You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@qpid.apache.org by "nidhal.kort" <ko...@gmail.com> on 2014/08/18 12:57:32 UTC
Unknown protocol: ssl for C++ client
Hi,
I'm trying to run a C++ client but I'm getting this error message :
*Unknown protocol: ssl (qpid/client/Connector.cpp:52)*
I've set and exported these variables:
set QPID_SSL_CERT_DB = nkort/certif
set QPID_SSL_CERT_NAME = CertificationName.crt
set QPID_SSL_CERT_PASSWORD_FILE = nkort/certif/qpid_Client_Pwd
set QPID_LOAD_MODULE =
abelaid/QpidBuild/RH5_PKG/Debug/lib/qpid/client/sslconnector.so
int main (int argc,char** argv)
{
ConnectionSettings settings;
Connection connection;
settings.protocol="ssl";
settings.tcpNoDelay = true;
settings.host="........"; //the IP adress
settings.port=xxxxx; //the port
settings.sslCertName="CertificationName.crt";
try
{
connection.open(settings);
Session session = connection.newSession();
std::cout<<"connecting ..."<< std::endl;
connection.close();
return 0;
}
catch(const std::exception& error)
{
std::cout << error.what() << std::endl;
}
return 1;
}
Any idea what could be the problem please?
Thanks
--
View this message in context: http://qpid.2158936.n2.nabble.com/Unknown-protocol-ssl-for-C-client-tp7611980.html
Sent from the Apache Qpid users mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@qpid.apache.org
For additional commands, e-mail: users-help@qpid.apache.org
Re: Unknown protocol: ssl for C++ client
Posted by Gordon Sim <gs...@redhat.com>.
On 08/26/2014 01:22 PM, nidhal.kort wrote:
> well I think I'm doing something wrong concerning the data base because
> certutil -V /.../nkort/certif ==>certutil -V: nickname is required for this
> command (-n).
Sorry, that was my fault, I forgot you need to specific a specific
certificate.
> Also when I try to list the certificates in the current directory with
> certutil -L -d .
> I get certutil: function failed: security library: bad database.
>
>
> I thought the database is just a repertory where I put my certificates (I
> have cert.crt certificate, cert.key private key, a keystore and truststore
> generated wih openssl and keytool).
>
> How should I proceed to use my certificates and keys to create a correct
> database.
You need to use certutil to create an NSS certificate database and
import any required certificates into that.
There is some online documentation for certutil:
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/tools/NSS_Tools_certutil
E.g. to initialise a database:
mkdir my_cert_db
certutil -N -d my_cert_db -f cert.password
then assuming you want to add in a certificate for the signer of the
brokers certificate you would do:
certutil -A -n my.host.acme.com -t "CT,," -d my_cert_db -a -i
/path/to/cert.crt
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@qpid.apache.org
For additional commands, e-mail: users-help@qpid.apache.org
Re: Unknown protocol: ssl for C++ client
Posted by "nidhal.kort" <ko...@gmail.com>.
Thank you all for your help.
@Jakub your link was very helpful, I've succeeded to create the database and
added the certificates.
For the unknown protocol ssl error I was setting the env var with a wrong
path.
Setting the correct paths resolved the issue
Regards,
Nidhal
--
View this message in context: http://qpid.2158936.n2.nabble.com/Unknown-protocol-ssl-for-C-client-tp7611980p7612708.html
Sent from the Apache Qpid users mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@qpid.apache.org
For additional commands, e-mail: users-help@qpid.apache.org
Re: Unknown protocol: ssl for C++ client
Posted by Jakub Scholz <ja...@scholz.cz>.
Hi Nidhal,
You can have a look at the chapter 4.1 of this document:
http://www.eurexclearing.com/blob/clearing-en/136500-861464/846488/3/data/eurex_clearing_messaging_connectivity_B_v100.pdf
It describes how to prepare the NSS database for the C++ client. If you
have your private key in Java KeyStore format, you can export it to P12
using the Java Keytool utility like this:
keytool -importkeystore -srckeystore *./keystore_certificate* -destkeystore
*./certificate.p12* -deststoretype PKCS12
Regards
Jakub
On Tue, Aug 26, 2014 at 2:22 PM, nidhal.kort <ko...@gmail.com> wrote:
> well I think I'm doing something wrong concerning the data base because
> certutil -V /.../nkort/certif ==>certutil -V: nickname is required for this
> command (-n).
>
> Also when I try to list the certificates in the current directory with
> certutil -L -d .
> I get certutil: function failed: security library: bad database.
>
>
> I thought the database is just a repertory where I put my certificates (I
> have cert.crt certificate, cert.key private key, a keystore and truststore
> generated wih openssl and keytool).
>
> How should I proceed to use my certificates and keys to create a correct
> database.
