You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@qpid.apache.org by Albert Pomortsev <ap...@opentext.com> on 2013/10/29 01:18:50 UTC
SSL support in org.apache.qpid.messaging .NET API
Hello qpid developers and users.
I'm finding it impossible to use SSL from .NET messaging API. I built qpid/proton from trunk sources on Windows. I can successfully run the broker and, for example, run the csharp.example.helloworld .NET sample using both amqp 0-10 and 1.0 protocols. But configuring the client connection for SSL fails. By SSL I mean only server authentication and encryption, not client authentication. I was planning to use PLAIN SASL authentication with SSL.
The C++ broker handbook states (p.42):
3. To open an SSL enabled connection in the Qpid Messaging API, set the protocol connection option to ssl.
This does not work. I'm receiving the exception "Unsupported protocol: ssl". Additionally, this option clashes with the option "protocol:amqp1.0" making using them together apparently impossible.
I tried "transport:ssl". With amqp 0-10 (no "protocol" option) I'm getting "Failed to connect (reconnect disabled)" exception. With amqp1.0 ("protocol:amqp1.0") I'm getting "No such transport: ssl" exception.
Can someone please explain:
- Is SSL even supported in .NET messaging API?
- If yes, what is the correct way to enable it?
Thanks,
Albert.
RE: SSL support in org.apache.qpid.messaging .NET API
Posted by Albert Pomortsev <ap...@opentext.com>.
Thanks Cliff, that fixed it.
-----Original Message-----
From: Cliff Jansen [mailto:cliffjansen@gmail.com]
Sent: Wednesday, November 06, 2013 2:14 PM
To: users@qpid.apache.org
Subject: Re: SSL support in org.apache.qpid.messaging .NET API
Albert,
Please try the recent fix to the JIRA (r1539474). This should get you going for the 0-10 protocol.
Cliff
On Wed, Nov 6, 2013 at 10:20 AM, Albert Pomortsev <ap...@opentext.com> wrote:
> Chuck,
>
> I created https://issues.apache.org/jira/browse/QPID-5302
>
> Thanks,
> Albert.
>
> -----Original Message-----
> From: Chuck Rolke [mailto:crolke@redhat.com]
> Sent: Wednesday, October 30, 2013 6:57 AM
> To: users@qpid.apache.org
> Subject: Re: SSL support in org.apache.qpid.messaging .NET API
>
> Hi Albert,
>
> Could you submit a jira for this issue?
> http://qpid.apache.org/issues.html
>
> Thanks,
> Chuck
>
> ----- Original Message -----
>> From: "Albert Pomortsev" <ap...@opentext.com>
>> To: users@qpid.apache.org
>> Sent: Tuesday, October 29, 2013 6:48:19 PM
>> Subject: RE: SSL support in org.apache.qpid.messaging .NET API
>>
>> Hi Gordon,
>>
>> Yes, I configured the certificate and all relevant options on the broker.
>> I've finally managed to make the .NET helloworld example work, to a
>> degree
>> though: it connects, sends and receives the message, but crashes on
>> exit with access violation in Connection destructor in
>> qpid\cpp\bindings\qpid\dotnet\src\Connection.cpp:
>>
>> // Finalizer
>> Connection::!Connection()
>> {
>> if (NULL != nativeObjPtr)
>> {
>> msclr::lock lk(privateLock);
>>
>> if (NULL != nativeObjPtr)
>> {
>> delete nativeObjPtr; // <= exception here, line 191
>> nativeObjPtr = NULL;
>> }
>> }
>> }
>>
>> Attempted to read or write protected memory. This is often an
>> indication that other memory is corrupt.
>>
>> at qpid.messaging.Connection.{dtor}(Connection* )
>> at qpid.messaging.Connection.__delDtor(Connection* , UInt32 A_0)
>> at Org.Apache.Qpid.Messaging.Connection.!Connection()
>> at Org.Apache.Qpid.Messaging.Connection.Dispose(Boolean A_0)
>> at Org.Apache.Qpid.Messaging.Connection.Finalize()
>>
>> Looks like deletion of an already disposed object to me.
>>
>> When I try running qpid-perftest as described in documentation I'm
>> also getting access violation. From the trace it looks like some
>> communication is going on between the tool and the broker but in the
>> end it crashes without reporting anything:
>>
>> D:\Projects\QPid\trunk\qpid\build\src\tests\Debug>qpid-perftest
>> --count 10000 -P ssl --port 5671 --broker broker.fqdn -t
>> 2013-10-29 15:32:35 [Client] debug Created IO thread: 0
>> 2013-10-29 15:32:35 [Network] debug TCPConnector created for 0-10
>> 2013-10-29 15:32:35 [Client] info Set TCP_NODELAY
>> 2013-10-29 15:32:35 [Security] debug SslConnector created for \x00-
>>
>> 2013-10-29 15:32:35 [Network] debug RECV
>> [[10.26.38.125:20730-broker.fqdn:5671]]: INIT(0-10)
>> 2013-10-29 15:32:35 [Network] trace RECV
>> [[10.26.38.125:20730-broker.fqdn:5671]]: Frame[BEbe; channel=0; {Con
>> nectionStartBody:
>> server-properties={qpid.federation_tag:V2:36:str16(df1f3306-21fa-4282
>> -
>> a9b8-fc3979f62709)};
>> mechanisms=str16
>> {V2:9:str16(ANONYMOUS), V2:5:str16(PLAIN)};
>> locales=str16{V2:5:str16(en_US)}; }]
>> 2013-10-29 15:32:35 [Security] debug WindowsSasl::start(ANONYMOUS
>> PLAIN)
>> 2013-10-29 15:32:35 [Network] trace SENT
>> [[10.26.38.125:20730-broker.fqdn:5671]]: Frame[BEbe; channel=0; {Con
>> nectionStartOkBody:
>> client-properties={qpid.client_pid:F4:int32(7536),qpid.client_ppid:F4:
>> int32(0),qpid.client_process:V2:0:s
>> tr16(),qpid.session_flow:F4:int32(1)}; mechanism=PLAIN;
>> response=xxxxxx; locale=en_US; }]
>> 2013-10-29 15:32:35 [Network] trace RECV
>> [[10.26.38.125:20730-broker.fqdn:5671]]: Frame[BEbe; channel=0; {Con
>> nectionTuneBody: channel-max=32767; max-frame-size=65535;
>> heartbeat-min=0; heartbeat-max=0; }]
>> 2013-10-29 15:32:35 [Network] trace SENT
>> [[10.26.38.125:20730-broker.fqdn:5671]]: Frame[BEbe; channel=0; {Con
>> nectionTuneOkBody: channel-max=32767; max-frame-size=65535;
>> heartbeat=0; }]
>> 2013-10-29 15:32:35 [Network] trace SENT
>> [[10.26.38.125:20730-broker.fqdn:5671]]: Frame[BEbe; channel=0; {Con
>> nectionOpenBody: virtual-host=; capabilities=void{}; insist=1; }]
>> 2013-10-29 15:32:35 [Network] trace RECV
>> [[10.26.38.125:20730-broker.fqdn:5671]]: Frame[BEbe; channel=0; {Con
>> nectionOpenOkBody: known-hosts=str16{}; }]
>> 2013-10-29 15:32:35 [Client] debug Known-brokers for connection:
>> 2013-10-29 15:32:35 [Client] info Connection
>> [10.26.38.125:20730-broker.fqdn:5671] connected to ssl:alado-alb
>> ertp2.opentext.net:5671
>> 2013-10-29 15:32:35 [Client] debug Connection
>> [10.26.38.125:20730-broker.fqdn:5671] no security layer in plac e
>> 2013-10-29 15:32:35 [Broker] debug SessionState::SessionState .:
>> 00A18D50
>> 2013-10-29 15:32:35 [Network] trace SENT
>> [[10.26.38.125:20730-broker.fqdn:5671]]: Frame[BEbe; channel=1; {Ses
>> sionAttachBody: name=aafa000f-2453-4ce6-9412-1add9be05c23; }]
>> 2013-10-29 15:32:35 [Network] trace RECV
>> [[10.26.38.125:20730-broker.fqdn:5671]]: Frame[BEbe; channel=1; {Ses
>> sionAttachedBody: name=aafa000f-2453-4ce6-9412-1add9be05c23; }]
>> 2013-10-29 15:32:35 [Network] trace RECV
>> [[10.26.38.125:20730-broker.fqdn:5671]]: Frame[BEbe; channel=1; {Ses
>> sionCommandPointBody: command-id=0; command-offset=0; }]
>> 2013-10-29 15:32:35 [Network] trace SENT
>> [[10.26.38.125:20730-broker.fqdn:5671]]: Frame[BEbe; channel=1; {Ses
>> sionRequestTimeoutBody: timeout=0; }]
>> 2013-10-29 15:32:35 [Network] trace SENT
>> [[10.26.38.125:20730-broker.fqdn:5671]]: Frame[BEbe; channel=1; {Ses
>> sionCommandPointBody: command-id=0; command-offset=0; }]
>> 2013-10-29 15:32:35 [Network] trace SENT
>> [[10.26.38.125:20730-broker.fqdn:5671]]: Frame[BEbe; channel=1; {Que
>> ueDeclareBody: queue=qpid-perftest_pub_start; alternate-exchange=;
>> arguments={}; }]
>> 2013-10-29 15:32:35 [Network] trace SENT
>> [[10.26.38.125:20730-broker.fqdn:5671]]: Frame[BEbe; channel=1; {Que
>> uePurgeBody: queue=qpid-perftest_pub_start; }]
>> 2013-10-29 15:32:35 [Network] trace SENT
>> [[10.26.38.125:20730-broker.fqdn:5671]]: Frame[BEbe; channel=1; {Exe
>> cutionSyncBody: }]
>> 2013-10-29 15:32:35 [Network] trace RECV
>> [[10.26.38.125:20730-broker.fqdn:5671]]: Frame[BEbe; channel=1; {Ses
>> sionTimeoutBody: timeout=0; }]
>> 2013-10-29 15:32:35 [Network] trace RECV
>> [[10.26.38.125:20730-broker.fqdn:5671]]: Frame[BEbe; channel=1; {Ses
>> sionCompletedBody: commands={ [0,2] }; }]
>> 2013-10-29 15:32:35 [Network] trace SENT
>> [[10.26.38.125:20730-broker.fqdn:5671]]: Frame[BEbe; channel=1; {Que
>> ueDeclareBody: queue=qpid-perftest_pub_done; alternate-exchange=;
>> arguments={}; }]
>> 2013-10-29 15:32:35 [Network] trace SENT
>> [[10.26.38.125:20730-broker.fqdn:5671]]: Frame[BEbe; channel=1; {Que
