Hi Ted,
I gave the RC1 a try and it seems that I'm now unable to connect to the
qpidd broker using SASL EXTERNAL. From the broker log, it seems that
Dispatch doesn't know EXTERNAL mechanism anymore:
2015-09-01 10:44:22 [Network] info Set TCP_NODELAY on connection to
172.23.39.11:53072
2015-09-01 10:44:22 [Broker] info Using AMQP 1.0 (with SASL layer)
2015-09-01 10:44:22 [Security] debug External ssf=128 and
auth=ABCFR_ABCFRALMMACC1
2015-09-01 10:44:22 [Security] debug min_ssf: 0, max_ssf: 0, external_ssf:
128
2015-09-01 10:44:22 [Security] debug external auth detected and set to
ABCFR_ABCFRALMMACC1
2015-09-01 10:44:22 [Security] info SASL: Mechanism list: EXTERNAL
2015-09-01 10:44:22 [Security] trace Completed encoding of frame of 30 bytes
2015-09-01 10:44:22 [Protocol] debug
qpid.172.16.153.10:11313-172.23.39.11:53072 Sent SASL-MECHANISMS(EXTERNAL)
30
2015-09-01 10:44:22 [Protocol] debug
qpid.172.16.153.10:11313-172.23.39.11:53072 writing protocol header: 1-0
2015-09-01 10:44:22 [Security] trace
qpid.172.16.153.10:11313-172.23.39.11:53072 Sasl::encode(65536): 38
2015-09-01 10:44:27 [System] error Connection
qpid.172.16.153.10:11313-172.23.39.11:53072 No protocol received after 5s,
closing
2015-09-01 10:44:27 [Security] info
qpid.172.16.153.10:11313-172.23.39.11:53072 Connection closed prior to
authentication completing
2015-09-01 10:44:27 [Security] info
qpid.172.16.153.10:11313-172.23.39.11:53072 Connection closed prior to
authentication completing
It looks like Dipatch never responds to the broker after it receives the
SASL-MECHANISMS. The Dispatch log doesn't seem to contain anything useful:
Tue Sep 1 08:47:32 2015 CONN_MGR (info) Starting on-demand connector: FIXML
Tue Sep 1 08:47:32 2015 SERVER (trace) Connecting to cbgd03:11313
Tue Sep 1 08:47:32 2015 SERVER (trace) Connection to cbgd03:11313 failed
I have following connector configuration which is the same as in 0.4, but
there don't seem to be any changes in this part of configuration in 0.5:
connector {
name: FIXML
role: on-demand
addr: cbgd03
port: 11313
certDb: /vagrant/fixml/cbgd03.crt
certFile: /vagrant/fixml/ABCFR_ABCFRALMMACC1.crt
keyFile: /vagrant/fixml/ABCFR_ABCFRALMMACC1.pem
sasl-mechanisms: EXTERNAL
}
Is that some "known" change or some unwanted side effect to the Proton 0.10
update?
Thanks & Regards
Jakub
On Fri, Aug 28, 2015 at 3:50 PM, Ted Ross <[email protected]> wrote:
> I've created a release candidate for Dispatch Router 0.5. The primary
> reason for this release is to conform to the incompatible changes in the
> Proton API. The tarball can be found here:
>
> http://people.apache.org/~tross/qpid-dispatch-0.5rc1
>
> The following improvements and bug fixes are included in this release:
>
> Improvements:
>
> DISPATCH-98 Refactor the handling of Message Annotations
> DISPATCH-99 Allow override of the forwarding logic on a per-address
> basis.
> DISPATCH-101 Create a field iterator that is specific to handling
> address fields
> DISPATCH-110 Provide access to recent log messages via management agent.
> DISPATCH-121 Allow pool allocation to be switched for plain allocation
> at build time.
> DISPATCH-123 Separate target to build documentation.
> DISPATCH-136 qdstat -n doesn't show the local router in the list
> DISPATCH-142 Move proton event handling from container down to server
> DISPATCH-145 Add identifying information to the properties map of the
> Open performative
> DISPATCH-149 Properly handle different detach/close scenarios for links
> DISPATCH-152 Expose SASL-related data via management
> DISPATCH-153 Expose full set of security capabilities via configuration
>
> Bug Fixes:
>
> DISPATCH-131 Valgrind errors during the system tests are not reported
> DISPATCH-132 Time values overflow on 32 bit systems
> DISPATCH-133 Router Link use-after-free
> DISPATCH-134 Driver runs at 100% CPU intermittently
> DISPATCH-137 Dispatch Code should be updated to support newer SASL
> calls in qpid-proton
> DISPATCH-143 Link-routing - Various robustness problems
> DISPATCH-146 management query sends non string values
> DISPATCH-154 dispatch-router coredumps when connector address is
> unresolvable
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [email protected]
> For additional commands, e-mail: [email protected]
>
>
