You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@activemq.apache.org by "Nathan Mittler (JIRA)" <ji...@apache.org> on 2007/08/04 19:56:48 UTC
[jira] Created: (AMQCPP-140) Add SSL transport
Add SSL transport
-----------------
Key: AMQCPP-140
URL: https://issues.apache.org/activemq/browse/AMQCPP-140
Project: ActiveMQ C++ Client
Issue Type: New Feature
Affects Versions: 2.2
Reporter: Nathan Mittler
Assignee: Nathan Mittler
Need a secure transport for activemq-cpp. Some options for ssl support:
1) OpenSSL - fairly robust set of ssl functions
2) APR - trunk has added support for ssl sockets. An attractive option, given that we're already starting to incorporate API in other areas.
Should create a Java-like set of classes in decaf to add basic ssl support, then use those classes to make an SSLTransport in activemq-cpp.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Resolved: (AMQCPP-140) Add SSL transport
Posted by "Timothy Bish (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/activemq/browse/AMQCPP-140?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Timothy Bish resolved AMQCPP-140.
---------------------------------
Resolution: Fixed
OpenSSL support implemented in trunk. Tested on Redhat and Windows.
Hopefully others with access to different platforms will report their results.
Notes:
* SSL transport in ActiveMQ-CPP is specified using the transport URI prefix 'ssl'
* The key and trust store are set as System properties using the decaf library methods as follows.
To set the location of the client key file (Must be in PEM format) call:
decaf::lang::System::setProperty( "decaf.net.ssl.keyStore", "<path/filename>" );
optionally a password can be provided as:
decaf::lang::System::setProperty( "decaf.net.ssl.keyStorePassword", "password" );
To set the location of the trusted certificate for the broker, or the trusted root certificate for all your brokers the location of the file (again in PEM format) is set via:
decaf::lang::System::setProperty( "decaf.net.ssl.trustStore", "<path/filename>" );
These methods should be called before you create your first ConnectionFactory.
> Add SSL transport
> -----------------
>
> Key: AMQCPP-140
> URL: https://issues.apache.org/activemq/browse/AMQCPP-140
> Project: ActiveMQ C++ Client
> Issue Type: New Feature
> Affects Versions: 2.2
> Reporter: Nathan Mittler
> Assignee: Timothy Bish
> Fix For: 3.2.0
>
> Attachments: amqcpp-ssl.patch3
>
>
> Need a secure transport for activemq-cpp. Some options for ssl support:
> 1) OpenSSL - fairly robust set of ssl functions
> 2) APR - trunk has added support for ssl sockets. An attractive option, given that we're already starting to incorporate API in other areas.
> Should create a Java-like set of classes in decaf to add basic ssl support, then use those classes to make an SSLTransport in activemq-cpp.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (AMQCPP-140) Add SSL transport
Posted by "Timothy Bish (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/activemq/browse/AMQCPP-140?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Timothy Bish updated AMQCPP-140:
--------------------------------
Fix Version/s: 2.4.0
(was: 2.3)
> Add SSL transport
> -----------------
>
> Key: AMQCPP-140
> URL: https://issues.apache.org/activemq/browse/AMQCPP-140
> Project: ActiveMQ C++ Client
> Issue Type: New Feature
> Affects Versions: 2.2
> Reporter: Nathan Mittler
> Assignee: Timothy Bish
> Fix For: 2.4.0
>
> Attachments: amqcpp-ssl.patch3
>
>
> Need a secure transport for activemq-cpp. Some options for ssl support:
> 1) OpenSSL - fairly robust set of ssl functions
> 2) APR - trunk has added support for ssl sockets. An attractive option, given that we're already starting to incorporate API in other areas.
> Should create a Java-like set of classes in decaf to add basic ssl support, then use those classes to make an SSLTransport in activemq-cpp.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (AMQCPP-140) Add SSL transport
Posted by "Timothy Bish (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/activemq/browse/AMQCPP-140?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Timothy Bish updated AMQCPP-140:
--------------------------------
Fix Version/s: (was: 2.2)
2.3
Moving to 2.3 so we have a better chance of getting a release out sometime this year
> Add SSL transport
> -----------------
>
> Key: AMQCPP-140
> URL: https://issues.apache.org/activemq/browse/AMQCPP-140
> Project: ActiveMQ C++ Client
> Issue Type: New Feature
> Affects Versions: 2.2
> Reporter: Nathan Mittler
> Assignee: Nathan Mittler
> Fix For: 2.3
>
> Attachments: amqcpp-ssl.patch3
>
>
> Need a secure transport for activemq-cpp. Some options for ssl support:
> 1) OpenSSL - fairly robust set of ssl functions
> 2) APR - trunk has added support for ssl sockets. An attractive option, given that we're already starting to incorporate API in other areas.