>> uePurgeBody: queue=qpid-perftest_pub_done; }]
>> 2013-10-29 15:32:36 [Network] trace SENT
>> [[10.26.38.125:20730-broker.fqdn:5671]]: Frame[BEbe; channel=1; {Exe
>> cutionSyncBody: }]
>> 2013-10-29 15:32:36 [Network] trace RECV
>> [[10.26.38.125:20730-broker.fqdn:5671]]: Frame[BEbe; channel=1; {Ses
>> sionCompletedBody: commands={ [0,5] }; }]
>> 2013-10-29 15:32:36 [Network] trace SENT
>> [[10.26.38.125:20730-broker.fqdn:5671]]: Frame[BEbe; channel=1; {Que
>> ueDeclareBody: queue=qpid-perftest_sub_ready; alternate-exchange=;
>> arguments={}; }]
>> 2013-10-29 15:32:36 [Network] trace SENT
>> [[10.26.38.125:20730-broker.fqdn:5671]]: Frame[BEbe; channel=1; {Que
>> uePurgeBody: queue=qpid-perftest_sub_ready; }]
>> 2013-10-29 15:32:36 [Network] trace SENT
>> [[10.26.38.125:20730-broker.fqdn:5671]]: Frame[BEbe; channel=1; {Exe
>> cutionSyncBody: }]
>> 2013-10-29 15:32:36 [Network] trace RECV
>> [[10.26.38.125:20730-broker.fqdn:5671]]: Frame[BEbe; channel=1; {Ses
>> sionCompletedBody: commands={ [0,8] }; }]
>> 2013-10-29 15:32:36 [Network] trace SENT
>> [[10.26.38.125:20730-broker.fqdn:5671]]: Frame[BEbe; channel=1; {Que
>> ueDeclareBody: queue=qpid-perftest_sub_done; alternate-exchange=;
>> arguments={}; }]
>> 2013-10-29 15:32:36 [Network] trace SENT
>> [[10.26.38.125:20730-broker.fqdn:5671]]: Frame[BEbe; channel=1; {Que
>> uePurgeBody: queue=qpid-perftest_sub_done; }]
>> 2013-10-29 15:32:36 [Network] trace SENT
>> [[10.26.38.125:20730-broker.fqdn:5671]]: Frame[BEbe; channel=1; {Exe
>> cutionSyncBody: }]
>> 2013-10-29 15:32:36 [Network] trace RECV
>> [[10.26.38.125:20730-broker.fqdn:5671]]: Frame[BEbe; channel=1; {Ses
>> sionCompletedBody: commands={ [0,11] }; }]
>> 2013-10-29 15:32:36 [Network] trace SENT
>> [[10.26.38.125:20730-broker.fqdn:5671]]: Frame[BEbe; channel=1; {Que
>> ueDeclareBody: queue=qpid-perftest0; alternate-exchange=;
>> arguments={qpid.max_count:F4:int32(0),qpid.max_size:F4:int32(0)}; } ]
>> 2013-10-29 15:32:36 [Network] trace SENT
>> [[10.26.38.125:20730-broker.fqdn:5671]]: Frame[BEbe; channel=1; {Que
>> uePurgeBody: queue=qpid-perftest0; }]
>> 2013-10-29 15:32:36 [Network] trace SENT
>> [[10.26.38.125:20730-broker.fqdn:5671]]: Frame[BEbe; channel=1; {Exe
>> cutionSyncBody: }]
>> 2013-10-29 15:32:36 [Network] trace RECV
>> [[10.26.38.125:20730-broker.fqdn:5671]]: Frame[BEbe; channel=1; {Ses
>> sionCompletedBody: commands={ [0,14] }; }]
>> 2013-10-29 15:32:36 [Network] trace SENT
>> [[10.26.38.125:20730-broker.fqdn:5671]]: Frame[BEbe; channel=1; {Ses
>> sionDetachBody: name=aafa000f-2453-4ce6-9412-1add9be05c23; }]
>> 2013-10-29 15:32:36 [Network] trace RECV
>> [[10.26.38.125:20730-broker.fqdn:5671]]: Frame[BEbe; channel=1; {Ses
>> sionDetachedBody: name=aafa000f-2453-4ce6-9412-1add9be05c23; code=0;
>> }]
>> 2013-10-29 15:32:36 [Network] trace SENT
>> [[10.26.38.125:20730-broker.fqdn:5671]]: Frame[BEbe; channel=0; {Con
>> nectionCloseBody: reply-code=200; reply-text=OK; }]
>> 2013-10-29 15:32:36 [Network] trace RECV
>> [[10.26.38.125:20730-broker.fqdn:5671]]: Frame[BEbe; channel=0; {Con
>> nectionCloseOkBody: }]
>> 2013-10-29 15:32:36 [System] debug Exception constructed: Closed by
>> client
>>
>> ERROR: ACCESS VIOLATION
>>
>> D:\Projects\QPid\trunk\qpid\build\src\tests\Debug>
>>
>> Thanks,
>> Albert.
>>
>> -----Original Message-----
>> From: Gordon Sim [mailto:gsim@redhat.com]
>> Sent: Tuesday, October 29, 2013 1:57 AM
>> To: users@qpid.apache.org
>> Subject: Re: SSL support in org.apache.qpid.messaging .NET API
>>
>> On 10/29/2013 12:18 AM, Albert Pomortsev wrote:
>> > Hello qpid developers and users.
>> >
>> > I'm finding it impossible to use SSL from .NET messaging API. I
>> > built qpid/proton from trunk sources on Windows. I can successfully
>> > run the broker and, for example, run the csharp.example.helloworld
>> > .NET sample using both amqp 0-10 and 1.0 protocols. But configuring
>> > the client connection for SSL fails. By SSL I mean only server
>> > authentication and encryption, not client authentication. I was
>> > planning to use PLAIN SASL authentication with SSL.
>> >
>> > The C++ broker handbook states (p.42):
>> >
>> > 3. To open an SSL enabled connection in the Qpid Messaging API, set
>> > the protocol connection option to ssl.
>> >
>> > This does not work. I'm receiving the exception "Unsupported protocol:
>> > ssl". Additionally, this option clashes with the option "protocol:amqp1.0"
>> > making using them together apparently impossible.
>> > I tried "transport:ssl". With amqp 0-10 (no "protocol" option) I'm
>> > getting "Failed to connect (reconnect disabled)" exception. With
>> > amqp1.0
>> > ("protocol:amqp1.0") I'm getting "No such transport: ssl" exception.
>>
>> The 'transport' option is what is needed. The protocol option refers
>> to AMQP
>> 1.0 v AMQP 0-10 as you state.
>>
>> > Can someone please explain:
>> >
>> >
>> > - Is SSL even supported in .NET messaging API?
>>
>> It should be for 0-10, but unfortunately it is not yet for 1.0 on windows.
>>
>> > - If yes, what is the correct way to enable it?
>>
>> There is a text document in the root of the cpp source tree:
>> https://svn.apache.org/repos/asf/qpid/trunk/qpid/cpp/SSL, which in
>> the second half describes how to get windows working from c++ and I
>> believe the same configuration options will work for .NET (using 0-10).
>>
>> Did you already specify these? If so, were there any errors on the
>> broker side when connecting over 0-10 and ssl? The error you got
>> there is a fairly generic one. Turning up the log level on the client may also help.
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@qpid.apache.org For
>> additional commands, e-mail: users-help@qpid.apache.org
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@qpid.apache.org For
>> additional commands, e-mail: users-help@qpid.apache.org
>>
>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@qpid.apache.org For
> additional commands, e-mail: users-help@qpid.apache.org
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@qpid.apache.org For
> additional commands, e-mail: users-help@qpid.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@qpid.apache.org For additional commands, e-mail: users-help@qpid.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@qpid.apache.org
For additional commands, e-mail: users-help@qpid.apache.org
Re: SSL support in org.apache.qpid.messaging .NET API
Posted by Cliff Jansen <cl...@gmail.com>.
Albert,
Please try the recent fix to the JIRA (r1539474). This should get you
going for the 0-10 protocol.
Cliff
On Wed, Nov 6, 2013 at 10:20 AM, Albert Pomortsev <ap...@opentext.com> wrote:
> Chuck,
>
> I created https://issues.apache.org/jira/browse/QPID-5302
>
> Thanks,
> Albert.
>
> -----Original Message-----
> From: Chuck Rolke [mailto:crolke@redhat.com]
> Sent: Wednesday, October 30, 2013 6:57 AM
> To: users@qpid.apache.org
> Subject: Re: SSL support in org.apache.qpid.messaging .NET API
>
> Hi Albert,
>
> Could you submit a jira for this issue? http://qpid.apache.org/issues.html
>
> Thanks,
> Chuck
>
> ----- Original Message -----
>> From: "Albert Pomortsev" <ap...@opentext.com>
>> To: users@qpid.apache.org
>> Sent: Tuesday, October 29, 2013 6:48:19 PM
>> Subject: RE: SSL support in org.apache.qpid.messaging .NET API
>>
>> Hi Gordon,
>>
>> Yes, I configured the certificate and all relevant options on the broker.
>> I've finally managed to make the .NET helloworld example work, to a
>> degree
>> though: it connects, sends and receives the message, but crashes on
>> exit with access violation in Connection destructor in
>> qpid\cpp\bindings\qpid\dotnet\src\Connection.cpp:
>>
>> // Finalizer
>> Connection::!Connection()
>> {
>> if (NULL != nativeObjPtr)
>> {
>> msclr::lock lk(privateLock);
>>
>> if (NULL != nativeObjPtr)
>> {
>> delete nativeObjPtr; // <= exception here, line 191
>> nativeObjPtr = NULL;
>> }
>> }
>> }
>>
>> Attempted to read or write protected memory. This is often an
>> indication that other memory is corrupt.
>>
>> at qpid.messaging.Connection.{dtor}(Connection* )
>> at qpid.messaging.Connection.__delDtor(Connection* , UInt32 A_0)
>> at Org.Apache.Qpid.Messaging.Connection.!Connection()
>> at Org.Apache.Qpid.Messaging.Connection.Dispose(Boolean A_0)
>> at Org.Apache.Qpid.Messaging.Connection.Finalize()
>>
>> Looks like deletion of an already disposed object to me.
