Hi Adel, Why is your router mode set to 'interior'? Do you have more than one router involved? If not, the mode should be set to 'standalone'. Thanks.
----- Original Message ----- > From: "Adel Boutros" <[email protected]> > To: [email protected] > Sent: Wednesday, February 1, 2017 6:55:35 AM > Subject: Re: [Dispatch router 0.7.0] [Proton 0.16.0] SSL commands failing on > the Dispatch Router on Linux > > Correction to the original mail: > If I remove any of the commands, the last command no longer fail. > > ________________________________ > From: Adel Boutros <[email protected]> > Sent: Wednesday, February 1, 2017 12:35:35 PM > To: [email protected] > Subject: Re: [Dispatch router 0.7.0] [Proton 0.16.0] SSL commands failing on > the Dispatch Router on Linux > > > Re-attaching the dispatch router log. > > ________________________________ > From: Adel Boutros <[email protected]> > Sent: Wednesday, February 1, 2017 12:10:45 PM > To: [email protected] > Subject: [Dispatch router 0.7.0] [Proton 0.16.0] SSL commands failing on the > Dispatch Router on Linux > > > Hello, > > > We have launched our test suite on the dispatch router 0.7.0 and noticed that > connections on a Listener configured with SASL External was not working > anymore. > > > With the below configuration and script, we have this exception ('SSL > Failure: Unknown error.') which keeps occurring. > > If I remove any of the commands except the one failing, the last one fails. > It seems we need to query the Dispatch router once and create 2 entities on > it for the 4th operation to fail. If I replace the "create" commands by > "delete" operation it doesn't seem to fail. > > > PS: All certificates used here are taken from the qpid-dispatch repository > here https://github.com/apache/qpid-dispatch/tree/0.7.0/tests/ssl_certs > > > > Exception client-side > > --------------------------- > > ConnectionException: Connection amqps://green-lx-slave1:10498/$management > disconnected: Condition('amqp:connection:framing-error', 'SSL Failure: > Unknown error.') > > > Router config > > ------------------------- > > container { > worker-threads: 4 > containerName: qpid.dispatch.router.10501 > } > > sslProfile { > keyFile: server-private-key.pem > password: server-password > certFile: server-certificate.pem > name: ssl-test-profile > certDb: ca-certificate.pem > } > > listener { > host: 0.0.0.0 > port: 10498 > saslMechanisms: EXTERNAL > sslProfile: ssl-test-profile > authenticatePeer: yes > requireSsl: yes > } > > router { > mode: interior > routerId: router.10501 > } > > log { > module: DEFAULT > enable: trace+ > source: false > output: dispatch.10501.log > } > > > Commands to launch in the below order > > -------------------------------------------------------- > > * Restart Dispatch Router > > > * Restart Broker > > > * qdstat -g -b amqp://localhost:10501 > > * qdmanage --ssl-trustfile=ca-certificate.pem > --ssl-certificate=client-certificate.pem --ssl-key=client-private-key.pem > --ssl-password=client-password --ssl-disable-peer-name-verify -b > amqps://localhost:10498 create --type=address prefix=cluster.SSLMutualQueue > waypoint=true name=cluster.SSLMutualQueue.addr > > * qdmanage --ssl-trustfile=ca-certificate.pem > --ssl-certificate=client-certificate.pem --ssl-key=client-private-key.pem > --ssl-password=client-password --ssl-disable-peer-name-verify -b > amqps://localhost:10498 create --type=connector role=route-container > addr=localhost port=10305 name=localhost.10305.connector > sslProfile=ssl-test-profile verifyHostName=no > > * (Failing command) qdmanage --ssl-trustfile=ca-certificate.pem > --ssl-certificate=client-certificate.pem --ssl-key=client-private-key.pem > --ssl-password=client-password --ssl-disable-peer-name-verify -b > amqps://localhost:10498 delete --type=autoLink --name > localhost.10305.cluster.SSLMutualQueue.in > > Dispatch Router log > --------------------------- > See attached file > > Regards, > Adel > > --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
