On 03/02/2015 06:06 PM, Jakub Scholz wrote:
That's not a problem. My concern here were not really any future changes introduced into these components with this change. The point is, that whatever client is written based on Proton 0.9 later this year, it should work with the Qpid C++ broker from today. And whatever broker is written based on Proton 0.9 should work with the qpid::messaging API from today.
Sorry, I was skimming the thread and latched on to Andrew's response without properly digesting your initial post.
I agree with your point and indeed you are correct that at present the Qpid c++ broker requires a SASL layer with EXTERNAL in order to authenticate a client by the SSL certificate it supplies.
In fact the c++ broker doesn't use an AMQP 1.0 style layer for SSL at all - i.e. it does not recognise the special AMQP 1.0 TLS header sent in the clear prior to TLS handshaking as described in 5.2 of the AMQP spec. The qpid::messaging c++ client doesn't send one either. Both use the 'alternative establishment' as described by 5.2.1 (though for a different reason than the one suggested there). So yet another point of possible interoperability issues.
--------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