>>
>> When I try running qpid-perftest as described in documentation I'm
>> also getting access violation. From the trace it looks like some
>> communication is going on between the tool and the broker but in the
>> end it crashes without reporting anything:
>>
>> D:\Projects\QPid\trunk\qpid\build\src\tests\Debug>qpid-perftest
>> --count 10000 -P ssl --port 5671 --broker broker.fqdn -t
>> 2013-10-29 15:32:35 [Client] debug Created IO thread: 0
>> 2013-10-29 15:32:35 [Network] debug TCPConnector created for 0-10
>> 2013-10-29 15:32:35 [Client] info Set TCP_NODELAY
>> 2013-10-29 15:32:35 [Security] debug SslConnector created for \x00-
>>
>> 2013-10-29 15:32:35 [Network] debug RECV
>> [[10.26.38.125:20730-broker.fqdn:5671]]: INIT(0-10)
>> 2013-10-29 15:32:35 [Network] trace RECV
>> [[10.26.38.125:20730-broker.fqdn:5671]]: Frame[BEbe; channel=0; {Con
>> nectionStartBody:
>> server-properties={qpid.federation_tag:V2:36:str16(df1f3306-21fa-4282-
>> a9b8-fc3979f62709)};
>> mechanisms=str16
>> {V2:9:str16(ANONYMOUS), V2:5:str16(PLAIN)};
>> locales=str16{V2:5:str16(en_US)}; }]
>> 2013-10-29 15:32:35 [Security] debug WindowsSasl::start(ANONYMOUS
>> PLAIN)
>> 2013-10-29 15:32:35 [Network] trace SENT
>> [[10.26.38.125:20730-broker.fqdn:5671]]: Frame[BEbe; channel=0; {Con
>> nectionStartOkBody:
>> client-properties={qpid.client_pid:F4:int32(7536),qpid.client_ppid:F4:
>> int32(0),qpid.client_process:V2:0:s
>> tr16(),qpid.session_flow:F4:int32(1)}; mechanism=PLAIN;
>> response=xxxxxx; locale=en_US; }]
>> 2013-10-29 15:32:35 [Network] trace RECV
>> [[10.26.38.125:20730-broker.fqdn:5671]]: Frame[BEbe; channel=0; {Con
>> nectionTuneBody: channel-max=32767; max-frame-size=65535;
>> heartbeat-min=0; heartbeat-max=0; }]
>> 2013-10-29 15:32:35 [Network] trace SENT
>> [[10.26.38.125:20730-broker.fqdn:5671]]: Frame[BEbe; channel=0; {Con
>> nectionTuneOkBody: channel-max=32767; max-frame-size=65535;
>> heartbeat=0; }]
>> 2013-10-29 15:32:35 [Network] trace SENT
>> [[10.26.38.125:20730-broker.fqdn:5671]]: Frame[BEbe; channel=0; {Con
>> nectionOpenBody: virtual-host=; capabilities=void{}; insist=1; }]
>> 2013-10-29 15:32:35 [Network] trace RECV
>> [[10.26.38.125:20730-broker.fqdn:5671]]: Frame[BEbe; channel=0; {Con
>> nectionOpenOkBody: known-hosts=str16{}; }]
>> 2013-10-29 15:32:35 [Client] debug Known-brokers for connection:
>> 2013-10-29 15:32:35 [Client] info Connection
>> [10.26.38.125:20730-broker.fqdn:5671] connected to ssl:alado-alb
>> ertp2.opentext.net:5671
>> 2013-10-29 15:32:35 [Client] debug Connection
>> [10.26.38.125:20730-broker.fqdn:5671] no security layer in plac e
>> 2013-10-29 15:32:35 [Broker] debug SessionState::SessionState .:
>> 00A18D50
>> 2013-10-29 15:32:35 [Network] trace SENT
>> [[10.26.38.125:20730-broker.fqdn:5671]]: Frame[BEbe; channel=1; {Ses
>> sionAttachBody: name=aafa000f-2453-4ce6-9412-1add9be05c23; }]
>> 2013-10-29 15:32:35 [Network] trace RECV
>> [[10.26.38.125:20730-broker.fqdn:5671]]: Frame[BEbe; channel=1; {Ses
>> sionAttachedBody: name=aafa000f-2453-4ce6-9412-1add9be05c23; }]
>> 2013-10-29 15:32:35 [Network] trace RECV
>> [[10.26.38.125:20730-broker.fqdn:5671]]: Frame[BEbe; channel=1; {Ses
>> sionCommandPointBody: command-id=0; command-offset=0; }]
>> 2013-10-29 15:32:35 [Network] trace SENT
>> [[10.26.38.125:20730-broker.fqdn:5671]]: Frame[BEbe; channel=1; {Ses
>> sionRequestTimeoutBody: timeout=0; }]
>> 2013-10-29 15:32:35 [Network] trace SENT
>> [[10.26.38.125:20730-broker.fqdn:5671]]: Frame[BEbe; channel=1; {Ses
>> sionCommandPointBody: command-id=0; command-offset=0; }]
>> 2013-10-29 15:32:35 [Network] trace SENT
>> [[10.26.38.125:20730-broker.fqdn:5671]]: Frame[BEbe; channel=1; {Que
>> ueDeclareBody: queue=qpid-perftest_pub_start; alternate-exchange=;
>> arguments={}; }]
>> 2013-10-29 15:32:35 [Network] trace SENT
>> [[10.26.38.125:20730-broker.fqdn:5671]]: Frame[BEbe; channel=1; {Que
>> uePurgeBody: queue=qpid-perftest_pub_start; }]
>> 2013-10-29 15:32:35 [Network] trace SENT
>> [[10.26.38.125:20730-broker.fqdn:5671]]: Frame[BEbe; channel=1; {Exe
>> cutionSyncBody: }]
>> 2013-10-29 15:32:35 [Network] trace RECV
>> [[10.26.38.125:20730-broker.fqdn:5671]]: Frame[BEbe; channel=1; {Ses
>> sionTimeoutBody: timeout=0; }]
>> 2013-10-29 15:32:35 [Network] trace RECV
>> [[10.26.38.125:20730-broker.fqdn:5671]]: Frame[BEbe; channel=1; {Ses
>> sionCompletedBody: commands={ [0,2] }; }]
>> 2013-10-29 15:32:35 [Network] trace SENT
>> [[10.26.38.125:20730-broker.fqdn:5671]]: Frame[BEbe; channel=1; {Que
>> ueDeclareBody: queue=qpid-perftest_pub_done; alternate-exchange=;
>> arguments={}; }]
>> 2013-10-29 15:32:35 [Network] trace SENT
>> [[10.26.38.125:20730-broker.fqdn:5671]]: Frame[BEbe; channel=1; {Que
>> uePurgeBody: queue=qpid-perftest_pub_done; }]
>> 2013-10-29 15:32:36 [Network] trace SENT
>> [[10.26.38.125:20730-broker.fqdn:5671]]: Frame[BEbe; channel=1; {Exe
>> cutionSyncBody: }]
>> 2013-10-29 15:32:36 [Network] trace RECV
>> [[10.26.38.125:20730-broker.fqdn:5671]]: Frame[BEbe; channel=1; {Ses
>> sionCompletedBody: commands={ [0,5] }; }]
>> 2013-10-29 15:32:36 [Network] trace SENT
>> [[10.26.38.125:20730-broker.fqdn:5671]]: Frame[BEbe; channel=1; {Que
>> ueDeclareBody: queue=qpid-perftest_sub_ready; alternate-exchange=;
>> arguments={}; }]
>> 2013-10-29 15:32:36 [Network] trace SENT
>> [[10.26.38.125:20730-broker.fqdn:5671]]: Frame[BEbe; channel=1; {Que
>> uePurgeBody: queue=qpid-perftest_sub_ready; }]
>> 2013-10-29 15:32:36 [Network] trace SENT
>> [[10.26.38.125:20730-broker.fqdn:5671]]: Frame[BEbe; channel=1; {Exe
>> cutionSyncBody: }]
>> 2013-10-29 15:32:36 [Network] trace RECV
>> [[10.26.38.125:20730-broker.fqdn:5671]]: Frame[BEbe; channel=1; {Ses
>> sionCompletedBody: commands={ [0,8] }; }]
>> 2013-10-29 15:32:36 [Network] trace SENT
>> [[10.26.38.125:20730-broker.fqdn:5671]]: Frame[BEbe; channel=1; {Que
>> ueDeclareBody: queue=qpid-perftest_sub_done; alternate-exchange=;
>> arguments={}; }]
>> 2013-10-29 15:32:36 [Network] trace SENT
>> [[10.26.38.125:20730-broker.fqdn:5671]]: Frame[BEbe; channel=1; {Que
>> uePurgeBody: queue=qpid-perftest_sub_done; }]
>> 2013-10-29 15:32:36 [Network] trace SENT
>> [[10.26.38.125:20730-broker.fqdn:5671]]: Frame[BEbe; channel=1; {Exe
>> cutionSyncBody: }]
>> 2013-10-29 15:32:36 [Network] trace RECV
>> [[10.26.38.125:20730-broker.fqdn:5671]]: Frame[BEbe; channel=1; {Ses
>> sionCompletedBody: commands={ [0,11] }; }]
>> 2013-10-29 15:32:36 [Network] trace SENT
>> [[10.26.38.125:20730-broker.fqdn:5671]]: Frame[BEbe; channel=1; {Que
>> ueDeclareBody: queue=qpid-perftest0; alternate-exchange=;
>> arguments={qpid.max_count:F4:int32(0),qpid.max_size:F4:int32(0)}; } ]
>> 2013-10-29 15:32:36 [Network] trace SENT
>> [[10.26.38.125:20730-broker.fqdn:5671]]: Frame[BEbe; channel=1; {Que
>> uePurgeBody: queue=qpid-perftest0; }]
>> 2013-10-29 15:32:36 [Network] trace SENT
>> [[10.26.38.125:20730-broker.fqdn:5671]]: Frame[BEbe; channel=1; {Exe
>> cutionSyncBody: }]
>> 2013-10-29 15:32:36 [Network] trace RECV
>> [[10.26.38.125:20730-broker.fqdn:5671]]: Frame[BEbe; channel=1; {Ses
>> sionCompletedBody: commands={ [0,14] }; }]
>> 2013-10-29 15:32:36 [Network] trace SENT
>> [[10.26.38.125:20730-broker.fqdn:5671]]: Frame[BEbe; channel=1; {Ses
>> sionDetachBody: name=aafa000f-2453-4ce6-9412-1add9be05c23; }]
>> 2013-10-29 15:32:36 [Network] trace RECV
>> [[10.26.38.125:20730-broker.fqdn:5671]]: Frame[BEbe; channel=1; {Ses
>> sionDetachedBody: name=aafa000f-2453-4ce6-9412-1add9be05c23; code=0;
>> }]
>> 2013-10-29 15:32:36 [Network] trace SENT
>> [[10.26.38.125:20730-broker.fqdn:5671]]: Frame[BEbe; channel=0; {Con
>> nectionCloseBody: reply-code=200; reply-text=OK; }]
>> 2013-10-29 15:32:36 [Network] trace RECV
>> [[10.26.38.125:20730-broker.fqdn:5671]]: Frame[BEbe; channel=0; {Con
>> nectionCloseOkBody: }]
>> 2013-10-29 15:32:36 [System] debug Exception constructed: Closed by
>> client
>>
>> ERROR: ACCESS VIOLATION
>>
>> D:\Projects\QPid\trunk\qpid\build\src\tests\Debug>
>>
>> Thanks,
>> Albert.
>>
>> -----Original Message-----
>> From: Gordon Sim [mailto:gsim@redhat.com]
>> Sent: Tuesday, October 29, 2013 1:57 AM
>> To: users@qpid.apache.org
>> Subject: Re: SSL support in org.apache.qpid.messaging .NET API
>>
>> On 10/29/2013 12:18 AM, Albert Pomortsev wrote:
>> > Hello qpid developers and users.
