On 09/14/2012 09:57 PM, ParkiratBagga wrote:
Hi Gordon,
I followed this script, and I was able to make the qpid route connection to
operational in intra qpid host.
http://svn.apache.org/viewvc/qpid/trunk/qpid/cpp/src/tests/sasl_fed_ex?view=markup
But, I noticed one thing, the TestHost which is the name of the certificate
in this script is 127.0.0.1, which means intra-broker this scripts works
fine.
As soon as you make that TestHost to your "machine hostname", the problem
which I was concerned comes again, that the connection status does *not
become operational* from *connecting*, which means the *qpid-route ssl does
not work properly inter-broker*.
I have tweaked the above script, for your ready use, where problem is
coming.
Place the below script in place of the original script in your broker
machine and first run the sasl_test_setup.sh script and then sasl_fed_ex
script.
http://qpid.2158936.n2.nabble.com/file/n7582189/sasl_fed_ex sasl_fed_ex
It seems there is problem while doing ssl with hostname.
Yes, you are right! That appears to be a regression that wasn't picked
up in testing. Not only does the test use an IP address, but it doesn't
actually verify the link becomes operation (or message flow as expected).
From a quick scan it looks like
http://svn.apache.org/viewvc?view=revision&revision=1128067 might be the
point at which it broke.
I've raised a JIRA (https://issues.apache.org/jira/browse/QPID-4315) and
tried out a very simple patch (see attached). Are you able to apply that
and verify it works in your case? Thanks for your patience in tracking
down this bug!
Index: cpp/src/qpid/sys/ssl/SslSocket.cpp
===================================================================
--- cpp/src/qpid/sys/ssl/SslSocket.cpp (revision 1386517)
+++ cpp/src/qpid/sys/ssl/SslSocket.cpp (working copy)
@@ -112,6 +112,7 @@
std::stringstream namestream;
namestream << host << ":" << port;
connectname = namestream.str();
+ peername = connectname;
void* arg;
// Use the connection's cert-name if it has one; else use global cert-name
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