> Should create a Java-like set of classes in decaf to add basic ssl support, then use those classes to make an SSLTransport in activemq-cpp.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Assigned: (AMQCPP-140) Add SSL transport
Posted by "Timothy Bish (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/activemq/browse/AMQCPP-140?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Timothy Bish reassigned AMQCPP-140:
-----------------------------------
Assignee: Timothy Bish (was: Nathan Mittler)
> Add SSL transport
> -----------------
>
> Key: AMQCPP-140
> URL: https://issues.apache.org/activemq/browse/AMQCPP-140
> Project: ActiveMQ C++ Client
> Issue Type: New Feature
> Affects Versions: 2.2
> Reporter: Nathan Mittler
> Assignee: Timothy Bish
> Fix For: 2.3
>
> Attachments: amqcpp-ssl.patch3
>
>
> Need a secure transport for activemq-cpp. Some options for ssl support:
> 1) OpenSSL - fairly robust set of ssl functions
> 2) APR - trunk has added support for ssl sockets. An attractive option, given that we're already starting to incorporate API in other areas.
> Should create a Java-like set of classes in decaf to add basic ssl support, then use those classes to make an SSLTransport in activemq-cpp.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (AMQCPP-140) Add SSL transport
Posted by "Nathan Mittler (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/activemq/browse/AMQCPP-140?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_40398 ]
Nathan Mittler commented on AMQCPP-140:
---------------------------------------
Just some thoughts on the user interface for the ssl transport, based on how it works in the Java client (http://activemq.apache.org/how-do-i-use-ssl.html)...
1) SSL transport-specific properties could be passed in via the connection URI. This is in keeping with the other transports.
2) The ActiveMQ-CPP's decaf library, has support for handling environment variables. It would be fairly simple to allow the default behavior of the SSL transport to be determined by the following environment variables:
decaf.net.ssl.keyStore=/path/to/client.ks
decaf.net.ssl.keyStorePassword=password
decaf.net.ssl.trustStore=/path/to/client.ts
If no SSL transport arguments are passed in via the connection uri, these environment variables could be used to automatically configure SSL.
3) The following SSL transport arguments in the connection uri would override the system properties:
"ssl://localhost:11111?ssl.keyStore=/path/to/client.ks&ssl.keyStore.Password=password&ssl.trustStore=/path/to/client.ts"
> Add SSL transport
> -----------------
>
> Key: AMQCPP-140
> URL: https://issues.apache.org/activemq/browse/AMQCPP-140
> Project: ActiveMQ C++ Client
> Issue Type: New Feature
> Affects Versions: 2.2
> Reporter: Nathan Mittler
> Assignee: Nathan Mittler
> Fix For: 2.2
>
>
> Need a secure transport for activemq-cpp. Some options for ssl support:
> 1) OpenSSL - fairly robust set of ssl functions
> 2) APR - trunk has added support for ssl sockets. An attractive option, given that we're already starting to incorporate API in other areas.
> Should create a Java-like set of classes in decaf to add basic ssl support, then use those classes to make an SSLTransport in activemq-cpp.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (AMQCPP-140) Add SSL transport
Posted by "Timothy Bish (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/activemq/browse/AMQCPP-140?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_40480 ]
Timothy Bish commented on AMQCPP-140:
-------------------------------------
Personally I'm not really a fan of this solution. I'd much rather see us using APR for the SSL support as I don't really want to have to go down the path of supporting all the various platform issues that arise from this in AMQ-CPP.
You said that you don't like the APR solution but I don't see you giving much evidence that its not a workable solution. If there are things missing from their implementation then you could go ahead and add what you need ad submit it as a patch, I know they are still looking for more patches for the 1.3 release.
> Add SSL transport
> -----------------
>
> Key: AMQCPP-140
> URL: https://issues.apache.org/activemq/browse/AMQCPP-140
> Project: ActiveMQ C++ Client
> Issue Type: New Feature
> Affects Versions: 2.2
> Reporter: Nathan Mittler
> Assignee: Nathan Mittler
> Fix For: 2.2
>
> Attachments: amqcpp-ssl.patch2
>
>
> Need a secure transport for activemq-cpp. Some options for ssl support:
> 1) OpenSSL - fairly robust set of ssl functions
> 2) APR - trunk has added support for ssl sockets. An attractive option, given that we're already starting to incorporate API in other areas.
