You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@qpid.apache.org by ac...@apache.org on 2015/11/23 18:58:02 UTC
[34/50] [abbrv] qpid-proton git commit: PROTON-1048: Windows SChannel
test certificates for proton-c
PROTON-1048: Windows SChannel test certificates for proton-c
Project: http://git-wip-us.apache.org/repos/asf/qpid-proton/repo
Commit: http://git-wip-us.apache.org/repos/asf/qpid-proton/commit/f4b35515
Tree: http://git-wip-us.apache.org/repos/asf/qpid-proton/tree/f4b35515
Diff: http://git-wip-us.apache.org/repos/asf/qpid-proton/diff/f4b35515
Branch: refs/heads/go1
Commit: f4b35515bc423c448362311cb228c2ffc97ebaca
Parents: 630471e
Author: Clifford Jansen <cl...@apache.org>
Authored: Sun Nov 15 16:05:15 2015 -0800
Committer: Clifford Jansen <cl...@apache.org>
Committed: Sun Nov 15 16:05:15 2015 -0800
----------------------------------------------------------------------
proton-c/src/messenger/messenger.c | 2 +-
proton-c/src/windows/schannel.c | 4 +---
tests/python/proton_tests/messenger.py | 3 ++-
tests/python/proton_tests/sasl.py | 12 +++++++++++-
tests/python/proton_tests/soak.py | 2 ++
tests/python/proton_tests/ssl.py | 14 ++++++++++++++
tests/python/proton_tests/ssl_db/README.txt | 12 +++++++++++-
.../proton_tests/ssl_db/bad-server-certificate.p12 | Bin 0 -> 1490 bytes
tests/python/proton_tests/ssl_db/ca-certificate.p12 | Bin 0 -> 920 bytes
.../proton_tests/ssl_db/client-certificate.p12 | Bin 0 -> 1554 bytes
.../proton_tests/ssl_db/server-certificate.p12 | Bin 0 -> 1562 bytes
.../proton_tests/ssl_db/server-wc-certificate.p12 | Bin 0 -> 1632 bytes
12 files changed, 42 insertions(+), 7 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/qpid-proton/blob/f4b35515/proton-c/src/messenger/messenger.c
----------------------------------------------------------------------
diff --git a/proton-c/src/messenger/messenger.c b/proton-c/src/messenger/messenger.c
index 6c4a885..277642f 100644
--- a/proton-c/src/messenger/messenger.c
+++ b/proton-c/src/messenger/messenger.c
@@ -931,7 +931,7 @@ static int pn_transport_config(pn_messenger_t *messenger,
pn_transport_set_tracer(transport, messenger->tracer);
if (ctx->scheme && !strcmp(ctx->scheme, "amqps")) {
pn_ssl_domain_t *d = pn_ssl_domain(PN_SSL_MODE_CLIENT);
- if (messenger->certificate && messenger->private_key) {
+ if (messenger->certificate) {
int err = pn_ssl_domain_set_credentials( d, messenger->certificate,
messenger->private_key,
messenger->password);
http://git-wip-us.apache.org/repos/asf/qpid-proton/blob/f4b35515/proton-c/src/windows/schannel.c
----------------------------------------------------------------------
diff --git a/proton-c/src/windows/schannel.c b/proton-c/src/windows/schannel.c
index 3e3b389..57345d7 100644
--- a/proton-c/src/windows/schannel.c
+++ b/proton-c/src/windows/schannel.c
@@ -410,11 +410,9 @@ static void ssl_session_free( pn_ssl_session_t *ssn)
/** Public API - visible to application code */
-// TODO: This should really return true as SSL is fully implemented,
-// but the tests currently fail because the fixed certificates aren't usable on windows
bool pn_ssl_present(void)
{
- return false;
+ return true;
}
pn_ssl_domain_t *pn_ssl_domain( pn_ssl_mode_t mode )
http://git-wip-us.apache.org/repos/asf/qpid-proton/blob/f4b35515/tests/python/proton_tests/messenger.py
----------------------------------------------------------------------
diff --git a/tests/python/proton_tests/messenger.py b/tests/python/proton_tests/messenger.py
index b6c3d1f..9656033 100644
--- a/tests/python/proton_tests/messenger.py
+++ b/tests/python/proton_tests/messenger.py
@@ -450,7 +450,8 @@ class MessengerTest(Test):
self.client.start()
def testRoute(self):
- if not common.isSSLPresent():
+ # anonymous cipher not supported on Windows
+ if os.name == "nt" or not common.isSSLPresent():
domain = "amqp"
else:
domain = "amqps"
http://git-wip-us.apache.org/repos/asf/qpid-proton/blob/f4b35515/tests/python/proton_tests/sasl.py
----------------------------------------------------------------------
diff --git a/tests/python/proton_tests/sasl.py b/tests/python/proton_tests/sasl.py
index 75b4828..6adb77d 100644
--- a/tests/python/proton_tests/sasl.py
+++ b/tests/python/proton_tests/sasl.py
@@ -29,6 +29,13 @@ from proton._compat import str2bin
def _sslCertpath(file):
""" Return the full path to the certificate,keyfile, etc.