>> >
>> > I'm finding it impossible to use SSL from .NET messaging API. I
>> > built qpid/proton from trunk sources on Windows. I can successfully
>> > run the broker and, for example, run the csharp.example.helloworld
>> > .NET sample using both amqp 0-10 and 1.0 protocols. But configuring
>> > the client connection for SSL fails. By SSL I mean only server
>> > authentication and encryption, not client authentication. I was
>> > planning to use PLAIN SASL authentication with SSL.
>> >
>> > The C++ broker handbook states (p.42):
>> >
>> > 3. To open an SSL enabled connection in the Qpid Messaging API, set
>> > the protocol connection option to ssl.
>> >
>> > This does not work. I'm receiving the exception "Unsupported protocol:
>> > ssl". Additionally, this option clashes with the option "protocol:amqp1.0"
>> > making using them together apparently impossible.
>> > I tried "transport:ssl". With amqp 0-10 (no "protocol" option) I'm
>> > getting "Failed to connect (reconnect disabled)" exception. With
>> > amqp1.0
>> > ("protocol:amqp1.0") I'm getting "No such transport: ssl" exception.
>>
>> The 'transport' option is what is needed. The protocol option refers
>> to AMQP
>> 1.0 v AMQP 0-10 as you state.
>>
>> > Can someone please explain:
>> >
>> >
>> > - Is SSL even supported in .NET messaging API?
>>
>> It should be for 0-10, but unfortunately it is not yet for 1.0 on windows.
>>
>> > - If yes, what is the correct way to enable it?
>>
>> There is a text document in the root of the cpp source tree:
>> https://svn.apache.org/repos/asf/qpid/trunk/qpid/cpp/SSL, which in the
>> second half describes how to get windows working from c++ and I
>> believe the same configuration options will work for .NET (using 0-10).
>>
>> Did you already specify these? If so, were there any errors on the
>> broker side when connecting over 0-10 and ssl? The error you got there
>> is a fairly generic one. Turning up the log level on the client may also help.
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@qpid.apache.org For
>> additional commands, e-mail: users-help@qpid.apache.org
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@qpid.apache.org For
>> additional commands, e-mail: users-help@qpid.apache.org
>>
>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@qpid.apache.org For additional commands, e-mail: users-help@qpid.apache.org
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@qpid.apache.org
> For additional commands, e-mail: users-help@qpid.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@qpid.apache.org
For additional commands, e-mail: users-help@qpid.apache.org
RE: SSL support in org.apache.qpid.messaging .NET API
Posted by Albert Pomortsev <ap...@opentext.com>.
Chuck,
I created https://issues.apache.org/jira/browse/QPID-5302
Thanks,
Albert.
-----Original Message-----
From: Chuck Rolke [mailto:crolke@redhat.com]
Sent: Wednesday, October 30, 2013 6:57 AM
To: users@qpid.apache.org
Subject: Re: SSL support in org.apache.qpid.messaging .NET API
Hi Albert,
Could you submit a jira for this issue? http://qpid.apache.org/issues.html
Thanks,
Chuck
----- Original Message -----
> From: "Albert Pomortsev" <ap...@opentext.com>
> To: users@qpid.apache.org
> Sent: Tuesday, October 29, 2013 6:48:19 PM
> Subject: RE: SSL support in org.apache.qpid.messaging .NET API
>
> Hi Gordon,
>
> Yes, I configured the certificate and all relevant options on the broker.
> I've finally managed to make the .NET helloworld example work, to a
> degree
> though: it connects, sends and receives the message, but crashes on
> exit with access violation in Connection destructor in
> qpid\cpp\bindings\qpid\dotnet\src\Connection.cpp:
>
> // Finalizer
> Connection::!Connection()
> {
> if (NULL != nativeObjPtr)
> {
> msclr::lock lk(privateLock);
>
> if (NULL != nativeObjPtr)
> {
> delete nativeObjPtr; // <= exception here, line 191
> nativeObjPtr = NULL;
> }
> }
> }
>
> Attempted to read or write protected memory. This is often an
> indication that other memory is corrupt.
>
> at qpid.messaging.Connection.{dtor}(Connection* )
> at qpid.messaging.Connection.__delDtor(Connection* , UInt32 A_0)
> at Org.Apache.Qpid.Messaging.Connection.!Connection()
> at Org.Apache.Qpid.Messaging.Connection.Dispose(Boolean A_0)
> at Org.Apache.Qpid.Messaging.Connection.Finalize()
>
> Looks like deletion of an already disposed object to me.
>
> When I try running qpid-perftest as described in documentation I'm
> also getting access violation. From the trace it looks like some
> communication is going on between the tool and the broker but in the
> end it crashes without reporting anything:
>
> D:\Projects\QPid\trunk\qpid\build\src\tests\Debug>qpid-perftest
> --count 10000 -P ssl --port 5671 --broker broker.fqdn -t
> 2013-10-29 15:32:35 [Client] debug Created IO thread: 0
> 2013-10-29 15:32:35 [Network] debug TCPConnector created for 0-10
> 2013-10-29 15:32:35 [Client] info Set TCP_NODELAY
> 2013-10-29 15:32:35 [Security] debug SslConnector created for \x00-
>
> 2013-10-29 15:32:35 [Network] debug RECV
> [[10.26.38.125:20730-broker.fqdn:5671]]: INIT(0-10)
> 2013-10-29 15:32:35 [Network] trace RECV
> [[10.26.38.125:20730-broker.fqdn:5671]]: Frame[BEbe; channel=0; {Con
> nectionStartBody:
> server-properties={qpid.federation_tag:V2:36:str16(df1f3306-21fa-4282-
> a9b8-fc3979f62709)};
> mechanisms=str16
> {V2:9:str16(ANONYMOUS), V2:5:str16(PLAIN)};
> locales=str16{V2:5:str16(en_US)}; }]
> 2013-10-29 15:32:35 [Security] debug WindowsSasl::start(ANONYMOUS
> PLAIN)
> 2013-10-29 15:32:35 [Network] trace SENT
> [[10.26.38.125:20730-broker.fqdn:5671]]: Frame[BEbe; channel=0; {Con
> nectionStartOkBody:
> client-properties={qpid.client_pid:F4:int32(7536),qpid.client_ppid:F4:
> int32(0),qpid.client_process:V2:0:s
> tr16(),qpid.session_flow:F4:int32(1)}; mechanism=PLAIN;
> response=xxxxxx; locale=en_US; }]
> 2013-10-29 15:32:35 [Network] trace RECV
> [[10.26.38.125:20730-broker.fqdn:5671]]: Frame[BEbe; channel=0; {Con
> nectionTuneBody: channel-max=32767; max-frame-size=65535;
> heartbeat-min=0; heartbeat-max=0; }]
> 2013-10-29 15:32:35 [Network] trace SENT
> [[10.26.38.125:20730-broker.fqdn:5671]]: Frame[BEbe; channel=0; {Con
> nectionTuneOkBody: channel-max=32767; max-frame-size=65535;
> heartbeat=0; }]
> 2013-10-29 15:32:35 [Network] trace SENT
> [[10.26.38.125:20730-broker.fqdn:5671]]: Frame[BEbe; channel=0; {Con
> nectionOpenBody: virtual-host=; capabilities=void{}; insist=1; }]
> 2013-10-29 15:32:35 [Network] trace RECV
> [[10.26.38.125:20730-broker.fqdn:5671]]: Frame[BEbe; channel=0; {Con
> nectionOpenOkBody: known-hosts=str16{}; }]
> 2013-10-29 15:32:35 [Client] debug Known-brokers for connection:
> 2013-10-29 15:32:35 [Client] info Connection
> [10.26.38.125:20730-broker.fqdn:5671] connected to ssl:alado-alb
> ertp2.opentext.net:5671
> 2013-10-29 15:32:35 [Client] debug Connection
> [10.26.38.125:20730-broker.fqdn:5671] no security layer in plac e
> 2013-10-29 15:32:35 [Broker] debug SessionState::SessionState .:
> 00A18D50
> 2013-10-29 15:32:35 [Network] trace SENT
> [[10.26.38.125:20730-broker.fqdn:5671]]: Frame[BEbe; channel=1; {Ses
> sionAttachBody: name=aafa000f-2453-4ce6-9412-1add9be05c23; }]
> 2013-10-29 15:32:35 [Network] trace RECV
> [[10.26.38.125:20730-broker.fqdn:5671]]: Frame[BEbe; channel=1; {Ses
> sionAttachedBody: name=aafa000f-2453-4ce6-9412-1add9be05c23; }]
> 2013-10-29 15:32:35 [Network] trace RECV
> [[10.26.38.125:20730-broker.fqdn:5671]]: Frame[BEbe; channel=1; {Ses
> sionCommandPointBody: command-id=0; command-offset=0; }]
> 2013-10-29 15:32:35 [Network] trace SENT
> [[10.26.38.125:20730-broker.fqdn:5671]]: Frame[BEbe; channel=1; {Ses
> sionRequestTimeoutBody: timeout=0; }]
> 2013-10-29 15:32:35 [Network] trace SENT
> [[10.26.38.125:20730-broker.fqdn:5671]]: Frame[BEbe; channel=1; {Ses
> sionCommandPointBody: command-id=0; command-offset=0; }]
> 2013-10-29 15:32:35 [Network] trace SENT
> [[10.26.38.125:20730-broker.fqdn:5671]]: Frame[BEbe; channel=1; {Que
> ueDeclareBody: queue=qpid-perftest_pub_start; alternate-exchange=;
> arguments={}; }]
> 2013-10-29 15:32:35 [Network] trace SENT
> [[10.26.38.125:20730-broker.fqdn:5671]]: Frame[BEbe; channel=1; {Que