> Should create a Java-like set of classes in decaf to add basic ssl support, then use those classes to make an SSLTransport in activemq-cpp.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (AMQCPP-140) Add SSL transport
Posted by "Hiram Chirino (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/activemq/browse/AMQCPP-140?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_40399 ]
Hiram Chirino commented on AMQCPP-140:
--------------------------------------
I like it..
> Add SSL transport
> -----------------
>
> Key: AMQCPP-140
> URL: https://issues.apache.org/activemq/browse/AMQCPP-140
> Project: ActiveMQ C++ Client
> Issue Type: New Feature
> Affects Versions: 2.2
> Reporter: Nathan Mittler
> Assignee: Nathan Mittler
> Fix For: 2.2
>
>
> Need a secure transport for activemq-cpp. Some options for ssl support:
> 1) OpenSSL - fairly robust set of ssl functions
> 2) APR - trunk has added support for ssl sockets. An attractive option, given that we're already starting to incorporate API in other areas.
> Should create a Java-like set of classes in decaf to add basic ssl support, then use those classes to make an SSLTransport in activemq-cpp.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Work started: (AMQCPP-140) Add SSL transport
Posted by "Timothy Bish (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/activemq/browse/AMQCPP-140?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Work on AMQCPP-140 started by Timothy Bish.
> Add SSL transport
> -----------------
>
> Key: AMQCPP-140
> URL: https://issues.apache.org/activemq/browse/AMQCPP-140
> Project: ActiveMQ C++ Client
> Issue Type: New Feature
> Affects Versions: 2.2
> Reporter: Nathan Mittler
> Assignee: Timothy Bish
> Fix For: 3.2.0
>
> Attachments: amqcpp-ssl.patch3
>
>
> Need a secure transport for activemq-cpp. Some options for ssl support:
> 1) OpenSSL - fairly robust set of ssl functions
> 2) APR - trunk has added support for ssl sockets. An attractive option, given that we're already starting to incorporate API in other areas.
> Should create a Java-like set of classes in decaf to add basic ssl support, then use those classes to make an SSLTransport in activemq-cpp.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (AMQCPP-140) Add SSL transport
Posted by "Nathan Mittler (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/activemq/browse/AMQCPP-140?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Nathan Mittler updated AMQCPP-140:
----------------------------------
Fix Version/s: 2.2
> Add SSL transport
> -----------------
>
> Key: AMQCPP-140
> URL: https://issues.apache.org/activemq/browse/AMQCPP-140
> Project: ActiveMQ C++ Client
> Issue Type: New Feature
> Affects Versions: 2.2
> Reporter: Nathan Mittler
> Assignee: Nathan Mittler
> Fix For: 2.2
>
>
> Need a secure transport for activemq-cpp. Some options for ssl support:
> 1) OpenSSL - fairly robust set of ssl functions
> 2) APR - trunk has added support for ssl sockets. An attractive option, given that we're already starting to incorporate API in other areas.
> Should create a Java-like set of classes in decaf to add basic ssl support, then use those classes to make an SSLTransport in activemq-cpp.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (AMQCPP-140) Add SSL transport
Posted by "Timothy Bish (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/activemq/browse/AMQCPP-140?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Timothy Bish updated AMQCPP-140:
--------------------------------
Fix Version/s: (was: 3.0)
3.1
> Add SSL transport
> -----------------
>
> Key: AMQCPP-140
> URL: https://issues.apache.org/activemq/browse/AMQCPP-140
> Project: ActiveMQ C++ Client
> Issue Type: New Feature
> Affects Versions: 2.2
> Reporter: Nathan Mittler
> Assignee: Timothy Bish
> Fix For: 3.1
>
> Attachments: amqcpp-ssl.patch3
>
>
> Need a secure transport for activemq-cpp. Some options for ssl support:
> 1) OpenSSL - fairly robust set of ssl functions
> 2) APR - trunk has added support for ssl sockets. An attractive option, given that we're already starting to incorporate API in other areas.