"""
+ if os.name=="nt":
+ if file.find("private-key")!=-1:
+ # The private key is not in a separate store
+ return None
+ # Substitute pkcs#12 equivalent for the CA/key store
+ if file.endswith(".pem"):
+ file = file[:-4] + ".p12"
return os.path.join(os.path.dirname(__file__),
"ssl_db/%s" % file)
@@ -423,7 +430,10 @@ class SSLSASLTest(Test):
if "java" in sys.platform:
raise Skipped("Proton-J does not support SSL with SASL")
- extUser = 'O=Client,CN=127.0.0.1'
+ if os.name=="nt":
+ extUser = 'O=Client, CN=127.0.0.1'
+ else:
+ extUser = 'O=Client,CN=127.0.0.1'
mech = 'EXTERNAL'
self.server_domain.set_credentials(_sslCertpath("server-certificate.pem"),
http://git-wip-us.apache.org/repos/asf/qpid-proton/blob/f4b35515/tests/python/proton_tests/soak.py
----------------------------------------------------------------------
diff --git a/tests/python/proton_tests/soak.py b/tests/python/proton_tests/soak.py
index c9ec68e..52382ba 100644
--- a/tests/python/proton_tests/soak.py
+++ b/tests/python/proton_tests/soak.py
@@ -124,6 +124,8 @@ class MessengerTests(AppTests):
def _ssl_check(self):
if not isSSLPresent():
raise Skipped("No SSL libraries found.")
+ if os.name=="nt":
+ raise Skipped("Windows SChannel lacks anonymous cipher support.")
def __init__(self, *args):
AppTests.__init__(self, *args)
http://git-wip-us.apache.org/repos/asf/qpid-proton/blob/f4b35515/tests/python/proton_tests/ssl.py
----------------------------------------------------------------------
diff --git a/tests/python/proton_tests/ssl.py b/tests/python/proton_tests/ssl.py
index 961a783..e59c90b 100644
--- a/tests/python/proton_tests/ssl.py
+++ b/tests/python/proton_tests/ssl.py
@@ -31,6 +31,13 @@ from .common import Skipped, pump
def _testpath(file):
""" Set the full path to the certificate,keyfile, etc. for the test.
"""
+ if os.name=="nt":
+ if file.find("private-key")!=-1:
+ # The private key is not in a separate store
+ return None
+ # Substitute pkcs#12 equivalent for the CA/key store
+ if file.endswith(".pem"):
+ file = file[:-4] + ".p12"
return os.path.join(os.path.dirname(__file__),
"ssl_db/%s" % file)
@@ -90,6 +97,8 @@ class SslTest(common.Test):
self._pump(client, server)
def test_defaults(self):
+ if os.name=="nt":
+ raise Skipped("Windows SChannel lacks anonymous cipher support.")
""" By default, both the server and the client support anonymous
ciphers - they should connect without need for a certificate.
"""
@@ -429,6 +438,9 @@ class SslTest(common.Test):
def test_session_resume(self):
""" Test resume of client session.
"""
+ if os.name=="nt":
+ raise Skipped("Windows SChannel session resume not yet implemented.")
+
self.server_domain.set_credentials(self._testpath("server-certificate.pem"),
self._testpath("server-private-key.pem"),
"server-password")
@@ -736,6 +748,8 @@ class SslTest(common.Test):
def test_defaults_messenger_app(self):
""" Test an SSL connection using the Messenger apps (no certificates)
"""
+ if os.name=="nt":
+ raise Skipped("Windows SChannel lacks anonymous cipher support.")