> uePurgeBody: queue=qpid-perftest_pub_start; }]
> 2013-10-29 15:32:35 [Network] trace SENT
> [[10.26.38.125:20730-broker.fqdn:5671]]: Frame[BEbe; channel=1; {Exe
> cutionSyncBody: }]
> 2013-10-29 15:32:35 [Network] trace RECV
> [[10.26.38.125:20730-broker.fqdn:5671]]: Frame[BEbe; channel=1; {Ses
> sionTimeoutBody: timeout=0; }]
> 2013-10-29 15:32:35 [Network] trace RECV
> [[10.26.38.125:20730-broker.fqdn:5671]]: Frame[BEbe; channel=1; {Ses
> sionCompletedBody: commands={ [0,2] }; }]
> 2013-10-29 15:32:35 [Network] trace SENT
> [[10.26.38.125:20730-broker.fqdn:5671]]: Frame[BEbe; channel=1; {Que
> ueDeclareBody: queue=qpid-perftest_pub_done; alternate-exchange=;
> arguments={}; }]
> 2013-10-29 15:32:35 [Network] trace SENT
> [[10.26.38.125:20730-broker.fqdn:5671]]: Frame[BEbe; channel=1; {Que
> uePurgeBody: queue=qpid-perftest_pub_done; }]
> 2013-10-29 15:32:36 [Network] trace SENT
> [[10.26.38.125:20730-broker.fqdn:5671]]: Frame[BEbe; channel=1; {Exe
> cutionSyncBody: }]
> 2013-10-29 15:32:36 [Network] trace RECV
> [[10.26.38.125:20730-broker.fqdn:5671]]: Frame[BEbe; channel=1; {Ses
> sionCompletedBody: commands={ [0,5] }; }]
> 2013-10-29 15:32:36 [Network] trace SENT
> [[10.26.38.125:20730-broker.fqdn:5671]]: Frame[BEbe; channel=1; {Que
> ueDeclareBody: queue=qpid-perftest_sub_ready; alternate-exchange=;
> arguments={}; }]
> 2013-10-29 15:32:36 [Network] trace SENT
> [[10.26.38.125:20730-broker.fqdn:5671]]: Frame[BEbe; channel=1; {Que
> uePurgeBody: queue=qpid-perftest_sub_ready; }]
> 2013-10-29 15:32:36 [Network] trace SENT
> [[10.26.38.125:20730-broker.fqdn:5671]]: Frame[BEbe; channel=1; {Exe
> cutionSyncBody: }]
> 2013-10-29 15:32:36 [Network] trace RECV
> [[10.26.38.125:20730-broker.fqdn:5671]]: Frame[BEbe; channel=1; {Ses
> sionCompletedBody: commands={ [0,8] }; }]
> 2013-10-29 15:32:36 [Network] trace SENT
> [[10.26.38.125:20730-broker.fqdn:5671]]: Frame[BEbe; channel=1; {Que
> ueDeclareBody: queue=qpid-perftest_sub_done; alternate-exchange=;
> arguments={}; }]
> 2013-10-29 15:32:36 [Network] trace SENT
> [[10.26.38.125:20730-broker.fqdn:5671]]: Frame[BEbe; channel=1; {Que
> uePurgeBody: queue=qpid-perftest_sub_done; }]
> 2013-10-29 15:32:36 [Network] trace SENT
> [[10.26.38.125:20730-broker.fqdn:5671]]: Frame[BEbe; channel=1; {Exe
> cutionSyncBody: }]
> 2013-10-29 15:32:36 [Network] trace RECV
> [[10.26.38.125:20730-broker.fqdn:5671]]: Frame[BEbe; channel=1; {Ses
> sionCompletedBody: commands={ [0,11] }; }]
> 2013-10-29 15:32:36 [Network] trace SENT
> [[10.26.38.125:20730-broker.fqdn:5671]]: Frame[BEbe; channel=1; {Que
> ueDeclareBody: queue=qpid-perftest0; alternate-exchange=;
> arguments={qpid.max_count:F4:int32(0),qpid.max_size:F4:int32(0)}; } ]
> 2013-10-29 15:32:36 [Network] trace SENT
> [[10.26.38.125:20730-broker.fqdn:5671]]: Frame[BEbe; channel=1; {Que
> uePurgeBody: queue=qpid-perftest0; }]
> 2013-10-29 15:32:36 [Network] trace SENT
> [[10.26.38.125:20730-broker.fqdn:5671]]: Frame[BEbe; channel=1; {Exe
> cutionSyncBody: }]
> 2013-10-29 15:32:36 [Network] trace RECV
> [[10.26.38.125:20730-broker.fqdn:5671]]: Frame[BEbe; channel=1; {Ses
> sionCompletedBody: commands={ [0,14] }; }]
> 2013-10-29 15:32:36 [Network] trace SENT
> [[10.26.38.125:20730-broker.fqdn:5671]]: Frame[BEbe; channel=1; {Ses
> sionDetachBody: name=aafa000f-2453-4ce6-9412-1add9be05c23; }]
> 2013-10-29 15:32:36 [Network] trace RECV
> [[10.26.38.125:20730-broker.fqdn:5671]]: Frame[BEbe; channel=1; {Ses
> sionDetachedBody: name=aafa000f-2453-4ce6-9412-1add9be05c23; code=0;
> }]
> 2013-10-29 15:32:36 [Network] trace SENT
> [[10.26.38.125:20730-broker.fqdn:5671]]: Frame[BEbe; channel=0; {Con
> nectionCloseBody: reply-code=200; reply-text=OK; }]
> 2013-10-29 15:32:36 [Network] trace RECV
> [[10.26.38.125:20730-broker.fqdn:5671]]: Frame[BEbe; channel=0; {Con
> nectionCloseOkBody: }]
> 2013-10-29 15:32:36 [System] debug Exception constructed: Closed by
> client
>
> ERROR: ACCESS VIOLATION
>
> D:\Projects\QPid\trunk\qpid\build\src\tests\Debug>
>
> Thanks,
> Albert.
>
> -----Original Message-----
> From: Gordon Sim [mailto:gsim@redhat.com]
> Sent: Tuesday, October 29, 2013 1:57 AM
> To: users@qpid.apache.org
> Subject: Re: SSL support in org.apache.qpid.messaging .NET API
>
> On 10/29/2013 12:18 AM, Albert Pomortsev wrote:
> > Hello qpid developers and users.
> >
> > I'm finding it impossible to use SSL from .NET messaging API. I
> > built qpid/proton from trunk sources on Windows. I can successfully
> > run the broker and, for example, run the csharp.example.helloworld
> > .NET sample using both amqp 0-10 and 1.0 protocols. But configuring
> > the client connection for SSL fails. By SSL I mean only server
> > authentication and encryption, not client authentication. I was
> > planning to use PLAIN SASL authentication with SSL.
> >
> > The C++ broker handbook states (p.42):
> >
> > 3. To open an SSL enabled connection in the Qpid Messaging API, set
> > the protocol connection option to ssl.
> >
> > This does not work. I'm receiving the exception "Unsupported protocol:
> > ssl". Additionally, this option clashes with the option "protocol:amqp1.0"
> > making using them together apparently impossible.
> > I tried "transport:ssl". With amqp 0-10 (no "protocol" option) I'm
> > getting "Failed to connect (reconnect disabled)" exception. With
> > amqp1.0
> > ("protocol:amqp1.0") I'm getting "No such transport: ssl" exception.
>
> The 'transport' option is what is needed. The protocol option refers
> to AMQP
> 1.0 v AMQP 0-10 as you state.
>
> > Can someone please explain:
> >
> >
> > - Is SSL even supported in .NET messaging API?
>
> It should be for 0-10, but unfortunately it is not yet for 1.0 on windows.
>
> > - If yes, what is the correct way to enable it?
>
> There is a text document in the root of the cpp source tree:
> https://svn.apache.org/repos/asf/qpid/trunk/qpid/cpp/SSL, which in the
> second half describes how to get windows working from c++ and I
> believe the same configuration options will work for .NET (using 0-10).
>
> Did you already specify these? If so, were there any errors on the
> broker side when connecting over 0-10 and ssl? The error you got there
> is a fairly generic one. Turning up the log level on the client may also help.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@qpid.apache.org For
> additional commands, e-mail: users-help@qpid.apache.org
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@qpid.apache.org For
> additional commands, e-mail: users-help@qpid.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@qpid.apache.org For additional commands, e-mail: users-help@qpid.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@qpid.apache.org
For additional commands, e-mail: users-help@qpid.apache.org
Re: SSL support in org.apache.qpid.messaging .NET API
Posted by Chuck Rolke <cr...@redhat.com>.
Hi Albert,
Could you submit a jira for this issue? http://qpid.apache.org/issues.html
Thanks,
Chuck
----- Original Message -----
> From: "Albert Pomortsev" <ap...@opentext.com>
> To: users@qpid.apache.org
> Sent: Tuesday, October 29, 2013 6:48:19 PM
> Subject: RE: SSL support in org.apache.qpid.messaging .NET API
>
> Hi Gordon,
>
> Yes, I configured the certificate and all relevant options on the broker.
> I've finally managed to make the .NET helloworld example work, to a degree
> though: it connects, sends and receives the message, but crashes on exit
> with access violation in Connection destructor in
> qpid\cpp\bindings\qpid\dotnet\src\Connection.cpp:
>
> // Finalizer
> Connection::!Connection()
> {
> if (NULL != nativeObjPtr)
> {
> msclr::lock lk(privateLock);
>
> if (NULL != nativeObjPtr)
> {
> delete nativeObjPtr; // <= exception here, line 191
> nativeObjPtr = NULL;
> }
> }
> }
>
> Attempted to read or write protected memory. This is often an indication that
> other memory is corrupt.
>
> at qpid.messaging.Connection.{dtor}(Connection* )
> at qpid.messaging.Connection.__delDtor(Connection* , UInt32 A_0)
> at Org.Apache.Qpid.Messaging.Connection.!Connection()
> at Org.Apache.Qpid.Messaging.Connection.Dispose(Boolean A_0)
> at Org.Apache.Qpid.Messaging.Connection.Finalize()
>
> Looks like deletion of an already disposed object to me.
