Re: One SSL + SASL EXTERNAL queue creation works with qpidd 1.36.0 but not 1.35.0

Thu, 05 Jan 2017 06:05:19 -0800 

On 04/01/17 23:08, Jeff Donner wrote:

# The queue creation is run at this point (reminder)
qpid-config --broker amqps://dev-qpidclient@localhost:5672 \
            --ssl-certificate=pki/client/certs/client-cert.pem \
            --ssl-key=pki/client/private/client-keys.pem \
            --sasl-mechanism=EXTERNAL \
            add queue examples


2017-01-04 13:24:55 [Network] trace 
/builddir/build/BUILD/qpid-cpp-1.35.0/src/qpid/sys/ssl/SslSocket.cpp:340:qpid::sys::ssl::SslMuxSocket::accept:
 Accepting connection with optional SSL wrapper.
2017-01-04 13:24:55 [Network] trace 
/builddir/build/BUILD/qpid-cpp-1.35.0/src/qpid/sys/ssl/SslSocket.cpp:345:qpid::sys::ssl::SslMuxSocket::accept:
 Accepted Plaintext connection.
The first thing that seems odd is that the log above suggests SSL is not actually used whereas the later 1.36 trace shows an SSL connection being accepted. The SslSocket.cpp code is identical between 1.35 and 1,36 however so not sure how the same client and command would result in different behaviours (I'm assuming both are running on the same machine, with the same nss cert dbs etc). 


2017-01-04 13:24:55 [Network] debug 
/builddir/build/BUILD/qpid-cpp-1.35.0/src/qpid/sys/SocketTransport.cpp:51:qpid::sys::{anonymous}::establishedCommon:
 Set TCP_NODELAY on connection to [::1]:51976
2017-01-04 13:24:57 [System] debug 
/builddir/build/BUILD/qpid-cpp-1.35.0/src/qpid/sys/AsynchIOHandler.cpp:150:qpid::sys::AsynchIOHandler::readbuff:
 RECV [qpid.[::1]:5672-[::1]:51976]: INIT(1-0)
2017-01-04 13:24:57 [System] debug 
/builddir/build/BUILD/qpid-cpp-1.35.0/src/qpid/Exception.cpp:43:qpid::Exception::Exception:
 Exception constructed: SASL layer required!
2017-01-04 13:24:57 [System] error 
/builddir/build/BUILD/qpid-cpp-1.35.0/src/qpid/sys/AsynchIOHandler.cpp:164:qpid::sys::AsynchIOHandler::readbuff:
 SASL layer required!
This error suggests that the broker did not get the AMQP-SASL protocol header frame that it expected. Again, not clear to me why that would be. 

Are both brokers built against the same version of proton?

[...]

I don't see any release notes or JIRA issues for 1.36.0 that point out problems 
or quirks in 1.35.0 for this - any ideas?

This is Fedora 23 Linux.


Have you tried with the rpms?


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to