> Should create a Java-like set of classes in decaf to add basic ssl support, then use those classes to make an SSLTransport in activemq-cpp.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (AMQCPP-140) Add SSL transport
Posted by "Timothy Bish (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/activemq/browse/AMQCPP-140?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Timothy Bish updated AMQCPP-140:
--------------------------------
Fix Version/s: 3.2.0
> Add SSL transport
> -----------------
>
> Key: AMQCPP-140
> URL: https://issues.apache.org/activemq/browse/AMQCPP-140
> Project: ActiveMQ C++ Client
> Issue Type: New Feature
> Affects Versions: 2.2
> Reporter: Nathan Mittler
> Assignee: Timothy Bish
> Fix For: 3.2.0
>
> Attachments: amqcpp-ssl.patch3
>
>
> Need a secure transport for activemq-cpp. Some options for ssl support:
> 1) OpenSSL - fairly robust set of ssl functions
> 2) APR - trunk has added support for ssl sockets. An attractive option, given that we're already starting to incorporate API in other areas.
> Should create a Java-like set of classes in decaf to add basic ssl support, then use those classes to make an SSLTransport in activemq-cpp.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (AMQCPP-140) Add SSL transport
Posted by "Teemu Torma (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/activemq/browse/AMQCPP-140?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_40450 ]
Teemu Torma commented on AMQCPP-140:
------------------------------------
I should have mentioned I have tested on Linux only. I don't even have any windows machines, I would have to delegate that part.
By searching I don't see any other usage on windows, everything seems to be using SSL_set_fd. We are also using omniORB which also implements ssl and works in all platforms uses it (I used the code as a reference too whilst doing this, I have not programmed with openssl before.)
here is something called BIO interface in openssl that could be used too, but that does not seem to be any different in this case. That would just add yet another abstraction layer and I feel there are already enough of them :)
If it works on windows, maybe just stick reinterpret_cast for the call.
> Add SSL transport
> -----------------
>
> Key: AMQCPP-140
> URL: https://issues.apache.org/activemq/browse/AMQCPP-140
> Project: ActiveMQ C++ Client
> Issue Type: New Feature
> Affects Versions: 2.2
> Reporter: Nathan Mittler
> Assignee: Nathan Mittler
> Fix For: 2.2
>
> Attachments: amqcpp-ssl.patch1
>
>
> Need a secure transport for activemq-cpp. Some options for ssl support:
> 1) OpenSSL - fairly robust set of ssl functions
> 2) APR - trunk has added support for ssl sockets. An attractive option, given that we're already starting to incorporate API in other areas.
> Should create a Java-like set of classes in decaf to add basic ssl support, then use those classes to make an SSLTransport in activemq-cpp.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (AMQCPP-140) Add SSL transport
Posted by "Teemu Torma (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/activemq/browse/AMQCPP-140?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Teemu Torma updated AMQCPP-140:
-------------------------------
Attachment: amqcpp-ssl.patch2
Second draft, also tested only on Linux. This adds many connection properties and some more final tuning. Configuration is still missing.
Supported properties:
sslCAFile=pem - CA certificate
sslCAPath=dir - CA certificate directory.
sslCertFile=pem - the client certificate
sslKeyFile=pem - the client private key (if not given assume cert contains it.)
sslPassword=pass - the certificate/key password. If one is needed and the property is not given openssl will prompt one interactively.
sslVerifyPeer=boolean - If peer certificate and name should be verified (need CA certificate for that.)
sslVerifyName=name - the CN to match in the peer certificate (hostname is the default.)
sslCiphers=ciphers - the openssl string to specify the chipers to use.
I am sure the names will change and people will have differing opinions. So far I used most native openssl terms.
One thing that would be really, really useful in a real life is to build some kind of extension for setting certificates from some other source than files (ldap for example.) I do not suggest that anything else would be supported by activemq-cpp itself, but some extension mechanism that would allow tweaking it without touching activemq-cpp code itself.
I don't right now have any good solution for that, and good ideas would be appreciated.
> Add SSL transport
> -----------------
>
> Key: AMQCPP-140
> URL: https://issues.apache.org/activemq/browse/AMQCPP-140
> Project: ActiveMQ C++ Client
> Issue Type: New Feature
> Affects Versions: 2.2
> Reporter: Nathan Mittler
> Assignee: Nathan Mittler
> Fix For: 2.2
>
> Attachments: amqcpp-ssl.patch1, amqcpp-ssl.patch2
>
>
> Need a secure transport for activemq-cpp. Some options for ssl support:
> 1) OpenSSL - fairly robust set of ssl functions
> 2) APR - trunk has added support for ssl sockets. An attractive option, given that we're already starting to incorporate API in other areas.
