On 10/22/2013 05:49 PM, Trevor Vaughan wrote:
All,
I've been trying to get the Ruby (cqpid) libraries to play well with the
Qpid server without much success.
I've tried setting the QPID_SSL_USE_EXPORT_POLICY and QPID_SSL_CERT_DB
environment variables but the SSL negotiation is not completing.
Testing with Openssl s_server and am getting the following error:
SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate:s3_pkt.c:1193:SSL
alert number 42
I'm not trying to use a client certificate, simply an SSL encrypted session
and I've verified that my NSS database has the appropriate CA entries.
The error remains whether or not I try to provide a client certificate per
the C++ environment variables.
Has anyone gotten this type of setup to work successfully?
Can you give a bit more detail on what your setup is? How did you start
the broker (and just to be sure, which broker are you using)? What do
the brokers and clients certificate dbs have in them (certutil -L -d
<db-name>)? Did you use the fully qualified domain name when connecting?
Did you specify port 5671?
I can certainly connect from the cqpid based ruby wrapper to the c++
broker (i.e. qpidd) over SSL using a cert for the server that is signed
by a test CA whose certificate is imported into the clients cert db,
with or without the export policy turned on.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