port = common.free_tcp_ports()[0]
receiver = common.MessengerReceiverC()
http://git-wip-us.apache.org/repos/asf/qpid-proton/blob/f4b35515/tests/python/proton_tests/ssl_db/README.txt
----------------------------------------------------------------------
diff --git a/tests/python/proton_tests/ssl_db/README.txt b/tests/python/proton_tests/ssl_db/README.txt
index 6967e84..5b35421 100644
--- a/tests/python/proton_tests/ssl_db/README.txt
+++ b/tests/python/proton_tests/ssl_db/README.txt
@@ -59,4 +59,14 @@ keytool -ext san=dns:alternate.name.one.com,dns:another.name.com -storetype pkcs
keytool -ext san=dns:alternate.name.one.com,dns:another.name.com -storetype pkcs12 -keystore ca.pkcs12 -storepass ca-password -alias ca -keypass ca-password -gencert -rfc -validity 99999 -infile server-wc-request.pem -outfile server-wc-certificate.pem
openssl pkcs12 -nocerts -passin pass:server-password -in server.pkcs12 -passout pass:server-password -out server-wc-private-key.pem
-
+# Create pkcs12 versions of the above certificates (for Windows SChannel)
+# The CA certificate store/DB is created without public keys.
+# Give the "p12" files the same base name so the tests can just change the extension to switch between platforms.
+# These certificates might work for OpenSSL <-> SChannel interop tests, but note that the DH cypher suite
+# overlap is poor between platforms especially for older Windows versions. RSA certificates are better for
+# interop (or PFS-friendly certificates on newer platforms).
+openssl pkcs12 -export -out ca-certificate.p12 -in ca-certificate.pem -name ca-certificate -nokeys -passout pass:
+openssl pkcs12 -export -out server-certificate.p12 -passin pass:server-password -passout pass:server-password -inkey server-private-key.pem -in server-certificate.pem -name server-certificate
+openssl pkcs12 -export -out client-certificate.p12 -passin pass:client-password -passout pass:client-password -inkey client-private-key.pem -in client-certificate.pem -name client-certificate
+openssl pkcs12 -export -out bad-server-certificate.p12 -passin pass:server-password -passout pass:server-password -inkey bad-server-private-key.pem -in bad-server-certificate.pem -name bad-server
+openssl pkcs12 -export -out server-wc-certificate.p12 -passin pass:server-password -passout pass:server-password -inkey server-wc-private-key.pem -in server-wc-certificate.pem -name server-wc-certificate
http://git-wip-us.apache.org/repos/asf/qpid-proton/blob/f4b35515/tests/python/proton_tests/ssl_db/bad-server-certificate.p12
----------------------------------------------------------------------
diff --git a/tests/python/proton_tests/ssl_db/bad-server-certificate.p12 b/tests/python/proton_tests/ssl_db/bad-server-certificate.p12
new file mode 100644
index 0000000..6044350
Binary files /dev/null and b/tests/python/proton_tests/ssl_db/bad-server-certificate.p12 differ
http://git-wip-us.apache.org/repos/asf/qpid-proton/blob/f4b35515/tests/python/proton_tests/ssl_db/ca-certificate.p12
----------------------------------------------------------------------
diff --git a/tests/python/proton_tests/ssl_db/ca-certificate.p12 b/tests/python/proton_tests/ssl_db/ca-certificate.p12
new file mode 100644
index 0000000..539b278
Binary files /dev/null and b/tests/python/proton_tests/ssl_db/ca-certificate.p12 differ
http://git-wip-us.apache.org/repos/asf/qpid-proton/blob/f4b35515/tests/python/proton_tests/ssl_db/client-certificate.p12
----------------------------------------------------------------------
diff --git a/tests/python/proton_tests/ssl_db/client-certificate.p12 b/tests/python/proton_tests/ssl_db/client-certificate.p12
new file mode 100644
index 0000000..be820ed
Binary files /dev/null and b/tests/python/proton_tests/ssl_db/client-certificate.p12 differ
http://git-wip-us.apache.org/repos/asf/qpid-proton/blob/f4b35515/tests/python/proton_tests/ssl_db/server-certificate.p12
----------------------------------------------------------------------
diff --git a/tests/python/proton_tests/ssl_db/server-certificate.p12 b/tests/python/proton_tests/ssl_db/server-certificate.p12
new file mode 100644
index 0000000..d470366
Binary files /dev/null and b/tests/python/proton_tests/ssl_db/server-certificate.p12 differ
http://git-wip-us.apache.org/repos/asf/qpid-proton/blob/f4b35515/tests/python/proton_tests/ssl_db/server-wc-certificate.p12
----------------------------------------------------------------------
diff --git a/tests/python/proton_tests/ssl_db/server-wc-certificate.p12 b/tests/python/proton_tests/ssl_db/server-wc-certificate.p12
new file mode 100644
index 0000000..d512f52
Binary files /dev/null and b/tests/python/proton_tests/ssl_db/server-wc-certificate.p12 differ
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@qpid.apache.org
For additional commands, e-mail: commits-help@qpid.apache.org