> Should create a Java-like set of classes in decaf to add basic ssl support, then use those classes to make an SSLTransport in activemq-cpp.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (AMQCPP-140) Add SSL transport
Posted by "Teemu Torma (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/activemq/browse/AMQCPP-140?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_40519 ]
Teemu Torma commented on AMQCPP-140:
------------------------------------
There is a minor portability issue in SSLSocketFactory.cpp where RAND_seed is called. std::vector does not seem to have data() in all compilers, so it is better to change 'data.data()' to '&data.front()'.
> Add SSL transport
> -----------------
>
> Key: AMQCPP-140
> URL: https://issues.apache.org/activemq/browse/AMQCPP-140
> Project: ActiveMQ C++ Client
> Issue Type: New Feature
> Affects Versions: 2.2
> Reporter: Nathan Mittler
> Assignee: Nathan Mittler
> Fix For: 2.2
>
> Attachments: amqcpp-ssl.patch3
>
>
> Need a secure transport for activemq-cpp. Some options for ssl support:
> 1) OpenSSL - fairly robust set of ssl functions
> 2) APR - trunk has added support for ssl sockets. An attractive option, given that we're already starting to incorporate API in other areas.
> Should create a Java-like set of classes in decaf to add basic ssl support, then use those classes to make an SSLTransport in activemq-cpp.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (AMQCPP-140) Add SSL transport
Posted by "Nathan Mittler (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/activemq/browse/AMQCPP-140?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_40521 ]
Nathan Mittler commented on AMQCPP-140:
---------------------------------------
This was an issue for me on OS X. It's fixed in the branch. I've also changed the formatting on the new files to use spaces instead of tabs.
> Add SSL transport
> -----------------
>
> Key: AMQCPP-140
> URL: https://issues.apache.org/activemq/browse/AMQCPP-140
> Project: ActiveMQ C++ Client
> Issue Type: New Feature
> Affects Versions: 2.2
> Reporter: Nathan Mittler
> Assignee: Nathan Mittler
> Fix For: 2.2
>
> Attachments: amqcpp-ssl.patch3
>
>
> Need a secure transport for activemq-cpp. Some options for ssl support:
> 1) OpenSSL - fairly robust set of ssl functions
> 2) APR - trunk has added support for ssl sockets. An attractive option, given that we're already starting to incorporate API in other areas.
> Should create a Java-like set of classes in decaf to add basic ssl support, then use those classes to make an SSLTransport in activemq-cpp.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (AMQCPP-140) Add SSL transport
Posted by "Teemu Torma (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/activemq/browse/AMQCPP-140?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Teemu Torma updated AMQCPP-140:
-------------------------------
Attachment: amqcpp-ssl.patch3
Version 3 of the patch.
- autoconf --with-ssl and --with-openssl (adapted from apr-util)
- Probably solves the 64-bit windows issue. It no longer uses SSL_use_fd but the underlying mechanism using BIO socket interface. We haven't figured the proper way for windows configuration, the user has to add manually the preprocessor directives and libraries.
- Proper openssl setup for multithreading.
> Add SSL transport
> -----------------
>
> Key: AMQCPP-140
> URL: https://issues.apache.org/activemq/browse/AMQCPP-140
> Project: ActiveMQ C++ Client
> Issue Type: New Feature
> Affects Versions: 2.2
> Reporter: Nathan Mittler
> Assignee: Nathan Mittler
> Fix For: 2.2
>
> Attachments: amqcpp-ssl.patch3
>
>
> Need a secure transport for activemq-cpp. Some options for ssl support:
> 1) OpenSSL - fairly robust set of ssl functions
> 2) APR - trunk has added support for ssl sockets. An attractive option, given that we're already starting to incorporate API in other areas.
> Should create a Java-like set of classes in decaf to add basic ssl support, then use those classes to make an SSLTransport in activemq-cpp.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (AMQCPP-140) Add SSL transport
Posted by "Albert Strasheim (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/activemq/browse/AMQCPP-140?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_40451 ]
Albert Strasheim commented on AMQCPP-140:
-----------------------------------------
The thing I'm worried about is that SOCKET (which seems to be a UINT_PTR) could be a 32-bit value on 32-bit Windows and a 64-bit value on 64-bit Windows while int is always 32-bit, so a reinterpret_cast might cause problems, which is why the compiler warns. Maybe I'm being too paranoid...
