You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@qpid.apache.org by ac...@apache.org on 2017/04/25 22:25:02 UTC
[4/6] qpid-dispatch git commit: DISPATCH-390: refactor - drop
ssl_profile reference counts
DISPATCH-390: refactor - drop ssl_profile reference counts
Copy SSL profile date at the time the connector or listener is configured, so
that it is safe to delete an SSL profile even if there are connectors/listeners
that used it.
Simplifying the lifecycle, getting rid of reference counts and removing the user
restrictions on removing SSL profiles seems to justify the small memory
duplication for the SSL profile data.
This means you cannot change an SSL profile and have the changes applied on the
next retry of a connector, but that seems like it would be an insane and
thread-unsafe thing to do anyway.
Project: http://git-wip-us.apache.org/repos/asf/qpid-dispatch/repo
Commit: http://git-wip-us.apache.org/repos/asf/qpid-dispatch/commit/336c5367
Tree: http://git-wip-us.apache.org/repos/asf/qpid-dispatch/tree/336c5367
Diff: http://git-wip-us.apache.org/repos/asf/qpid-dispatch/diff/336c5367
Branch: refs/heads/master
Commit: 336c5367146ebef1d723c01387a89cc0d74368fc
Parents: c2a1a32
Author: Alan Conway <ac...@redhat.com>
Authored: Thu Mar 23 13:05:03 2017 -0400
Committer: Alan Conway <ac...@redhat.com>
Committed: Tue Apr 25 18:13:59 2017 -0400
----------------------------------------------------------------------
.../qpid_dispatch_internal/management/agent.py | 7 +-
src/connection_manager.c | 99 +++++--------
tests/system_tests_qdmanage.py | 4 -
tests/system_tests_sasl_plain.py | 138 +++++--------------
4 files changed, 74 insertions(+), 174 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/qpid-dispatch/blob/336c5367/python/qpid_dispatch_internal/management/agent.py
----------------------------------------------------------------------
diff --git a/python/qpid_dispatch_internal/management/agent.py b/python/qpid_dispatch_internal/management/agent.py
index 71cc836..a52d934 100644
--- a/python/qpid_dispatch_internal/management/agent.py
+++ b/python/qpid_dispatch_internal/management/agent.py
@@ -352,12 +352,7 @@ class SslProfileEntity(EntityAdapter):
return self._qd.qd_dispatch_configure_ssl_profile(self._dispatch, self)
def _delete(self):
- deleted = self._qd.qd_connection_manager_delete_ssl_profile(self._dispatch, self._implementations[0].key)
- # SSL Profiles cannot be deleted if they are referenced by a connector/listener.
- if not deleted:
- raise ForbiddenStatus("SSL Profile is referenced by other listeners/connectors. Delete the associated "
- "listeners/connectors before deleting the SSL Profile")
-
+ self._qd.qd_connection_manager_delete_ssl_profile(self._dispatch, self._implementations[0].key)
def _identifier(self):
return self.name
http://git-wip-us.apache.org/repos/asf/qpid-dispatch/blob/336c5367/src/connection_manager.c
----------------------------------------------------------------------
diff --git a/src/connection_manager.c b/src/connection_manager.c
index 10e6fe4..a68d6e0 100644
--- a/src/connection_manager.c
+++ b/src/connection_manager.c
@@ -45,12 +45,10 @@ struct qd_config_ssl_profile_t {
char *ssl_display_name_file;
char *ssl_certificate_file;
char *ssl_private_key_file;
- sys_atomic_t ref_count;
};
struct qd_config_listener_t {
qd_listener_t *listener;
- qd_config_ssl_profile_t *ssl_profile;
qd_server_config_t configuration;
DEQ_LINKS(qd_config_listener_t);
};
@@ -63,7 +61,6 @@ struct qd_config_connector_t {
DEQ_LINKS(qd_config_connector_t);
qd_connector_t *connector;
qd_server_config_t configuration;
- qd_config_ssl_profile_t *ssl_profile;
};
DEQ_DECLARE(qd_config_connector_t, qd_config_connector_list_t);
@@ -74,7 +71,6 @@ struct qd_connection_manager_t {
qd_config_listener_list_t config_listeners;
