. >> > >> > I just checked and did not see an existing jira for this issue (though >> > it has been discussed on the mailing list recently), so please go >> > ahead and open a new jira, and attach your patches to that. >> > >> > Thanks! >> > -Steve >> > >> >> -----Original Message----- >> >> From: Jakub Scholz [mailto:[email protected]] >> >> Sent: Wednesday, March 07, 2012 4:22 AM >> >> To: [email protected] >> >> Subject: Re: SSL Client Authentication support for C++ on Windows >> >> >> >> BTW: The attachment was probably discarded by the mailing list >> >> server, >> > so I >> >> uploaded it to http://pastebin.com/gb1RnUYk ... the URL will >> >> hopefully survive :-) >> >> >> >> On Wed, Mar 7, 2012 at 00:47, Jakub Scholz <[email protected]> wrote: >> >> > Hi, >> >> > >> >> > I played a bit with the support for SSL client authentication in >> >> > the >> >> > C++ API for Windows. It seems that I got it working, at least >> >> > C++ against >> >> > our Red Hat MRG 2.0 (Qpid 0.10) brokers ... I did following > changes: >> >> > 1) Added a support for SASL EXTERNAL mechanism >> >> > 2) Added new connection option ssl-cert-store which allows to >> >> > select the certificate store which should be used to search for the >> >> > certificate. If not specified, the default "Personal" store is > used. >> >> > 3) Changed the SSL Connector to try to load the private key if >> >> > EXTERNAL mechanism has been selected >> >> > 4) The username for the SASL EXTERNAL mechanism is used from the >> >> > "username" connection option. The username is also used to find the >> >> > right certificate, since the username has to be in the subject of >> >> > the certificate. I was considering adding new option for this, but >> >> > this approach seemed to be the best. >> >> > >> >> > Currently, I'm aware of few limitations: >> >> > 1) when the SSL client authentication is enabled on the broker, the >> >> > client can connect only with EXTERNAL, not with PLAIN. But this >> >> > problem was there already before my changes ... I have some idea >> >> > where the problem is, but I'm not sure whether I will manage to fix > it ... >> >> > 2) When there are multiple certificates with a matching subject, >> >> > the first one is always used. I didn't found any better method for >> >> > selecting the certificate ... >> >> > >> >> > Also, the current version is developed against 0.14 source codes, >> >> > because I had some problems getting the trunk to compile&work ... I >> >> > have to look at it ... >> >> > >> >> > The patch is attached. If someone wants to try it right now, feel >> >> > free to do so. Also if anyone has some comments, please share them. >> >> > Otherwise, I will try to reconcile the patch to trunk and will >> >> > attach the patch to some JIRA Issue ... either existing one or a >> >> > new one - I'm not sure whether there already is some open JIRA >> covering it. >> >> > >> >> > Regards >> >> > JAkub >> >> > >> >> > PS: I didn't looked into the .NET API yet. Does someone know >> >> > whether the .NET API needs to be somehow modified or are the >> >> > modifications in the C++ APIs automatically used by the .NET? >> >> >> >> --------------------------------------------------------------------- >> >> To unsubscribe, e-mail: [email protected] For >> >> additional commands, e-mail: [email protected] >> > >> > >> > --------------------------------------------------------------------- >> > To unsubscribe, e-mail: [email protected] For >> > additional commands, e-mail: [email protected] >> > >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: [email protected] For additional >> commands, e-mail: [email protected] > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