>
> When I try running qpid-perftest as described in documentation I'm also
> getting access violation. From the trace it looks like some communication is
> going on between the tool and the broker but in the end it crashes without
> reporting anything:
>
> D:\Projects\QPid\trunk\qpid\build\src\tests\Debug>qpid-perftest --count 10000
> -P ssl --port 5671 --broker broker.fqdn -t
> 2013-10-29 15:32:35 [Client] debug Created IO thread: 0
> 2013-10-29 15:32:35 [Network] debug TCPConnector created for 0-10
> 2013-10-29 15:32:35 [Client] info Set TCP_NODELAY
> 2013-10-29 15:32:35 [Security] debug SslConnector created for \x00-
>
> 2013-10-29 15:32:35 [Network] debug RECV
> [[10.26.38.125:20730-broker.fqdn:5671]]: INIT(0-10)
> 2013-10-29 15:32:35 [Network] trace RECV
> [[10.26.38.125:20730-broker.fqdn:5671]]: Frame[BEbe; channel=0; {Con
> nectionStartBody:
> server-properties={qpid.federation_tag:V2:36:str16(df1f3306-21fa-4282-a9b8-fc3979f62709)};
> mechanisms=str16
> {V2:9:str16(ANONYMOUS), V2:5:str16(PLAIN)}; locales=str16{V2:5:str16(en_US)};
> }]
> 2013-10-29 15:32:35 [Security] debug WindowsSasl::start(ANONYMOUS PLAIN)
> 2013-10-29 15:32:35 [Network] trace SENT
> [[10.26.38.125:20730-broker.fqdn:5671]]: Frame[BEbe; channel=0; {Con
> nectionStartOkBody:
> client-properties={qpid.client_pid:F4:int32(7536),qpid.client_ppid:F4:int32(0),qpid.client_process:V2:0:s
> tr16(),qpid.session_flow:F4:int32(1)}; mechanism=PLAIN; response=xxxxxx;
> locale=en_US; }]
> 2013-10-29 15:32:35 [Network] trace RECV
> [[10.26.38.125:20730-broker.fqdn:5671]]: Frame[BEbe; channel=0; {Con
> nectionTuneBody: channel-max=32767; max-frame-size=65535; heartbeat-min=0;
> heartbeat-max=0; }]
> 2013-10-29 15:32:35 [Network] trace SENT
> [[10.26.38.125:20730-broker.fqdn:5671]]: Frame[BEbe; channel=0; {Con
> nectionTuneOkBody: channel-max=32767; max-frame-size=65535; heartbeat=0; }]
> 2013-10-29 15:32:35 [Network] trace SENT
> [[10.26.38.125:20730-broker.fqdn:5671]]: Frame[BEbe; channel=0; {Con
> nectionOpenBody: virtual-host=; capabilities=void{}; insist=1; }]
> 2013-10-29 15:32:35 [Network] trace RECV
> [[10.26.38.125:20730-broker.fqdn:5671]]: Frame[BEbe; channel=0; {Con
> nectionOpenOkBody: known-hosts=str16{}; }]
> 2013-10-29 15:32:35 [Client] debug Known-brokers for connection:
> 2013-10-29 15:32:35 [Client] info Connection
> [10.26.38.125:20730-broker.fqdn:5671] connected to ssl:alado-alb
> ertp2.opentext.net:5671
> 2013-10-29 15:32:35 [Client] debug Connection
> [10.26.38.125:20730-broker.fqdn:5671] no security layer in plac
> e
> 2013-10-29 15:32:35 [Broker] debug SessionState::SessionState .: 00A18D50
> 2013-10-29 15:32:35 [Network] trace SENT
> [[10.26.38.125:20730-broker.fqdn:5671]]: Frame[BEbe; channel=1; {Ses
> sionAttachBody: name=aafa000f-2453-4ce6-9412-1add9be05c23; }]
> 2013-10-29 15:32:35 [Network] trace RECV
> [[10.26.38.125:20730-broker.fqdn:5671]]: Frame[BEbe; channel=1; {Ses
> sionAttachedBody: name=aafa000f-2453-4ce6-9412-1add9be05c23; }]
> 2013-10-29 15:32:35 [Network] trace RECV
> [[10.26.38.125:20730-broker.fqdn:5671]]: Frame[BEbe; channel=1; {Ses
> sionCommandPointBody: command-id=0; command-offset=0; }]
> 2013-10-29 15:32:35 [Network] trace SENT
> [[10.26.38.125:20730-broker.fqdn:5671]]: Frame[BEbe; channel=1; {Ses
> sionRequestTimeoutBody: timeout=0; }]
> 2013-10-29 15:32:35 [Network] trace SENT
> [[10.26.38.125:20730-broker.fqdn:5671]]: Frame[BEbe; channel=1; {Ses
> sionCommandPointBody: command-id=0; command-offset=0; }]
> 2013-10-29 15:32:35 [Network] trace SENT
> [[10.26.38.125:20730-broker.fqdn:5671]]: Frame[BEbe; channel=1; {Que
> ueDeclareBody: queue=qpid-perftest_pub_start; alternate-exchange=;
> arguments={}; }]
> 2013-10-29 15:32:35 [Network] trace SENT
> [[10.26.38.125:20730-broker.fqdn:5671]]: Frame[BEbe; channel=1; {Que
> uePurgeBody: queue=qpid-perftest_pub_start; }]
> 2013-10-29 15:32:35 [Network] trace SENT
> [[10.26.38.125:20730-broker.fqdn:5671]]: Frame[BEbe; channel=1; {Exe
> cutionSyncBody: }]
> 2013-10-29 15:32:35 [Network] trace RECV
> [[10.26.38.125:20730-broker.fqdn:5671]]: Frame[BEbe; channel=1; {Ses
> sionTimeoutBody: timeout=0; }]
> 2013-10-29 15:32:35 [Network] trace RECV
> [[10.26.38.125:20730-broker.fqdn:5671]]: Frame[BEbe; channel=1; {Ses
> sionCompletedBody: commands={ [0,2] }; }]
> 2013-10-29 15:32:35 [Network] trace SENT
> [[10.26.38.125:20730-broker.fqdn:5671]]: Frame[BEbe; channel=1; {Que
> ueDeclareBody: queue=qpid-perftest_pub_done; alternate-exchange=;
> arguments={}; }]
> 2013-10-29 15:32:35 [Network] trace SENT
> [[10.26.38.125:20730-broker.fqdn:5671]]: Frame[BEbe; channel=1; {Que
> uePurgeBody: queue=qpid-perftest_pub_done; }]
> 2013-10-29 15:32:36 [Network] trace SENT
> [[10.26.38.125:20730-broker.fqdn:5671]]: Frame[BEbe; channel=1; {Exe
> cutionSyncBody: }]
> 2013-10-29 15:32:36 [Network] trace RECV
> [[10.26.38.125:20730-broker.fqdn:5671]]: Frame[BEbe; channel=1; {Ses
> sionCompletedBody: commands={ [0,5] }; }]
> 2013-10-29 15:32:36 [Network] trace SENT
> [[10.26.38.125:20730-broker.fqdn:5671]]: Frame[BEbe; channel=1; {Que
> ueDeclareBody: queue=qpid-perftest_sub_ready; alternate-exchange=;
> arguments={}; }]
> 2013-10-29 15:32:36 [Network] trace SENT
> [[10.26.38.125:20730-broker.fqdn:5671]]: Frame[BEbe; channel=1; {Que
> uePurgeBody: queue=qpid-perftest_sub_ready; }]
> 2013-10-29 15:32:36 [Network] trace SENT
> [[10.26.38.125:20730-broker.fqdn:5671]]: Frame[BEbe; channel=1; {Exe
> cutionSyncBody: }]
> 2013-10-29 15:32:36 [Network] trace RECV
> [[10.26.38.125:20730-broker.fqdn:5671]]: Frame[BEbe; channel=1; {Ses
> sionCompletedBody: commands={ [0,8] }; }]
> 2013-10-29 15:32:36 [Network] trace SENT
> [[10.26.38.125:20730-broker.fqdn:5671]]: Frame[BEbe; channel=1; {Que
> ueDeclareBody: queue=qpid-perftest_sub_done; alternate-exchange=;
> arguments={}; }]
> 2013-10-29 15:32:36 [Network] trace SENT
> [[10.26.38.125:20730-broker.fqdn:5671]]: Frame[BEbe; channel=1; {Que
> uePurgeBody: queue=qpid-perftest_sub_done; }]
> 2013-10-29 15:32:36 [Network] trace SENT
> [[10.26.38.125:20730-broker.fqdn:5671]]: Frame[BEbe; channel=1; {Exe
> cutionSyncBody: }]
> 2013-10-29 15:32:36 [Network] trace RECV
> [[10.26.38.125:20730-broker.fqdn:5671]]: Frame[BEbe; channel=1; {Ses
> sionCompletedBody: commands={ [0,11] }; }]
> 2013-10-29 15:32:36 [Network] trace SENT
> [[10.26.38.125:20730-broker.fqdn:5671]]: Frame[BEbe; channel=1; {Que
> ueDeclareBody: queue=qpid-perftest0; alternate-exchange=;
> arguments={qpid.max_count:F4:int32(0),qpid.max_size:F4:int32(0)}; }
> ]
> 2013-10-29 15:32:36 [Network] trace SENT
> [[10.26.38.125:20730-broker.fqdn:5671]]: Frame[BEbe; channel=1; {Que
> uePurgeBody: queue=qpid-perftest0; }]
> 2013-10-29 15:32:36 [Network] trace SENT
> [[10.26.38.125:20730-broker.fqdn:5671]]: Frame[BEbe; channel=1; {Exe
> cutionSyncBody: }]
> 2013-10-29 15:32:36 [Network] trace RECV
> [[10.26.38.125:20730-broker.fqdn:5671]]: Frame[BEbe; channel=1; {Ses
> sionCompletedBody: commands={ [0,14] }; }]
> 2013-10-29 15:32:36 [Network] trace SENT
> [[10.26.38.125:20730-broker.fqdn:5671]]: Frame[BEbe; channel=1; {Ses
> sionDetachBody: name=aafa000f-2453-4ce6-9412-1add9be05c23; }]
> 2013-10-29 15:32:36 [Network] trace RECV
> [[10.26.38.125:20730-broker.fqdn:5671]]: Frame[BEbe; channel=1; {Ses
> sionDetachedBody: name=aafa000f-2453-4ce6-9412-1add9be05c23; code=0; }]
> 2013-10-29 15:32:36 [Network] trace SENT
> [[10.26.38.125:20730-broker.fqdn:5671]]: Frame[BEbe; channel=0; {Con
> nectionCloseBody: reply-code=200; reply-text=OK; }]
> 2013-10-29 15:32:36 [Network] trace RECV
> [[10.26.38.125:20730-broker.fqdn:5671]]: Frame[BEbe; channel=0; {Con
> nectionCloseOkBody: }]
> 2013-10-29 15:32:36 [System] debug Exception constructed: Closed by client
>
> ERROR: ACCESS VIOLATION
>
> D:\Projects\QPid\trunk\qpid\build\src\tests\Debug>
>
> Thanks,
> Albert.
>
> -----Original Message-----
> From: Gordon Sim [mailto:gsim@redhat.com]
> Sent: Tuesday, October 29, 2013 1:57 AM
> To: users@qpid.apache.org
> Subject: Re: SSL support in org.apache.qpid.messaging .NET API
>
> On 10/29/2013 12:18 AM, Albert Pomortsev wrote:
> > Hello qpid developers and users.
> >
> > I'm finding it impossible to use SSL from .NET messaging API. I built
> > qpid/proton from trunk sources on Windows. I can successfully run the
> > broker and, for example, run the csharp.example.helloworld .NET sample
> > using both amqp 0-10 and 1.0 protocols. But configuring the client
> > connection for SSL fails. By SSL I mean only server authentication and
> > encryption, not client authentication. I was planning to use PLAIN SASL
> > authentication with SSL.
> >
> > The C++ broker handbook states (p.42):
> >
> > 3. To open an SSL enabled connection in the Qpid Messaging API, set the
> > protocol connection option to ssl.
> >
> > This does not work. I'm receiving the exception "Unsupported protocol:
> > ssl". Additionally, this option clashes with the option "protocol:amqp1.0"
> > making using them together apparently impossible.
> > I tried "transport:ssl". With amqp 0-10 (no "protocol" option) I'm getting
> > "Failed to connect (reconnect disabled)" exception. With amqp1.0
> > ("protocol:amqp1.0") I'm getting "No such transport: ssl" exception.
>
> The 'transport' option is what is needed. The protocol option refers to AMQP
> 1.0 v AMQP 0-10 as you state.
>
> > Can someone please explain:
> >
> >
> > - Is SSL even supported in .NET messaging API?
>
> It should be for 0-10, but unfortunately it is not yet for 1.0 on windows.
>
> > - If yes, what is the correct way to enable it?