> Add SSL transport
> -----------------
>
> Key: AMQCPP-140
> URL: https://issues.apache.org/activemq/browse/AMQCPP-140
> Project: ActiveMQ C++ Client
> Issue Type: New Feature
> Affects Versions: 2.2
> Reporter: Nathan Mittler
> Assignee: Nathan Mittler
> Fix For: 2.2
>
> Attachments: amqcpp-ssl.patch1
>
>
> Need a secure transport for activemq-cpp. Some options for ssl support:
> 1) OpenSSL - fairly robust set of ssl functions
> 2) APR - trunk has added support for ssl sockets. An attractive option, given that we're already starting to incorporate API in other areas.
> Should create a Java-like set of classes in decaf to add basic ssl support, then use those classes to make an SSLTransport in activemq-cpp.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (AMQCPP-140) Add SSL transport
Posted by "Albert Strasheim (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/activemq/browse/AMQCPP-140?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_40449 ]
Albert Strasheim commented on AMQCPP-140:
-----------------------------------------
Patch looks promising. Might want to think a bit about these warnings when building on Windows though:
1>..\src\main\activemq\network\SSLSocket.cpp(58) : warning C4244: 'argument' : conversion from 'activemq::network::Socket::SocketHandle' to 'int', possible loss of data
1>..\src\main\activemq\network\SSLSocket.cpp(95) : warning C4244: 'argument' : conversion from 'activemq::network::Socket::SocketHandle' to 'int', possible loss of data
The offending lines look like this:
SSL_set_fd( ssl, socketHandle );
On Windows, SocketHandle is a Winsock2 SOCKET, which seems to be a typedef of UINT_PTR, which I don't think can safely be cast to an int (if it even makes sense to cast it). Can OpenSSL work with Winsock2 sockets? Maybe there's an alternative function to SSL_set_fd that should be called in this case?
> Add SSL transport
> -----------------
>
> Key: AMQCPP-140
> URL: https://issues.apache.org/activemq/browse/AMQCPP-140
> Project: ActiveMQ C++ Client
> Issue Type: New Feature
> Affects Versions: 2.2
> Reporter: Nathan Mittler
> Assignee: Nathan Mittler
> Fix For: 2.2
>
> Attachments: amqcpp-ssl.patch1
>
>
> Need a secure transport for activemq-cpp. Some options for ssl support:
> 1) OpenSSL - fairly robust set of ssl functions
> 2) APR - trunk has added support for ssl sockets. An attractive option, given that we're already starting to incorporate API in other areas.
> Should create a Java-like set of classes in decaf to add basic ssl support, then use those classes to make an SSLTransport in activemq-cpp.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (AMQCPP-140) Add SSL transport
Posted by "Nathan Mittler (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/activemq/browse/AMQCPP-140?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_40518 ]
Nathan Mittler commented on AMQCPP-140:
---------------------------------------
Thanks for all the hard work! :)
I've created a branch and applied your patch there https://svn.apache.org/repos/asf/activemq/activemq-cpp/branches/activemq-cpp-ssl/
I have to confess, I haven't had the time to look at it much yet, but from initial inspection it looks pretty clean. I'll look at it a little closer this weekend.
Nate
> Add SSL transport
> -----------------
>
> Key: AMQCPP-140
> URL: https://issues.apache.org/activemq/browse/AMQCPP-140
> Project: ActiveMQ C++ Client
> Issue Type: New Feature
> Affects Versions: 2.2
> Reporter: Nathan Mittler
> Assignee: Nathan Mittler
> Fix For: 2.2
>
> Attachments: amqcpp-ssl.patch3
>
>
> Need a secure transport for activemq-cpp. Some options for ssl support:
> 1) OpenSSL - fairly robust set of ssl functions
> 2) APR - trunk has added support for ssl sockets. An attractive option, given that we're already starting to incorporate API in other areas.
> Should create a Java-like set of classes in decaf to add basic ssl support, then use those classes to make an SSLTransport in activemq-cpp.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (AMQCPP-140) Add SSL transport
Posted by "Timothy Bish (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/activemq/browse/AMQCPP-140?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Timothy Bish updated AMQCPP-140:
--------------------------------
Fix Version/s: (was: 3.2.0)
Moving to unscheduled until someone volunteers to pick this up and run with it.
> Add SSL transport
> -----------------
>
> Key: AMQCPP-140
> URL: https://issues.apache.org/activemq/browse/AMQCPP-140
> Project: ActiveMQ C++ Client
> Issue Type: New Feature
> Affects Versions: 2.2
> Reporter: Nathan Mittler
> Assignee: Timothy Bish
> Attachments: amqcpp-ssl.patch3
>
>
> Need a secure transport for activemq-cpp. Some options for ssl support:
> 1) OpenSSL - fairly robust set of ssl functions
> 2) APR - trunk has added support for ssl sockets. An attractive option, given that we're already starting to incorporate API in other areas.