>
> Many thanks
>
>
>
> --
> View this message in context:
> http://qpid.2158936.n2.nabble.com/Unknown-protocol-ssl-for-C-client-tp7611980p7612558.html
> Sent from the Apache Qpid users mailing list archive at Nabble.com.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@qpid.apache.org
> For additional commands, e-mail: users-help@qpid.apache.org
>
>
Re: Unknown protocol: ssl for C++ client
Posted by "nidhal.kort" <ko...@gmail.com>.
well I think I'm doing something wrong concerning the data base because
certutil -V /.../nkort/certif ==>certutil -V: nickname is required for this
command (-n).
Also when I try to list the certificates in the current directory with
certutil -L -d .
I get certutil: function failed: security library: bad database.
I thought the database is just a repertory where I put my certificates (I
have cert.crt certificate, cert.key private key, a keystore and truststore
generated wih openssl and keytool).
How should I proceed to use my certificates and keys to create a correct
database.
Many thanks
--
View this message in context: http://qpid.2158936.n2.nabble.com/Unknown-protocol-ssl-for-C-client-tp7611980p7612558.html
Sent from the Apache Qpid users mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@qpid.apache.org
For additional commands, e-mail: users-help@qpid.apache.org
Re: Unknown protocol: ssl for C++ client
Posted by Gordon Sim <gs...@redhat.com>.
On 08/26/2014 11:31 AM, nidhal.kort wrote:
> Hi,
> Thanks Andreas and Gordon.
> Following this note
> "Note: The deprecated qpid::client API will be removed in the next release.
> Users should instead use the Qpid Messaging API."
>
> I've decided to use qpid::messaging API instead of qpid::client api.
>
> I've followed the edvice of Andreas,
>
> std:string broker("IP:port");
> Connection connection(broker, "{transport:ssl}");
>
> But still having the same error (if I replace ssl with tcp the error doesn't
> occur but I need to work with ssl)
>
> I compile with this command:
>
> g++ -I/....../abelaid/QpidBuild/RH5_PKG/Debug/include/
> -L/....../abelaid/QpidBuild/RH5_PKG/Debug/lib -lqpidmessaging
> -L/....../abelaid/QpidBuild/RH5_PKG/Debug/lib/qpid/client -lsslconnector -o
> conn3 Connection3.cpp
>
> And when I run my binary (with the log activated):
>
>
> 2014-08-26 12:19:04 [System] debug Exception constructed: Failed: NSS error
> [-8174] (qpid/sys/ssl/util.cpp:103)
> 2014-08-26 12:19:04 [Security] error Failed to initialise SSL connector:
> Failed: NSS error [-8174] (qpid/sys/ssl/util.cpp:103)
-8174 is SEC_ERROR_BAD_DATABASE. Does the user running this code have
read permission for the certificate database director? Can that user run
e.g. certutil -V /path/to/cert_db?
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@qpid.apache.org
For additional commands, e-mail: users-help@qpid.apache.org
Re: Unknown protocol: ssl for C++ client
Posted by "nidhal.kort" <ko...@gmail.com>.
Hi,
Thanks Andreas and Gordon.
Following this note
"Note: The deprecated qpid::client API will be removed in the next release.
Users should instead use the Qpid Messaging API."
I've decided to use qpid::messaging API instead of qpid::client api.
I've followed the edvice of Andreas,
std:string broker("IP:port");
Connection connection(broker, "{transport:ssl}");
But still having the same error (if I replace ssl with tcp the error doesn't
occur but I need to work with ssl)
I compile with this command:
g++ -I/....../abelaid/QpidBuild/RH5_PKG/Debug/include/
-L/....../abelaid/QpidBuild/RH5_PKG/Debug/lib -lqpidmessaging
-L/....../abelaid/QpidBuild/RH5_PKG/Debug/lib/qpid/client -lsslconnector -o
conn3 Connection3.cpp
And when I run my binary (with the log activated):
2014-08-26 12:19:04 [System] debug Exception constructed: Failed: NSS error
[-8174] (qpid/sys/ssl/util.cpp:103)
2014-08-26 12:19:04 [Security] error Failed to initialise SSL connector:
Failed: NSS error [-8174] (qpid/sys/ssl/util.cpp:103)
2014-08-26 12:19:04 [System] debug Exception constructed: Failed: NSS error
[-8174] (qpid/sys/ssl/util.cpp:103)
2014-08-26 12:19:04 [Security] error Failed to initialise SSL connector:
Failed: NSS error [-8174] (qpid/sys/ssl/util.cpp:103)
2014-08-26 12:19:04 [Client] debug Created connection 90.162.253.101:10170
with {transport:ssl}
2014-08-26 12:19:04 [Client] debug Starting connection,
urls=[90.162.253.101:10170]
2014-08-26 12:19:04 [Client] info Trying to connect to
90.162.253.101:10170...
