Hi Adel,
Looking at your log, it looks like the SSL negotiation between the broker
and the router is failing.
qdmanage --ssl-trustfile=ca-certificate.pem
--ssl-certificate=client-certificate.pem --ssl-key=client-private-key.pem
--ssl-password=client-password --ssl-disable-peer-name-verify -b
amqps://localhost:10498 create --type=connector role=route-container
addr=localhost port=10305 name=localhost.10305.connector
sslProfile=ssl-test-profile verifyHostName=no
Looking at the above command, you are creating a connector with
sslProfile=ssl-test-profile which means that you want the router to initiate a
SSL exchange with the broker using the certificates specified in the
ssl-test-profile.
This SSL handshake between the router and the broker seems to be failing. If
the handshake was successful, we would see open frames exchanged between the
broker and the router.
Is the broker listening port setup correctly in order for a successful SSL
handshake?
Thanks.
----- Original Message -----
> From: "Adel Boutros" <[email protected]>
> To: [email protected]
> Sent: Wednesday, February 1, 2017 8:49:31 AM
> Subject: Re: [Dispatch router 0.7.0] [Proton 0.16.0] SSL commands failing on
> the Dispatch Router on Linux
>
> Hello Ganesh,
>
>
> Actually one of our tests will require the below dispatch router to talk to
> another dispatche router So the interior mode is intended.
>
>
> Regards,
>
> Adel
>
> ________________________________
> From: Adel Boutros <[email protected]>
> Sent: Wednesday, February 1, 2017 1:09:02 PM
> To: [email protected]
> Subject: Re: [Dispatch router 0.7.0] [Proton 0.16.0] SSL commands failing on
> the Dispatch Router on Linux
>
> Hello Ganesh,
>
> We are not in the stage of deploying multiple dispatch routers yet.
>
> However may I know why you think this is the cause of the below failure?
>
> Regards,
> Adel
>
> Get Outlook for Android<https://aka.ms/ghei36>
>
>
> From: Ganesh Murthy
> Sent: Wednesday, February 1, 13:06
> Subject: Re: [Dispatch router 0.7.0] [Proton 0.16.0] SSL commands failing on
> the Dispatch Router on Linux
> To: [email protected]
>
> Hi Adel, Why is your router mode set to 'interior'? Do you have more than one
> router involved? If not, the mode should be set to 'standalone'. Thanks.
> ----- Original Message ----- > From: "Adel Boutros" > To:
> [email protected] > Sent: Wednesday, February 1, 2017 6:55:35 AM >
> Subject: Re: [Dispatch router 0.7.0] [Proton 0.16.0] SSL commands failing on
> the Dispatch Router on Linux > > Correction to the original mail: > If I
> remove any of the commands, the last command no longer fail. > >
> ________________________________ > From: Adel Boutros > Sent: Wednesday,
> February 1, 2017 12:35:35 PM > To: [email protected] > Subject: Re:
> [Dispatch router 0.7.0] [Proton 0.16.0] SSL commands failing on > the
> Dispatch Router on Linux > > > Re-attaching the dispatch router log. > >
> ________________________________ > From: Adel Boutros > Sent: Wednesday,
> February 1, 2017 12:10:45 PM > To: [email protected] > Subject:
> [Dispatch router 0.7.0] [Proton 0.16.0] SSL commands failing on the >
> Dispatch Router on Linux > > > Hello, > > > We have launched our test suite
> on the dispatch router 0.7.0 and noticed that > connections on a Listener
> configured with SASL External was not working > anymore. > > > With the
> below configuration and script, we have this exception ('SSL > Failure:
> Unknown error.') which keeps occurring. > > If I remove any of the commands
> except the one failing, the last one fails. > It seems we need to query the
> Dispatch router once and create 2 entities on > it for the 4th operation to
> fail. If I replace the "create" commands by > "delete" operation it doesn't
> seem to fail. > > > PS: All certificates used here are taken from the
> qpid-dispatch repository > here
> https://github.com/apache/qpid-dispatch/tree/0.7.0/tests/ssl_certs > > > >
> Exception client-side > > --------------------------- > >
> ConnectionException: Connection amqps://green-lx-slave1:10498/$management >
> disconnected: Condition('amqp:connection:framing-error', 'SSL Failure: >
> Unknown error.') > > > Router config > > ------------------------- > >
> container { > worker-threads: 4 > containerName: qpid.dispatch.router.10501
> > } > > sslProfile { > keyFile: server-private-key.pem > password:
> server-password > certFile: server-certificate.pem > name: ssl-test-profile
> > certDb: ca-certificate.pem > } > > listener { > host: 0.0.0.0 > port:
> 10498 > saslMechanisms: EXTERNAL > sslProfile: ssl-test-profile >
> authenticatePeer: yes > requireSsl: yes > } > > router { > mode: interior >
> routerId: router.10501 > } > > log { > module: DEFAULT > enable: trace+ >
> source: false > output: dispatch.10501.log > } > > > Commands to launch in
> the below order > > --------------------------------------------------------
> > > * Restart Dispatch Router > > > * Restart Broker > > > * qdstat -g -b
> amqp://localhost:10501 > > * qdmanage --ssl-trustfile=ca-certificate.pem >
> --ssl-certificate=client-certificate.pem --ssl-key=client-private-key.pem >
> --ssl-password=client-password --ssl-disable-peer-name-verify -b >
> amqps://localhost:10498 create --type=address prefix=cluster.SSLMutualQueue
> > waypoint=true name=cluster.SSLMutualQueue.addr > > * qdmanage
> --ssl-trustfile=ca-certificate.pem >
> --ssl-certificate=client-certificate.pem --ssl-key=client-private-key.pem >
> --ssl-password=client-password --ssl-disable-peer-name-verify -b >
> amqps://localhost:10498 create --type=connector role=route-container >
> addr=localhost port=10305 name=localhost.10305.connector >
> sslProfile=ssl-test-profile verifyHostName=no > > * (Failing command)
> qdmanage --ssl-trustfile=ca-certificate.pem >
> --ssl-certificate=client-certificate.pem --ssl-key=client-private-key.pem >
> --ssl-password=client-password --ssl-disable-peer-name-verify -b >
> amqps://localhost:10498 delete --type=autoLink --name >
> localhost.10305.cluster.SSLMutualQueue.in > > Dispatch Router log >
> --------------------------- > See attached file > > Regards, > Adel > >
> --------------------------------------------------------------------- To
> unsubscribe, e-mail: [email protected] For additional
> commands, e-mail: [email protected]
>
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