qd_config_connector_list_t config_connectors;
qd_config_ssl_profile_list_t config_ssl_profiles;
- sys_mutex_t *ssl_profile_lock;
};
const char *qd_log_message_components[] =
@@ -128,6 +124,13 @@ static void qd_server_config_free(qd_server_config_t *cf)
if (cf->failover_list) qd_failover_list_free(cf->failover_list);
if (cf->log_message) free(cf->log_message);
+ if (cf->ssl_certificate_file) free(cf->ssl_certificate_file);
+ if (cf->ssl_private_key_file) free(cf->ssl_private_key_file);
+ if (cf->ssl_password) free(cf->ssl_password);
+ if (cf->ssl_trusted_certificate_db) free(cf->ssl_trusted_certificate_db);
+ if (cf->ssl_trusted_certificates) free(cf->ssl_trusted_certificates);
+ if (cf->ssl_uid_format) free(cf->ssl_uid_format);
+ if (cf->ssl_display_name_file) free(cf->ssl_display_name_file);
memset(cf, 0, sizeof(*cf));
}
@@ -284,7 +287,7 @@ static qd_log_bits populate_log_message(const qd_server_config_t *config)
}
-static qd_error_t load_server_config(qd_dispatch_t *qd, qd_server_config_t *config, qd_entity_t* entity, qd_config_ssl_profile_t **ssl_profile)
+static qd_error_t load_server_config(qd_dispatch_t *qd, qd_server_config_t *config, qd_entity_t* entity)
{
qd_error_clear();
@@ -378,17 +381,18 @@ static qd_error_t load_server_config(qd_dispatch_t *qd, qd_server_config_t *conf
config->ssl_require_peer_authentication = config->sasl_mechanisms &&
strstr(config->sasl_mechanisms, "EXTERNAL") != 0;
- *ssl_profile = qd_find_ssl_profile(qd->connection_manager, config->ssl_profile);
- if (*ssl_profile) {
- config->ssl_certificate_file = (*ssl_profile)->ssl_certificate_file;
- config->ssl_private_key_file = (*ssl_profile)->ssl_private_key_file;
- config->ssl_password = (*ssl_profile)->ssl_password;
- config->ssl_trusted_certificate_db = (*ssl_profile)->ssl_trusted_certificate_db;
- config->ssl_trusted_certificates = (*ssl_profile)->ssl_trusted_certificates;
- config->ssl_uid_format = (*ssl_profile)->ssl_uid_format;
- config->ssl_display_name_file = (*ssl_profile)->ssl_display_name_file;
+ qd_config_ssl_profile_t *ssl_profile =
+ qd_find_ssl_profile(qd->connection_manager, config->ssl_profile);
+ if (ssl_profile) {
+#define SSTRDUP(S) ((S) ? strdup(S) : NULL)
+ config->ssl_certificate_file = SSTRDUP(ssl_profile->ssl_certificate_file);
+ config->ssl_private_key_file = SSTRDUP(ssl_profile->ssl_private_key_file);
+ config->ssl_password = SSTRDUP(ssl_profile->ssl_password);
+ config->ssl_trusted_certificate_db = SSTRDUP(ssl_profile->ssl_trusted_certificate_db);
+ config->ssl_trusted_certificates = SSTRDUP(ssl_profile->ssl_trusted_certificates);
+ config->ssl_uid_format = SSTRDUP(ssl_profile->ssl_uid_format);
+ config->ssl_display_name_file = SSTRDUP(ssl_profile->ssl_display_name_file);
}
- sys_atomic_inc(&(*ssl_profile)->ref_count);
}
return QD_ERROR_NONE;
@@ -414,10 +418,6 @@ bool is_log_component_enabled(qd_log_bits log_message, char *component_name) {
static bool config_ssl_profile_free(qd_connection_manager_t *cm, qd_config_ssl_profile_t *ssl_profile)
{
- if (sys_atomic_get(&ssl_profile->ref_count) != 0) {
- return false;
- }
-
DEQ_REMOVE(cm->config_ssl_profiles, ssl_profile);
free(ssl_profile->name);
@@ -488,7 +488,6 @@ qd_config_ssl_profile_t *qd_dispatch_configure_ssl_profile(qd_dispatch_t *qd, qd
//
qd_config_ssl_profile_process_password(ssl_profile); CHECK();
- sys_atomic_init(&ssl_profile->ref_count, 0);
qd_log(cm->log_source, QD_LOG_INFO, "Created SSL Profile with name %s ", ssl_profile->name);
return ssl_profile;
@@ -498,6 +497,14 @@ qd_config_ssl_profile_t *qd_dispatch_configure_ssl_profile(qd_dispatch_t *qd, qd
return 0;
}
+static void log_config(qd_log_source_t *log, qd_server_config_t *c, const char *what) {
+ qd_log(log, QD_LOG_INFO, "Configured %s: %s proto=%s, role=%s%s%s%s",
+ what, c->host_port, c->protocol_family ? c->protocol_family : "any",