2014-08-26 12:19:04 [Client] debug Created IO thread: 0
2014-08-26 12:19:04 [System] debug Exception constructed: Unknown protocol:
ssl (qpid/client/Connector.cpp:52)
Unknown protocol: ssl (qpid/client/Connector.cpp:52)
Thanks again.
--
View this message in context: http://qpid.2158936.n2.nabble.com/Unknown-protocol-ssl-for-C-client-tp7611980p7612547.html
Sent from the Apache Qpid users mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@qpid.apache.org
For additional commands, e-mail: users-help@qpid.apache.org
Re: Unknown protocol: ssl for C++ client
Posted by Gordon Sim <gs...@redhat.com>.
On 08/18/2014 12:08 PM, Andreas Welchlin wrote:
> Hi Nidhal,
>
> try to give the connection a property list as string like:
>
> Connection connection(brokerUrl, "{transport:ssl}");
>
> On my system this works. Please be aware that the property name is
> "transport" and not "protocol".
Well spotted, that is indeed likely to be the issue.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@qpid.apache.org
For additional commands, e-mail: users-help@qpid.apache.org
Re: Unknown protocol: ssl for C++ client
Posted by Andreas Welchlin <an...@welchlin.de>.
Hi Nidhal,
try to give the connection a property list as string like:
Connection connection(brokerUrl, "{transport:ssl}");
On my system this works. Please be aware that the property name is
"transport" and not "protocol".
Regards,
Andreas
Am 18.08.2014 um 12:57 schrieb nidhal.kort:
> Hi,
>
> I'm trying to run a C++ client but I'm getting this error message :
> *Unknown protocol: ssl (qpid/client/Connector.cpp:52)*
>
> I've set and exported these variables:
>
> set QPID_SSL_CERT_DB = nkort/certif
> set QPID_SSL_CERT_NAME = CertificationName.crt
> set QPID_SSL_CERT_PASSWORD_FILE = nkort/certif/qpid_Client_Pwd
> set QPID_LOAD_MODULE =
> abelaid/QpidBuild/RH5_PKG/Debug/lib/qpid/client/sslconnector.so
>
>
> int main (int argc,char** argv)
> {
>
> ConnectionSettings settings;
> Connection connection;
> settings.protocol="ssl";
> settings.tcpNoDelay = true;
> settings.host="........"; //the IP adress
> settings.port=xxxxx; //the port
> settings.sslCertName="CertificationName.crt";
> try
>
> {
> connection.open(settings);
> Session session = connection.newSession();
> std::cout<<"connecting ..."<< std::endl;
> connection.close();
> return 0;
> }
> catch(const std::exception& error)
> {
> std::cout << error.what() << std::endl;
> }
> return 1;
> }
>
> Any idea what could be the problem please?
> Thanks
>
>
>
> --
> View this message in context: http://qpid.2158936.n2.nabble.com/Unknown-protocol-ssl-for-C-client-tp7611980.html
> Sent from the Apache Qpid users mailing list archive at Nabble.com.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@qpid.apache.org
> For additional commands, e-mail: users-help@qpid.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@qpid.apache.org
For additional commands, e-mail: users-help@qpid.apache.org
Re: Unknown protocol: ssl for C++ client
Posted by Gordon Sim <gs...@redhat.com>.
On 08/18/2014 11:57 AM, nidhal.kort wrote:
> Hi,
>
> I'm trying to run a C++ client but I'm getting this error message :
> *Unknown protocol: ssl (qpid/client/Connector.cpp:52)*
>
> I've set and exported these variables:
>
> set QPID_SSL_CERT_DB = nkort/certif
> set QPID_SSL_CERT_NAME = CertificationName.crt
> set QPID_SSL_CERT_PASSWORD_FILE = nkort/certif/qpid_Client_Pwd
> set QPID_LOAD_MODULE =
> abelaid/QpidBuild/RH5_PKG/Debug/lib/qpid/client/sslconnector.so
>
>
> int main (int argc,char** argv)
> {
>
> ConnectionSettings settings;
> Connection connection;
> settings.protocol="ssl";
> settings.tcpNoDelay = true;
> settings.host="........"; //the IP adress
> settings.port=xxxxx; //the port
> settings.sslCertName="CertificationName.crt";
> try
>
> {
> connection.open(settings);
> Session session = connection.newSession();
> std::cout<<"connecting ..."<< std::endl;
> connection.close();
> return 0;
> }
> catch(const std::exception& error)
> {
> std::cout << error.what() << std::endl;
> }
> return 1;
> }
>
> Any idea what could be the problem please?
Turn up the logging, e.g. with export QPID_LOG_ENABLE=trace+ and see if
there are any issues reported
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@qpid.apache.org
For additional commands, e-mail: users-help@qpid.apache.org