> Should create a Java-like set of classes in decaf to add basic ssl support, then use those classes to make an SSLTransport in activemq-cpp.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (AMQCPP-140) Add SSL transport
Posted by "Teemu Torma (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/activemq/browse/AMQCPP-140?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_40481 ]
Teemu Torma commented on AMQCPP-140:
------------------------------------
We have a need for SSL support right now and waiting for 2.2 and/or next APR is not really an option, this is why I have chosen this solution. I do not expect this to be included into activemq-cpp, it is a mere suggestion if anyone is interested.
The APR api does not support everything this patch would need and I have no interest to design and implement an SSL api in C that would be cross platform.
> Add SSL transport
> -----------------
>
> Key: AMQCPP-140
> URL: https://issues.apache.org/activemq/browse/AMQCPP-140
> Project: ActiveMQ C++ Client
> Issue Type: New Feature
> Affects Versions: 2.2
> Reporter: Nathan Mittler
> Assignee: Nathan Mittler
> Fix For: 2.2
>
> Attachments: amqcpp-ssl.patch2
>
>
> Need a secure transport for activemq-cpp. Some options for ssl support:
> 1) OpenSSL - fairly robust set of ssl functions
> 2) APR - trunk has added support for ssl sockets. An attractive option, given that we're already starting to incorporate API in other areas.
> Should create a Java-like set of classes in decaf to add basic ssl support, then use those classes to make an SSLTransport in activemq-cpp.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (AMQCPP-140) Add SSL transport
Posted by "Timothy Bish (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/activemq/browse/AMQCPP-140?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Timothy Bish updated AMQCPP-140:
--------------------------------
Fix Version/s: (was: 3.1)
3.2.0
> Add SSL transport
> -----------------
>
> Key: AMQCPP-140
> URL: https://issues.apache.org/activemq/browse/AMQCPP-140
> Project: ActiveMQ C++ Client
> Issue Type: New Feature
> Affects Versions: 2.2
> Reporter: Nathan Mittler
> Assignee: Timothy Bish
> Fix For: 3.2.0
>
> Attachments: amqcpp-ssl.patch3
>
>
> Need a secure transport for activemq-cpp. Some options for ssl support:
> 1) OpenSSL - fairly robust set of ssl functions
> 2) APR - trunk has added support for ssl sockets. An attractive option, given that we're already starting to incorporate API in other areas.
> Should create a Java-like set of classes in decaf to add basic ssl support, then use those classes to make an SSLTransport in activemq-cpp.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (AMQCPP-140) Add SSL transport
Posted by "Teemu Torma (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/activemq/browse/AMQCPP-140?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Teemu Torma updated AMQCPP-140:
-------------------------------
Attachment: (was: amqcpp-ssl.patch2)
> Add SSL transport
> -----------------
>
> Key: AMQCPP-140
> URL: https://issues.apache.org/activemq/browse/AMQCPP-140
> Project: ActiveMQ C++ Client
> Issue Type: New Feature
> Affects Versions: 2.2
> Reporter: Nathan Mittler
> Assignee: Nathan Mittler
> Fix For: 2.2
>
> Attachments: amqcpp-ssl.patch3
>
>
> Need a secure transport for activemq-cpp. Some options for ssl support:
> 1) OpenSSL - fairly robust set of ssl functions
> 2) APR - trunk has added support for ssl sockets. An attractive option, given that we're already starting to incorporate API in other areas.
> Should create a Java-like set of classes in decaf to add basic ssl support, then use those classes to make an SSLTransport in activemq-cpp.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (AMQCPP-140) Add SSL transport
Posted by "Timothy Bish (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/activemq/browse/AMQCPP-140?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=59527#action_59527 ]
Timothy Bish commented on AMQCPP-140:
-------------------------------------
Testing on Windows shows that its working there, can't seem to get things working on my Mac but its not related to SSL but to some issue with pthreads causing segfaults.