+ c->role,
+ c->http ? ", http" : "",
+ c->ssl_profile ? ", sslProfile=":"",
+ c->ssl_profile ? c->ssl_profile:"");
+}
static void config_listener_free(qd_connection_manager_t *cm, qd_config_listener_t *cl)
@@ -507,9 +514,7 @@ static void config_listener_free(qd_connection_manager_t *cm, qd_config_listener
qd_server_listener_free(cl->listener);
cl->listener = 0;
}
- if (cl->ssl_profile) {
- sys_atomic_dec(&cl->ssl_profile->ref_count);
- }
+ qd_server_config_free(&cl->configuration);
free(cl);
}
@@ -520,14 +525,12 @@ qd_config_listener_t *qd_dispatch_configure_listener(qd_dispatch_t *qd, qd_entit
qd_connection_manager_t *cm = qd->connection_manager;
qd_config_listener_t *cl = NEW(qd_config_listener_t);
cl->listener = 0;
- cl->ssl_profile = 0;
- qd_config_ssl_profile_t *ssl_profile = 0;
- if (load_server_config(qd, &cl->configuration, entity, &ssl_profile) != QD_ERROR_NONE) {
+
+ if (load_server_config(qd, &cl->configuration, entity) != QD_ERROR_NONE) {
qd_log(cm->log_source, QD_LOG_ERROR, "Unable to create config listener: %s", qd_error_message());
config_listener_free(qd->connection_manager, cl);
return 0;
}
- cl->ssl_profile = ssl_profile;
char *fol = qd_entity_opt_string(entity, "failoverList", 0);
if (fol) {
const char *fol_error = 0;
@@ -542,15 +545,7 @@ qd_config_listener_t *qd_dispatch_configure_listener(qd_dispatch_t *qd, qd_entit
cl->configuration.failover_list = 0;
DEQ_ITEM_INIT(cl);
DEQ_INSERT_TAIL(cm->config_listeners, cl);
-
- qd_log(cm->log_source, QD_LOG_INFO, "Configured Listener: %s:%s proto=%s, role=%s%s%s%s",
- cl->configuration.host, cl->configuration.port,
- cl->configuration.protocol_family ? cl->configuration.protocol_family : "any",
- cl->configuration.role,
- cl->configuration.http ? ", http" : "",
- cl->ssl_profile ? ", sslProfile=":"",
- cl->ssl_profile ? cl->ssl_profile->name:"");
-
+ log_config(cm->log_source, &cl->configuration, "Listener");
return cl;
}
@@ -569,10 +564,9 @@ qd_error_t qd_entity_refresh_connector(qd_entity_t* entity, void *impl)
static void config_connector_free(qd_connection_manager_t *cm, qd_config_connector_t *cc)
{
- if (cc->connector)
+ if (cc->connector) {
qd_server_connector_free(cc->connector);
- if (cc->ssl_profile) {
- sys_atomic_dec(&cc->ssl_profile->ref_count);
+ qd_server_config_free(&cc->configuration);
}
free(cc);
}
@@ -585,22 +579,14 @@ qd_config_connector_t *qd_dispatch_configure_connector(qd_dispatch_t *qd, qd_ent
qd_config_connector_t *cc = NEW(qd_config_connector_t);
ZERO(cc);
- qd_config_ssl_profile_t *ssl_profile = 0;
- if (load_server_config(qd, &cc->configuration, entity, &ssl_profile) != QD_ERROR_NONE) {
+ if (load_server_config(qd, &cc->configuration, entity) != QD_ERROR_NONE) {
qd_log(cm->log_source, QD_LOG_ERROR, "Unable to create config connector: %s", qd_error_message());
config_connector_free(qd->connection_manager, cc);
return 0;
}
- cc->ssl_profile = ssl_profile;
DEQ_ITEM_INIT(cc);
DEQ_INSERT_TAIL(cm->config_connectors, cc);
- qd_log(cm->log_source, QD_LOG_INFO, "Configured Connector: %s:%s proto=%s, role=%s %s%s",
- cc->configuration.host, cc->configuration.port,
- cc->configuration.protocol_family ? cc->configuration.protocol_family : "any",
- cc->configuration.role,
- cc->ssl_profile ? ", sslProfile=":"",
- cc->ssl_profile ? cc->ssl_profile->name:"");
-
+ log_config(cm->log_source, &cc->configuration, "Connector");
return cc;
}
@@ -612,7 +598,6 @@ qd_connection_manager_t *qd_connection_manager(qd_dispatch_t *qd)
return 0;
cm->log_source = qd_log_source("CONN_MGR");
- cm->ssl_profile_lock = sys_mutex();
cm->server = qd->server;
DEQ_INIT(cm->config_listeners);
DEQ_INIT(cm->config_connectors);
@@ -628,7 +613,6 @@ void qd_connection_manager_free(qd_connection_manager_t *cm)
qd_config_listener_t *cl = DEQ_HEAD(cm->config_listeners);
while (cl) {
