On Mon, 2015-03-02 at 18:41 +0000, Gordon Sim wrote: > On 03/02/2015 06:06 PM, Jakub Scholz wrote: > > That's not a problem. My concern here were not really any future changes > > introduced into these components with this change. The point is, that > > whatever client is written based on Proton 0.9 later this year, it should > > work with the Qpid C++ broker from today. And whatever broker is written > > based on Proton 0.9 should work with the qpid::messaging API from today. > > Sorry, I was skimming the thread and latched on to Andrew's response > without properly digesting your initial post. > > I agree with your point and indeed you are correct that at present the > Qpid c++ broker requires a SASL layer with EXTERNAL in order to > authenticate a client by the SSL certificate it supplies. > > In fact the c++ broker doesn't use an AMQP 1.0 style layer for SSL at > all - i.e. it does not recognise the special AMQP 1.0 TLS header sent in > the clear prior to TLS handshaking as described in 5.2 of the AMQP spec. > The qpid::messaging c++ client doesn't send one either. Both use the > 'alternative establishment' as described by 5.2.1 (though for a > different reason than the one suggested there). So yet another point of > possible interoperability issues.
FYI: Currently Proton-C does not support the "AMQP 1.0" style SSL header either to send or receive (they are recognised for error message purposes currently) - this is a piece of work I have scheduled post the SASL integration. Andrew --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