> Add SSL transport
> -----------------
>
> Key: AMQCPP-140
> URL: https://issues.apache.org/activemq/browse/AMQCPP-140
> Project: ActiveMQ C++ Client
> Issue Type: New Feature
> Affects Versions: 2.2
> Reporter: Nathan Mittler
> Assignee: Timothy Bish
> Fix For: 3.2.0
>
> Attachments: amqcpp-ssl.patch3
>
>
> Need a secure transport for activemq-cpp. Some options for ssl support:
> 1) OpenSSL - fairly robust set of ssl functions
> 2) APR - trunk has added support for ssl sockets. An attractive option, given that we're already starting to incorporate API in other areas.
> Should create a Java-like set of classes in decaf to add basic ssl support, then use those classes to make an SSLTransport in activemq-cpp.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (AMQCPP-140) Add SSL transport
Posted by "Teemu Torma (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/activemq/browse/AMQCPP-140?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Teemu Torma updated AMQCPP-140:
-------------------------------
Attachment: amqcpp-ssl.patch1
This is a my first draft of ssl support using openssl. The patch is against 2.1 and has no configuration support so far (openssl headers must be found by the compiler and user must link the libraries.)
I had a look apr ssl routines in the trunk and they are either too simplistic or too incomplete for any serious use.
My design goal was to use the existing code as much as possible without resorting to use "if"s in the code. There are multiple ways of doing this and this happens to be the one that first popped into my head.
No connection properties or certificate handling has been implemented yet. Plain encrypted connections appear to work, at least for me.
> Add SSL transport
> -----------------
>
> Key: AMQCPP-140
> URL: https://issues.apache.org/activemq/browse/AMQCPP-140
> Project: ActiveMQ C++ Client
> Issue Type: New Feature
> Affects Versions: 2.2
> Reporter: Nathan Mittler
> Assignee: Nathan Mittler
> Fix For: 2.2
>
> Attachments: amqcpp-ssl.patch1
>
>
> Need a secure transport for activemq-cpp. Some options for ssl support:
> 1) OpenSSL - fairly robust set of ssl functions
> 2) APR - trunk has added support for ssl sockets. An attractive option, given that we're already starting to incorporate API in other areas.
> Should create a Java-like set of classes in decaf to add basic ssl support, then use those classes to make an SSLTransport in activemq-cpp.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (AMQCPP-140) Add SSL transport
Posted by "Timothy Bish (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/activemq/browse/AMQCPP-140?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=59354#action_59354 ]
Timothy Bish commented on AMQCPP-140:
-------------------------------------
SSL Transport in Trunk, working on Fedora 12 64bit using OpenSSL v1.0.0.
Still todo:
* Testing.
* More Testing on other platforms.
* Test with client authentication enabled on the Broker, only using Server Authentication right now.
* The random number seed is done using an insecure seed generated from decaf::util::Random, need to add code to attempt to get a seed from a secure source.
> Add SSL transport
> -----------------
>
> Key: AMQCPP-140
> URL: https://issues.apache.org/activemq/browse/AMQCPP-140
> Project: ActiveMQ C++ Client
> Issue Type: New Feature
> Affects Versions: 2.2
> Reporter: Nathan Mittler
> Assignee: Timothy Bish
> Fix For: 3.2.0
>
> Attachments: amqcpp-ssl.patch3
>
>
> Need a secure transport for activemq-cpp. Some options for ssl support:
> 1) OpenSSL - fairly robust set of ssl functions
> 2) APR - trunk has added support for ssl sockets. An attractive option, given that we're already starting to incorporate API in other areas.
> Should create a Java-like set of classes in decaf to add basic ssl support, then use those classes to make an SSLTransport in activemq-cpp.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (AMQCPP-140) Add SSL transport
Posted by "Teemu Torma (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/activemq/browse/AMQCPP-140?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Teemu Torma updated AMQCPP-140:
-------------------------------
Attachment: (was: amqcpp-ssl.patch1)
> Add SSL transport
> -----------------
>
> Key: AMQCPP-140
> URL: https://issues.apache.org/activemq/browse/AMQCPP-140
> Project: ActiveMQ C++ Client
> Issue Type: New Feature
> Affects Versions: 2.2
> Reporter: Nathan Mittler
> Assignee: Nathan Mittler
> Fix For: 2.2
>
> Attachments: amqcpp-ssl.patch2
>
>
> Need a secure transport for activemq-cpp. Some options for ssl support:
> 1) OpenSSL - fairly robust set of ssl functions
> 2) APR - trunk has added support for ssl sockets. An attractive option, given that we're already starting to incorporate API in other areas.
> Should create a Java-like set of classes in decaf to add basic ssl support, then use those classes to make an SSLTransport in activemq-cpp.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.