DEQ_REMOVE_HEAD(cm->config_listeners);
- qd_server_config_free(&cl->configuration);
config_listener_free(cm, cl);
cl = DEQ_HEAD(cm->config_listeners);
}
@@ -636,7 +620,6 @@ void qd_connection_manager_free(qd_connection_manager_t *cm)
qd_config_connector_t *cc = DEQ_HEAD(cm->config_connectors);
while (cc) {
DEQ_REMOVE_HEAD(cm->config_connectors);
- qd_server_config_free(&cc->configuration);
config_connector_free(cm, cc);
cc = DEQ_HEAD(cm->config_connectors);
}
@@ -646,8 +629,6 @@ void qd_connection_manager_free(qd_connection_manager_t *cm)
config_ssl_profile_free(cm, sslp);
sslp = DEQ_HEAD(cm->config_ssl_profiles);
}
-
- sys_mutex_free(cm->ssl_profile_lock);
}
@@ -694,16 +675,10 @@ void qd_connection_manager_delete_listener(qd_dispatch_t *qd, void *impl)
}
-/**
- * Only those SSL Profiles that are not being referenced from other
- * listeners/connectors can be deleted
- */
-bool qd_connection_manager_delete_ssl_profile(qd_dispatch_t *qd, void *impl)
+void qd_connection_manager_delete_ssl_profile(qd_dispatch_t *qd, void *impl)
{
qd_config_ssl_profile_t *ssl_profile = (qd_config_ssl_profile_t*) impl;
- if (ssl_profile)
- return config_ssl_profile_free(qd->connection_manager, ssl_profile);
- return false;
+ config_ssl_profile_free(qd->connection_manager, ssl_profile);
}
http://git-wip-us.apache.org/repos/asf/qpid-dispatch/blob/336c5367/tests/system_tests_qdmanage.py
----------------------------------------------------------------------
diff --git a/tests/system_tests_qdmanage.py b/tests/system_tests_qdmanage.py
index bdbd823..5218f4c 100644
--- a/tests/system_tests_qdmanage.py
+++ b/tests/system_tests_qdmanage.py
@@ -346,10 +346,6 @@ class QdmanageTest(TestCase):
output = json.loads(self.run_qdmanage(ssl_create_command))
self.assertEqual(output['name'], ssl_profile_name)
self.run_qdmanage('DELETE --type=sslProfile --name=' + ssl_profile_name)
- # Try to delete the server-ssl profile which is in use.
- output = self.run_qdmanage('DELETE --type=sslProfile --name=server-ssl',
- expect=Process.EXIT_FAIL)
- self.assertIn("ForbiddenStatus", output)
if __name__ == '__main__':
unittest.main(main_module())
http://git-wip-us.apache.org/repos/asf/qpid-dispatch/blob/336c5367/tests/system_tests_sasl_plain.py
----------------------------------------------------------------------
diff --git a/tests/system_tests_sasl_plain.py b/tests/system_tests_sasl_plain.py
index a180d80..491c8cd 100644
--- a/tests/system_tests_sasl_plain.py
+++ b/tests/system_tests_sasl_plain.py
@@ -305,18 +305,19 @@ class RouterTestPlainSaslOverSsl(RouterTestPlainSaslCommon):
self.skipTest("Cyrus library not available. skipping test")
local_node = Node.connect(self.routers[0].addresses[1], timeout=TIMEOUT)
+ results = local_node.query(type='org.apache.qpid.dispatch.connection').results
# sslProto should be TLSv1/SSLv3
- self.assertEqual(u'TLSv1/SSLv3', local_node.query(type='org.apache.qpid.dispatch.connection').results[0][10])
+ self.assertEqual(u'TLSv1/SSLv3', results[0][10])
# role should be inter-router
- self.assertEqual(u'inter-router', local_node.query(type='org.apache.qpid.dispatch.connection').results[0][3])
+ self.assertEqual(u'inter-router', results[0][3])
# sasl must be plain
- self.assertEqual(u'PLAIN', local_node.query(type='org.apache.qpid.dispatch.connection').results[0][6])
+ self.assertEqual(u'PLAIN', results[0][6])
# user must be test@domain.com
- self.assertEqual(u'test@domain.com', local_node.query(type='org.apache.qpid.dispatch.connection').results[0][8])
+ self.assertEqual(u'test@domain.com', results[0][8])
class RouterTestVerifyHostNameYes(RouterTestPlainSaslCommon):
@@ -399,15 +400,15 @@ class RouterTestVerifyHostNameYes(RouterTestPlainSaslCommon):
self.skipTest("Cyrus library not available. skipping test")
local_node = Node.connect(self.routers[1].addresses[0], timeout=TIMEOUT)