>
> There is a text document in the root of the cpp source tree:
> https://svn.apache.org/repos/asf/qpid/trunk/qpid/cpp/SSL, which in the second
> half describes how to get windows working from c++ and I believe the same
> configuration options will work for .NET (using 0-10).
>
> Did you already specify these? If so, were there any errors on the broker
> side when connecting over 0-10 and ssl? The error you got there is a fairly
> generic one. Turning up the log level on the client may also help.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@qpid.apache.org For additional
> commands, e-mail: users-help@qpid.apache.org
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@qpid.apache.org
> For additional commands, e-mail: users-help@qpid.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@qpid.apache.org
For additional commands, e-mail: users-help@qpid.apache.org
RE: SSL support in org.apache.qpid.messaging .NET API
Posted by Albert Pomortsev <ap...@opentext.com>.
Hi Gordon,
Yes, I configured the certificate and all relevant options on the broker. I've finally managed to make the .NET helloworld example work, to a degree though: it connects, sends and receives the message, but crashes on exit with access violation in Connection destructor in qpid\cpp\bindings\qpid\dotnet\src\Connection.cpp:
// Finalizer
Connection::!Connection()
{
if (NULL != nativeObjPtr)
{
msclr::lock lk(privateLock);
if (NULL != nativeObjPtr)
{
delete nativeObjPtr; // <= exception here, line 191
nativeObjPtr = NULL;
}
}
}
Attempted to read or write protected memory. This is often an indication that other memory is corrupt.
at qpid.messaging.Connection.{dtor}(Connection* )
at qpid.messaging.Connection.__delDtor(Connection* , UInt32 A_0)
at Org.Apache.Qpid.Messaging.Connection.!Connection()
at Org.Apache.Qpid.Messaging.Connection.Dispose(Boolean A_0)
at Org.Apache.Qpid.Messaging.Connection.Finalize()
Looks like deletion of an already disposed object to me.
When I try running qpid-perftest as described in documentation I'm also getting access violation. From the trace it looks like some communication is going on between the tool and the broker but in the end it crashes without reporting anything:
D:\Projects\QPid\trunk\qpid\build\src\tests\Debug>qpid-perftest --count 10000 -P ssl --port 5671 --broker broker.fqdn -t
2013-10-29 15:32:35 [Client] debug Created IO thread: 0
2013-10-29 15:32:35 [Network] debug TCPConnector created for 0-10
2013-10-29 15:32:35 [Client] info Set TCP_NODELAY
2013-10-29 15:32:35 [Security] debug SslConnector created for \x00-
2013-10-29 15:32:35 [Network] debug RECV [[10.26.38.125:20730-broker.fqdn:5671]]: INIT(0-10)
2013-10-29 15:32:35 [Network] trace RECV [[10.26.38.125:20730-broker.fqdn:5671]]: Frame[BEbe; channel=0; {Con
nectionStartBody: server-properties={qpid.federation_tag:V2:36:str16(df1f3306-21fa-4282-a9b8-fc3979f62709)}; mechanisms=str16
{V2:9:str16(ANONYMOUS), V2:5:str16(PLAIN)}; locales=str16{V2:5:str16(en_US)}; }]
2013-10-29 15:32:35 [Security] debug WindowsSasl::start(ANONYMOUS PLAIN)
2013-10-29 15:32:35 [Network] trace SENT [[10.26.38.125:20730-broker.fqdn:5671]]: Frame[BEbe; channel=0; {Con
nectionStartOkBody: client-properties={qpid.client_pid:F4:int32(7536),qpid.client_ppid:F4:int32(0),qpid.client_process:V2:0:s
tr16(),qpid.session_flow:F4:int32(1)}; mechanism=PLAIN; response=xxxxxx; locale=en_US; }]
2013-10-29 15:32:35 [Network] trace RECV [[10.26.38.125:20730-broker.fqdn:5671]]: Frame[BEbe; channel=0; {Con
nectionTuneBody: channel-max=32767; max-frame-size=65535; heartbeat-min=0; heartbeat-max=0; }]
2013-10-29 15:32:35 [Network] trace SENT [[10.26.38.125:20730-broker.fqdn:5671]]: Frame[BEbe; channel=0; {Con
nectionTuneOkBody: channel-max=32767; max-frame-size=65535; heartbeat=0; }]
2013-10-29 15:32:35 [Network] trace SENT [[10.26.38.125:20730-broker.fqdn:5671]]: Frame[BEbe; channel=0; {Con
nectionOpenBody: virtual-host=; capabilities=void{}; insist=1; }]
2013-10-29 15:32:35 [Network] trace RECV [[10.26.38.125:20730-broker.fqdn:5671]]: Frame[BEbe; channel=0; {Con
nectionOpenOkBody: known-hosts=str16{}; }]
2013-10-29 15:32:35 [Client] debug Known-brokers for connection:
2013-10-29 15:32:35 [Client] info Connection [10.26.38.125:20730-broker.fqdn:5671] connected to ssl:alado-alb
ertp2.opentext.net:5671
2013-10-29 15:32:35 [Client] debug Connection [10.26.38.125:20730-broker.fqdn:5671] no security layer in plac
e
2013-10-29 15:32:35 [Broker] debug SessionState::SessionState .: 00A18D50
2013-10-29 15:32:35 [Network] trace SENT [[10.26.38.125:20730-broker.fqdn:5671]]: Frame[BEbe; channel=1; {Ses
sionAttachBody: name=aafa000f-2453-4ce6-9412-1add9be05c23; }]
2013-10-29 15:32:35 [Network] trace RECV [[10.26.38.125:20730-broker.fqdn:5671]]: Frame[BEbe; channel=1; {Ses
sionAttachedBody: name=aafa000f-2453-4ce6-9412-1add9be05c23; }]
2013-10-29 15:32:35 [Network] trace RECV [[10.26.38.125:20730-broker.fqdn:5671]]: Frame[BEbe; channel=1; {Ses
sionCommandPointBody: command-id=0; command-offset=0; }]
2013-10-29 15:32:35 [Network] trace SENT [[10.26.38.125:20730-broker.fqdn:5671]]: Frame[BEbe; channel=1; {Ses
sionRequestTimeoutBody: timeout=0; }]
2013-10-29 15:32:35 [Network] trace SENT [[10.26.38.125:20730-broker.fqdn:5671]]: Frame[BEbe; channel=1; {Ses
sionCommandPointBody: command-id=0; command-offset=0; }]
2013-10-29 15:32:35 [Network] trace SENT [[10.26.38.125:20730-broker.fqdn:5671]]: Frame[BEbe; channel=1; {Que
ueDeclareBody: queue=qpid-perftest_pub_start; alternate-exchange=; arguments={}; }]
2013-10-29 15:32:35 [Network] trace SENT [[10.26.38.125:20730-broker.fqdn:5671]]: Frame[BEbe; channel=1; {Que
uePurgeBody: queue=qpid-perftest_pub_start; }]
2013-10-29 15:32:35 [Network] trace SENT [[10.26.38.125:20730-broker.fqdn:5671]]: Frame[BEbe; channel=1; {Exe
cutionSyncBody: }]
2013-10-29 15:32:35 [Network] trace RECV [[10.26.38.125:20730-broker.fqdn:5671]]: Frame[BEbe; channel=1; {Ses
sionTimeoutBody: timeout=0; }]
2013-10-29 15:32:35 [Network] trace RECV [[10.26.38.125:20730-broker.fqdn:5671]]: Frame[BEbe; channel=1; {Ses
sionCompletedBody: commands={ [0,2] }; }]
2013-10-29 15:32:35 [Network] trace SENT [[10.26.38.125:20730-broker.fqdn:5671]]: Frame[BEbe; channel=1; {Que
ueDeclareBody: queue=qpid-perftest_pub_done; alternate-exchange=; arguments={}; }]
2013-10-29 15:32:35 [Network] trace SENT [[10.26.38.125:20730-broker.fqdn:5671]]: Frame[BEbe; channel=1; {Que
uePurgeBody: queue=qpid-perftest_pub_done; }]
2013-10-29 15:32:36 [Network] trace SENT [[10.26.38.125:20730-broker.fqdn:5671]]: Frame[BEbe; channel=1; {Exe
cutionSyncBody: }]
2013-10-29 15:32:36 [Network] trace RECV [[10.26.38.125:20730-broker.fqdn:5671]]: Frame[BEbe; channel=1; {Ses
sionCompletedBody: commands={ [0,5] }; }]
2013-10-29 15:32:36 [Network] trace SENT [[10.26.38.125:20730-broker.fqdn:5671]]: Frame[BEbe; channel=1; {Que
ueDeclareBody: queue=qpid-perftest_sub_ready; alternate-exchange=; arguments={}; }]
2013-10-29 15:32:36 [Network] trace SENT [[10.26.38.125:20730-broker.fqdn:5671]]: Frame[BEbe; channel=1; {Que
uePurgeBody: queue=qpid-perftest_sub_ready; }]
2013-10-29 15:32:36 [Network] trace SENT [[10.26.38.125:20730-broker.fqdn:5671]]: Frame[BEbe; channel=1; {Exe
cutionSyncBody: }]
2013-10-29 15:32:36 [Network] trace RECV [[10.26.38.125:20730-broker.fqdn:5671]]: Frame[BEbe; channel=1; {Ses
sionCompletedBody: commands={ [0,8] }; }]
2013-10-29 15:32:36 [Network] trace SENT [[10.26.38.125:20730-broker.fqdn:5671]]: Frame[BEbe; channel=1; {Que
ueDeclareBody: queue=qpid-perftest_sub_done; alternate-exchange=; arguments={}; }]
2013-10-29 15:32:36 [Network] trace SENT [[10.26.38.125:20730-broker.fqdn:5671]]: Frame[BEbe; channel=1; {Que
uePurgeBody: queue=qpid-perftest_sub_done; }]
2013-10-29 15:32:36 [Network] trace SENT [[10.26.38.125:20730-broker.fqdn:5671]]: Frame[BEbe; channel=1; {Exe
cutionSyncBody: }]
2013-10-29 15:32:36 [Network] trace RECV [[10.26.38.125:20730-broker.fqdn:5671]]: Frame[BEbe; channel=1; {Ses
sionCompletedBody: commands={ [0,11] }; }]
2013-10-29 15:32:36 [Network] trace SENT [[10.26.38.125:20730-broker.fqdn:5671]]: Frame[BEbe; channel=1; {Que
ueDeclareBody: queue=qpid-perftest0; alternate-exchange=; arguments={qpid.max_count:F4:int32(0),qpid.max_size:F4:int32(0)}; }
]
2013-10-29 15:32:36 [Network] trace SENT [[10.26.38.125:20730-broker.fqdn:5671]]: Frame[BEbe; channel=1; {Que
uePurgeBody: queue=qpid-perftest0; }]
2013-10-29 15:32:36 [Network] trace SENT [[10.26.38.125:20730-broker.fqdn:5671]]: Frame[BEbe; channel=1; {Exe
cutionSyncBody: }]
2013-10-29 15:32:36 [Network] trace RECV [[10.26.38.125:20730-broker.fqdn:5671]]: Frame[BEbe; channel=1; {Ses
sionCompletedBody: commands={ [0,14] }; }]
2013-10-29 15:32:36 [Network] trace SENT [[10.26.38.125:20730-broker.fqdn:5671]]: Frame[BEbe; channel=1; {Ses
sionDetachBody: name=aafa000f-2453-4ce6-9412-1add9be05c23; }]
2013-10-29 15:32:36 [Network] trace RECV [[10.26.38.125:20730-broker.fqdn:5671]]: Frame[BEbe; channel=1; {Ses
sionDetachedBody: name=aafa000f-2453-4ce6-9412-1add9be05c23; code=0; }]
2013-10-29 15:32:36 [Network] trace SENT [[10.26.38.125:20730-broker.fqdn:5671]]: Frame[BEbe; channel=0; {Con
nectionCloseBody: reply-code=200; reply-text=OK; }]
2013-10-29 15:32:36 [Network] trace RECV [[10.26.38.125:20730-broker.fqdn:5671]]: Frame[BEbe; channel=0; {Con
nectionCloseOkBody: }]
2013-10-29 15:32:36 [System] debug Exception constructed: Closed by client
ERROR: ACCESS VIOLATION
D:\Projects\QPid\trunk\qpid\build\src\tests\Debug>
Thanks,
Albert.
