Hello -
We are leveraging proton-j via the reactor framework and noticed a discrepancy
between proton-c and proton-j. With proton-c, we are able to establish 2-way
authentication via SSL but with proton-j that is unsuccessful. We opened a
JIRA on this yesterday but figured we'd ping the lists as well.
Below is the output from our test connecting to the dispatch router configured
for 2-way SSL auth.
1.
2. Client Error Message: from the log file
* AMQP framing error
* EventImpl{type=TRANSPORT_ERROR, context=TransportImpl
[_connectionEndpoint=org.apache.qpid.proton.engine.impl.ConnectionImpl@6ef351a0,
org.apache.qpid.proton.engine.impl.TransportImpl@44c213d9]}
3. Server Error Message: from the log file
*
=64, totalFreeToHeap=0, transferBatchSize=64,
type=org.apache.qpid.dispatch.allocator, typeName=qd_timer_t, typeSize=56)
Wed Mar 30 12:00:47 2016 AGENT (info) Activating management agent on $management
Wed Mar 30 12:00:47 2016 ROUTER (info) In-Process Address Registered:
$management
Wed Mar 30 12:00:47 2016 ROUTER (info) In-Process Address Registered:
$management
Wed Mar 30 12:00:47 2016 AGENT (debug) Add entity:
FixedAddressEntity(bias=closest, fanout=single, identity=fixedAddress/0,
name=fixedAddress/0, prefix=/, type=org.apache.qpid.dispatch.fixedAddress)
Wed Mar 30 12:00:47 2016 ROUTER (info) Configured Address: prefix=/ phase=0
fanout=QD_SCHEMA_FIXEDADDRESS_FANOUT_SINGLE
bias=QD_SCHEMA_FIXEDADDRESS_BIAS_CLOSEST
Wed Mar 30 12:00:47 2016 AGENT (debug) Add entity: ListenerEntity(addr=0.0.0.0,
authenticatePeer=True, certDb=/home/vsharda/protected/pprootca_cert.pem,
certFile=/home/vsharda/protected/generic_cert.pem,
identity=listener/0.0.0.0:20009, idleTimeoutSeconds=16,
keyFile=/home/vsharda/protected/generic_key.pem, maxFrameSize=65536,
name=listener/0.0.0.0:20009, password=pn2.GmdXmkKv.X7fPq.oYDFj8Cs, port=20009,
requireEncryption=True, requireSsl=True, role=normal, saslMechanisms=EXTERNAL,
stripAnnotations=both, type=org.apache.qpid.dispatch.listener)
Wed Mar 30 12:00:47 2016 CONN_MGR (info) Configured Listener: 0.0.0.0:20009
proto=any role=normal
Wed Mar 30 12:00:47 2016 SERVER (trace) Listening on 0.0.0.0:20009
Wed Mar 30 12:00:47 2016 AGENT (debug) Add entity:
ConsoleEntity(identity=console/0, name=console/0,
type=org.apache.qpid.dispatch.console, wsport=5673)
Wed Mar 30 12:00:47 2016 SERVER (info) Operational, 4 Threads Running
Wed Mar 30 12:01:06 2016 SERVER (debug) Accepting incoming connection from
10.225.90.106:51196 to 0.0.0.0:20009
Wed Mar 30 12:01:06 2016 SERVER (trace) Configuring SSL on incoming connection
from 10.225.90.106:51196 to 0.0.0.0:20009
Wed Mar 30 12:01:06 2016 SERVER (trace) [1]:Server SSL socket created.
Wed Mar 30 12:01:06 2016 SERVER (trace) [1]:SSL/TLS connection detected
Wed Mar 30 12:01:06 2016 SERVER (trace) [1]:process_input_ssl( data size=162 )
Wed Mar 30 12:01:06 2016 SERVER (trace) [1]:Wrote 162 bytes to BIO Layer, 0
left over
Wed Mar 30 12:01:06 2016 SERVER (trace) [1]:Detected read-blocked
Wed Mar 30 12:01:06 2016 SERVER (trace) [1]:process_input_ssl() returning 162
Wed Mar 30 12:01:06 2016 SERVER (trace) [1]:Read 3651 bytes from BIO Layer
Wed Mar 30 12:01:06 2016 SERVER (trace) [1]:process_output_ssl() returning 3651
Wed Mar 30 12:01:06 2016 SERVER (trace) [1]:process_output_ssl() returning 0
Wed Mar 30 12:01:06 2016 SERVER (trace) [1]:process_output_ssl() returning 0
Wed Mar 30 12:01:06 2016 SERVER (trace) [1]:process_output_ssl() returning 0
Wed Mar 30 12:01:06 2016 SERVER (trace) [1]:process_output_ssl() returning 0
Wed Mar 30 12:01:06 2016 SERVER (trace) [1]:process_input_ssl( data size=205 )
Wed Mar 30 12:01:06 2016 SERVER (trace) [1]:Wrote 205 bytes to BIO Layer, 0
left over
Wed Mar 30 12:01:06 2016 SERVER (trace) [1]:ERROR amqp:connection:framing-error
SSL Failure: error:140890C7:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:peer did
not return a certificate
Wed Mar 30 12:01:06 2016 SERVER (trace) [1]: <- EOS
Wed Mar 30 12:01:06 2016 SERVER (trace) [1]: -> EOS
Wed Mar 30 12:01:06 2016 SERVER (trace) [1]:SSL socket freed.
Thanks,
Jack