-
+ results = local_node.query(type='org.apache.qpid.dispatch.connection').results
# There should be only two connections.
# There will be no inter-router connection
- self.assertEqual(2, len(local_node.query(type='org.apache.qpid.dispatch.connection').results))
- self.assertEqual('in', local_node.query(type='org.apache.qpid.dispatch.connection').results[0][4])
- self.assertEqual('normal', local_node.query(type='org.apache.qpid.dispatch.connection').results[0][3])
- self.assertEqual('anonymous', local_node.query(type='org.apache.qpid.dispatch.connection').results[0][8])
- self.assertEqual('normal', local_node.query(type='org.apache.qpid.dispatch.connection').results[1][3])
- self.assertEqual('anonymous', local_node.query(type='org.apache.qpid.dispatch.connection').results[1][8])
+ self.assertEqual(2, len(results))
+ self.assertEqual('in', results[0][4])
+ self.assertEqual('normal', results[0][3])
+ self.assertEqual('anonymous', results[0][8])
+ self.assertEqual('normal', results[1][3])
+ self.assertEqual('anonymous', results[1][8])
class RouterTestVerifyHostNameNo(RouterTestPlainSaslCommon):
@@ -487,17 +488,6 @@ class RouterTestVerifyHostNameNo(RouterTestPlainSaslCommon):
def ssl_file(name):
return os.path.join(DIR, 'ssl_certs', name)
- def run_qdmanage(self, cmd, input=None, expect=Process.EXIT_OK, address=None):
- p = self.popen(
- ['qdmanage'] + cmd.split(' ') + ['--bus', address or self.address(), '--indent=-1', '--timeout',
- str(TIMEOUT)], stdin=PIPE, stdout=PIPE, stderr=STDOUT, expect=expect)
- out = p.communicate(input)[0]
- try:
- p.teardown()
- except Exception, e:
- raise Exception("%s\n%s" % (e, out))
- return out
-
def common_asserts(self, results):
search = "QDR.X"
found = False
@@ -534,48 +524,6 @@ class RouterTestVerifyHostNameNo(RouterTestPlainSaslCommon):
self.common_asserts(results)
- def test_zzz_delete_create_connector(self):
- """
- Delete an ssl profile before deleting the connector and make sure it fails.
- Delete an ssl profile after deleting the connector and make sure it succeeds.
- Re-add the deleted connector and associate it with an ssl profile and make sure
- that the two routers are able to communicate over the connection.
- """
- if not SASL.extended():
- self.skipTest("Cyrus library not available. skipping test")
-
- ssl_profile_name = 'client-ssl-profile'
-
- delete_command = 'DELETE --type=sslProfile --name=' + ssl_profile_name
-
- cannot_delete = False
- try:
- json.loads(self.run_qdmanage(delete_command, address=self.routers[1].addresses[0]))
- except Exception as e:
- cannot_delete = True
- self.assertTrue('ForbiddenStatus: SSL Profile is referenced by other listeners/connectors' in e.message)
-
- self.assertTrue(cannot_delete)
-
- # Deleting the connector
- delete_command = 'DELETE --type=connector --name=connectorToX'
- self.run_qdmanage(delete_command, address=self.routers[1].addresses[0])
-
- #Assert here that the connection to QDR.X is gone
-
- # Re-add connector
- connector_create_command = 'CREATE --type=connector name=connectorToX host=127.0.0.1 port=' + \
- str(RouterTestVerifyHostNameNo.x_listener_port) + \
- ' saslMechanisms=PLAIN sslProfile=' + ssl_profile_name + \
- ' role=inter-router verifyHostName=no saslUsername=test@domain.com' \
- ' saslPassword=password'
-
- json.loads(self.run_qdmanage(connector_create_command, address=self.routers[1].addresses[0]))
- self.routers[1].wait_connectors()
- local_node = Node.connect(self.routers[1].addresses[0], timeout=TIMEOUT)
- results = local_node.query(type='org.apache.qpid.dispatch.connection').results
- self.common_asserts(results)
-
def test_zzz_delete_create_ssl_profile(self):
"""
Deletes a connector and its corresponding ssl profile and recreates both
@@ -583,48 +531,34 @@ class RouterTestVerifyHostNameNo(RouterTestPlainSaslCommon):
if not SASL.extended():
self.skipTest("Cyrus library not available. skipping test")
- ssl_profile_name = 'client-ssl-profile'
-
- # Deleting the connector first and then its SSL profile must work.
