Hello,
We have launched our test suite on the dispatch router 0.7.0 and noticed that
connections on a Listener configured with SASL External was not working anymore.
With the below configuration and script, we have this exception ('SSL Failure:
Unknown error.') which keeps occurring.
If I remove any of the commands except the one failing, the last one fails. It
seems we need to query the Dispatch router once and create 2 entities on it for
the 4th operation to fail. If I replace the "create" commands by "delete"
operation it doesn't seem to fail.
PS: All certificates used here are taken from the qpid-dispatch repository here
https://github.com/apache/qpid-dispatch/tree/0.7.0/tests/ssl_certs
Exception client-side
---------------------------
ConnectionException: Connection amqps://green-lx-slave1:10498/$management
disconnected: Condition('amqp:connection:framing-error', 'SSL Failure: Unknown
error.')
Router config
-------------------------
container {
worker-threads: 4
containerName: qpid.dispatch.router.10501
}
sslProfile {
keyFile: server-private-key.pem
password: server-password
certFile: server-certificate.pem
name: ssl-test-profile
certDb: ca-certificate.pem
}
listener {
host: 0.0.0.0
port: 10498
saslMechanisms: EXTERNAL
sslProfile: ssl-test-profile
authenticatePeer: yes
requireSsl: yes
}
router {
mode: interior
routerId: router.10501
}
log {
module: DEFAULT
enable: trace+
source: false
output: dispatch.10501.log
}
Commands to launch in the below order
--------------------------------------------------------
* Restart Dispatch Router
* Restart Broker
* qdstat -g -b amqp://localhost:10501
* qdmanage --ssl-trustfile=ca-certificate.pem
--ssl-certificate=client-certificate.pem --ssl-key=client-private-key.pem
--ssl-password=client-password --ssl-disable-peer-name-verify -b
amqps://localhost:10498 create --type=address prefix=cluster.SSLMutualQueue
waypoint=true name=cluster.SSLMutualQueue.addr
* qdmanage --ssl-trustfile=ca-certificate.pem
--ssl-certificate=client-certificate.pem --ssl-key=client-private-key.pem
--ssl-password=client-password --ssl-disable-peer-name-verify -b
amqps://localhost:10498 create --type=connector role=route-container
addr=localhost port=10305 name=localhost.10305.connector
sslProfile=ssl-test-profile verifyHostName=no
* (Failing command) qdmanage --ssl-trustfile=ca-certificate.pem
--ssl-certificate=client-certificate.pem --ssl-key=client-private-key.pem
--ssl-password=client-password --ssl-disable-peer-name-verify -b
amqps://localhost:10498 delete --type=autoLink --name
localhost.10305.cluster.SSLMutualQueue.in
Dispatch Router log
---------------------------
See attached file
Regards,
Adel
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
