Doh. I'd modified qpidd 1.36 's #define SSL_STREAM_MAX_WAIT_ms 20000 in SslSocket.cpp
to give me time to enter the encrypted PEM key's password when asked. (normally I think this is 25ms or so), and forgotten to do the same for 1.35. SSL timing out causes qpidd to fall back to plain text. With that change all is well. I don't see a way to pass a filename /containing/ the key's password to qpid-config and qpid-stat - do I read that right? Should I submit a patch for this? Thanks, Jeff ________________________________________ From: Jeff Donner [[email protected]] Sent: Thursday, January 05, 2017 12:32 PM To: [email protected] Subject: RE: One SSL + SASL EXTERNAL queue creation works with qpidd 1.36.0 but not 1.35.0 Yeah I noticed that 1.35 was doing plaintext. I'll look into why it does that and why it's going to 1.0, as you point out. Thanks! Jeff ________________________________________ From: Gordon Sim [[email protected]] Sent: Thursday, January 05, 2017 12:17 PM To: [email protected] Subject: Re: One SSL + SASL EXTERNAL queue creation works with qpidd 1.36.0 but not 1.35.0 On 04/01/17 23:08, Jeff Donner wrote: > # The queue creation is run at this point (reminder) > qpid-config --broker amqps://dev-qpidclient@localhost:5672 \ > --ssl-certificate=pki/client/certs/client-cert.pem \ > --ssl-key=pki/client/private/client-keys.pem \ > --sasl-mechanism=EXTERNAL \ > add queue examples > > > 2017-01-04 13:24:55 [Network] trace > /builddir/build/BUILD/qpid-cpp-1.35.0/src/qpid/sys/ssl/SslSocket.cpp:340:qpid::sys::ssl::SslMuxSocket::accept: > Accepting connection with optional SSL wrapper. > 2017-01-04 13:24:55 [Network] trace > /builddir/build/BUILD/qpid-cpp-1.35.0/src/qpid/sys/ssl/SslSocket.cpp:345:qpid::sys::ssl::SslMuxSocket::accept: > Accepted Plaintext connection. > 2017-01-04 13:24:55 [Network] debug > /builddir/build/BUILD/qpid-cpp-1.35.0/src/qpid/sys/SocketTransport.cpp:51:qpid::sys::{anonymous}::establishedCommon: > Set TCP_NODELAY on connection to [::1]:51976 > 2017-01-04 13:24:57 [System] debug > /builddir/build/BUILD/qpid-cpp-1.35.0/src/qpid/sys/AsynchIOHandler.cpp:150:qpid::sys::AsynchIOHandler::readbuff: > RECV [qpid.[::1]:5672-[::1]:51976]: INIT(1-0) > 2017-01-04 13:24:57 [System] debug > /builddir/build/BUILD/qpid-cpp-1.35.0/src/qpid/Exception.cpp:43:qpid::Exception::Exception: > Exception constructed: SASL layer required! > 2017-01-04 13:24:57 [System] error > /builddir/build/BUILD/qpid-cpp-1.35.0/src/qpid/sys/AsynchIOHandler.cpp:164:qpid::sys::AsynchIOHandler::readbuff: > SASL layer required! Another odd thing..., the protocol header in the trace is for 1.0 (not 0-10 like in the 1.36 trace) and indeed I believe the error thrown would only be thrown on the 1.0 codepath. I don't think this trace can correspond to the qpid-config connection, since the client that tool is based on speaks 0-10 only. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