-----Original Message-----
From: Gordon Sim [mailto:gsim@redhat.com]
Sent: Tuesday, October 29, 2013 1:57 AM
To: users@qpid.apache.org
Subject: Re: SSL support in org.apache.qpid.messaging .NET API
On 10/29/2013 12:18 AM, Albert Pomortsev wrote:
> Hello qpid developers and users.
>
> I'm finding it impossible to use SSL from .NET messaging API. I built qpid/proton from trunk sources on Windows. I can successfully run the broker and, for example, run the csharp.example.helloworld .NET sample using both amqp 0-10 and 1.0 protocols. But configuring the client connection for SSL fails. By SSL I mean only server authentication and encryption, not client authentication. I was planning to use PLAIN SASL authentication with SSL.
>
> The C++ broker handbook states (p.42):
>
> 3. To open an SSL enabled connection in the Qpid Messaging API, set the protocol connection option to ssl.
>
> This does not work. I'm receiving the exception "Unsupported protocol: ssl". Additionally, this option clashes with the option "protocol:amqp1.0" making using them together apparently impossible.
> I tried "transport:ssl". With amqp 0-10 (no "protocol" option) I'm getting "Failed to connect (reconnect disabled)" exception. With amqp1.0 ("protocol:amqp1.0") I'm getting "No such transport: ssl" exception.
The 'transport' option is what is needed. The protocol option refers to AMQP 1.0 v AMQP 0-10 as you state.
> Can someone please explain:
>
>
> - Is SSL even supported in .NET messaging API?
It should be for 0-10, but unfortunately it is not yet for 1.0 on windows.
> - If yes, what is the correct way to enable it?
There is a text document in the root of the cpp source tree:
https://svn.apache.org/repos/asf/qpid/trunk/qpid/cpp/SSL, which in the second half describes how to get windows working from c++ and I believe the same configuration options will work for .NET (using 0-10).
Did you already specify these? If so, were there any errors on the broker side when connecting over 0-10 and ssl? The error you got there is a fairly generic one. Turning up the log level on the client may also help.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@qpid.apache.org For additional commands, e-mail: users-help@qpid.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@qpid.apache.org
For additional commands, e-mail: users-help@qpid.apache.org
Re: SSL support in org.apache.qpid.messaging .NET API
Posted by Gordon Sim <gs...@redhat.com>.
On 10/29/2013 12:18 AM, Albert Pomortsev wrote:
> Hello qpid developers and users.
>
> I'm finding it impossible to use SSL from .NET messaging API. I built qpid/proton from trunk sources on Windows. I can successfully run the broker and, for example, run the csharp.example.helloworld .NET sample using both amqp 0-10 and 1.0 protocols. But configuring the client connection for SSL fails. By SSL I mean only server authentication and encryption, not client authentication. I was planning to use PLAIN SASL authentication with SSL.
>
> The C++ broker handbook states (p.42):
>
> 3. To open an SSL enabled connection in the Qpid Messaging API, set the protocol connection option to ssl.
>
> This does not work. I'm receiving the exception "Unsupported protocol: ssl". Additionally, this option clashes with the option "protocol:amqp1.0" making using them together apparently impossible.
> I tried "transport:ssl". With amqp 0-10 (no "protocol" option) I'm getting "Failed to connect (reconnect disabled)" exception. With amqp1.0 ("protocol:amqp1.0") I'm getting "No such transport: ssl" exception.
The 'transport' option is what is needed. The protocol option refers to
AMQP 1.0 v AMQP 0-10 as you state.
> Can someone please explain:
>
>
> - Is SSL even supported in .NET messaging API?
It should be for 0-10, but unfortunately it is not yet for 1.0 on windows.
> - If yes, what is the correct way to enable it?
There is a text document in the root of the cpp source tree:
https://svn.apache.org/repos/asf/qpid/trunk/qpid/cpp/SSL, which in the
second half describes how to get windows working from c++ and I believe
the same configuration options will work for .NET (using 0-10).
Did you already specify these? If so, were there any errors on the
broker side when connecting over 0-10 and ssl? The error you got there
is a fairly generic one. Turning up the log level on the client may also
help.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@qpid.apache.org
For additional commands, e-mail: users-help@qpid.apache.org
RE: SSL support in org.apache.qpid.messaging .NET API
Posted by Albert Pomortsev <ap...@opentext.com>.
Thanks Cliff.
-----Original Message-----
From: Cliff Jansen [mailto:cliffjansen@gmail.com]
Sent: Monday, October 28, 2013 11:56 PM
To: users@qpid.apache.org
Subject: Re: SSL support in org.apache.qpid.messaging .NET API
Hi Albert,
SSL support is not yet available for Windows in proton-c, which is what the .NET messaging API will use for AMQP 1.0 functionality. The work has started in earnest and is hoped to be available on trunk soon after Proton 0.6 and Qpid 0.26 are released.
I will update the documentation asap to reflect this. Sorry for the inconvenience.
Cliff
On Mon, Oct 28, 2013 at 5:18 PM, Albert Pomortsev <ap...@opentext.com> wrote:
> Hello qpid developers and users.
>
> I'm finding it impossible to use SSL from .NET messaging API. I built qpid/proton from trunk sources on Windows. I can successfully run the broker and, for example, run the csharp.example.helloworld .NET sample using both amqp 0-10 and 1.0 protocols. But configuring the client connection for SSL fails. By SSL I mean only server authentication and encryption, not client authentication. I was planning to use PLAIN SASL authentication with SSL.
>
> The C++ broker handbook states (p.42):
>
> 3. To open an SSL enabled connection in the Qpid Messaging API, set the protocol connection option to ssl.
>
> This does not work. I'm receiving the exception "Unsupported protocol: ssl". Additionally, this option clashes with the option "protocol:amqp1.0" making using them together apparently impossible.
> I tried "transport:ssl". With amqp 0-10 (no "protocol" option) I'm getting "Failed to connect (reconnect disabled)" exception. With amqp1.0 ("protocol:amqp1.0") I'm getting "No such transport: ssl" exception.
>
> Can someone please explain:
>
>
> - Is SSL even supported in .NET messaging API?
>
> - If yes, what is the correct way to enable it?
>
> Thanks,
> Albert.
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@qpid.apache.org For additional commands, e-mail: users-help@qpid.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@qpid.apache.org
For additional commands, e-mail: users-help@qpid.apache.org
RE: SSL support in org.apache.qpid.messaging .NET API
Posted by Albert Pomortsev <ap...@opentext.com>.
Thanks Gordon.
-----Original Message-----
From: Gordon Sim [mailto:gsim@redhat.com]
Sent: Tuesday, October 29, 2013 1:58 AM
To: users@qpid.apache.org
Subject: Re: SSL support in org.apache.qpid.messaging .NET API
On 10/29/2013 06:56 AM, Cliff Jansen wrote:
> SSL support is not yet available for Windows in proton-c, which is
> what the .NET messaging API will use for AMQP 1.0 functionality.
Just to note that the linux IO for 1.0 does not use the proton driver or ssl support, but uses the SSL support built into the qpid-cpp IO layer itself.
However this is not yet done for windows.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@qpid.apache.org For additional commands, e-mail: users-help@qpid.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@qpid.apache.org
For additional commands, e-mail: users-help@qpid.apache.org
Re: SSL support in org.apache.qpid.messaging .NET API
Posted by Gordon Sim <gs...@redhat.com>.
On 10/29/2013 06:56 AM, Cliff Jansen wrote:
> SSL support is not yet available for Windows in proton-c, which is
> what the .NET messaging API will use for AMQP 1.0 functionality.
Just to note that the linux IO for 1.0 does not use the proton driver or
ssl support, but uses the SSL support built into the qpid-cpp IO layer
itself.
However this is not yet done for windows.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@qpid.apache.org
For additional commands, e-mail: users-help@qpid.apache.org
Re: SSL support in org.apache.qpid.messaging .NET API
Posted by Cliff Jansen <cl...@gmail.com>.
Hi Albert,
SSL support is not yet available for Windows in proton-c, which is
what the .NET messaging API will use for AMQP 1.0 functionality. The
work has started in earnest and is hoped to be available on trunk soon
after Proton 0.6 and Qpid 0.26 are released.
I will update the documentation asap to reflect this. Sorry for the
inconvenience.
Cliff
On Mon, Oct 28, 2013 at 5:18 PM, Albert Pomortsev <ap...@opentext.com> wrote:
> Hello qpid developers and users.
>
> I'm finding it impossible to use SSL from .NET messaging API. I built qpid/proton from trunk sources on Windows. I can successfully run the broker and, for example, run the csharp.example.helloworld .NET sample using both amqp 0-10 and 1.0 protocols. But configuring the client connection for SSL fails. By SSL I mean only server authentication and encryption, not client authentication. I was planning to use PLAIN SASL authentication with SSL.
>
> The C++ broker handbook states (p.42):
>
> 3. To open an SSL enabled connection in the Qpid Messaging API, set the protocol connection option to ssl.
>
> This does not work. I'm receiving the exception "Unsupported protocol: ssl". Additionally, this option clashes with the option "protocol:amqp1.0" making using them together apparently impossible.
> I tried "transport:ssl". With amqp 0-10 (no "protocol" option) I'm getting "Failed to connect (reconnect disabled)" exception. With amqp1.0 ("protocol:amqp1.0") I'm getting "No such transport: ssl" exception.
>
> Can someone please explain:
>
>
> - Is SSL even supported in .NET messaging API?
>
> - If yes, what is the correct way to enable it?
>
> Thanks,
> Albert.
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@qpid.apache.org
For additional commands, e-mail: users-help@qpid.apache.org