- delete_command = 'DELETE --type=connector --name=connectorToX'
- self.run_qdmanage(delete_command, address=self.routers[1].addresses[0])
+ local_node = self.routers[1].management
- # Delete the connector's associated ssl profile
- delete_command = 'DELETE --type=sslProfile --name=' + ssl_profile_name
- self.run_qdmanage(delete_command, address=self.routers[1].addresses[0])
-
- local_node = Node.connect(self.routers[1].addresses[0], timeout=TIMEOUT)
- results = local_node.query(type='org.apache.qpid.dispatch.connection').results
- search = "QDR.X"
- found = False
-
- for N in range(0, 3):
- if results[N][0] == search:
- found = True
- break
-
- self.assertFalse(found)
+ connections = local_node.query(type='org.apache.qpid.dispatch.connection').get_entities()
+ self.assertIn("QDR.X", [c.container for c in connections]) # We can find the connection before
+ local_node.delete(type='connector', name='connectorToX')
+ local_node.delete(type='sslProfile', name='client-ssl-profile')
+ connections = local_node.query(type='org.apache.qpid.dispatch.connection').get_entities()
+ self.assertNotIn("QDR.X", [c.container for c in connections]) # Should not be present now
# re-create the ssl profile
- long_type = 'org.apache.qpid.dispatch.sslProfile'
- ssl_create_command = 'CREATE --type=' + long_type + ' certFile=' + self.ssl_file('client-certificate.pem') + \
- ' keyFile=' + self.ssl_file('client-private-key.pem') + ' password=client-password' + \
- ' name=' + ssl_profile_name + ' certDb=' + self.ssl_file('ca-certificate.pem')
-
- output = json.loads(self.run_qdmanage(ssl_create_command, address=self.routers[1].addresses[0]))
- name = output['name']
- self.assertEqual(name, ssl_profile_name)
-
- # Re-add connector
- connector_create_command = 'CREATE --type=connector name=connectorToX host=127.0.0.1 port=' + \
- str(RouterTestVerifyHostNameNo.x_listener_port) + \
- ' saslMechanisms=PLAIN sslProfile=' + ssl_profile_name + \
- ' role=inter-router verifyHostName=no saslUsername=test@domain.com' \
- ' saslPassword=password'
-
- json.loads(self.run_qdmanage(connector_create_command, address=self.routers[1].addresses[0]))
+ local_node.create({'type': 'sslProfile',
+ 'name': 'client-ssl-profile',
+ 'certFile': self.ssl_file('client-certificate.pem'),
+ 'keyFile': self.ssl_file('client-private-key.pem'),
+ 'password': 'client-password',
+ 'certDb': self.ssl_file('ca-certificate.pem')})
+ # re-create connector
+ local_node.create({'type': 'connector',
+ 'name': 'connectorToX',
+ 'host': '127.0.0.1',
+ 'port': self.x_listener_port,
+ 'saslMechanisms': 'PLAIN',
+ 'sslProfile': 'client-ssl-profile',
+ 'role': 'inter-router',
+ 'verifyHostName': False,
+ 'saslUsername': 'test@domain.com',
+ 'saslPassword': 'password'})
self.routers[1].wait_connectors()
- local_node = Node.connect(self.routers[1].addresses[0], timeout=TIMEOUT)
results = local_node.query(type='org.apache.qpid.dispatch.connection').results
self.common_asserts(results)
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@qpid.apache.org
For additional commands, e-mail: commits-help@qpid.apache.org