You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@qpid.apache.org by Hari Pyla <ha...@vt.edu> on 2014/05/15 17:11:34 UTC
SSL environment variables for C++ clients
Hi,
I am setting the SSL client environment variables for a C++ client and
I ran into the following issue.
When I set them at the command line and run the client program things
works as expected. However, when I try to set them programmatically
prior(in program order) to opening a connection, qpid seems to ignore
the environment variables. I was wondering if there is anyway to specify
the environment variables programmatically in the qpid C++ client.
===configuration===
1. version: qpid-0.28-rc2
2. /etc/qpidd.conf
acl-file=/etc/qpid/qpidd.acl
auth=yes
realm=QPID
no-data-dir=yes
sasl-config=/etc/sasl2/
log-to-stderr=no
log-enable=debug+
log-to-syslog=yes
ssl-cert-db=/tmp/test/server_db/
ssl-cert-password-file=/tmp/test/server_db/qpid-broker-pfile
ssl-cert-name=localhost
ssl-port=5671
require-encryption=yes
transport=ssl
ssl-require-client-authentication=yes
ssl-sasl-no-dict=no
3. modified C++ client (from
http://svn.apache.org/repos/asf/qpid/trunk/qpid/cpp/examples/messaging/client.cpp)
#include <qpid/messaging/Address.h>
#include <qpid/messaging/Connection.h>
#include <qpid/messaging/Message.h>
#include <qpid/messaging/Receiver.h>
#include <qpid/messaging/Sender.h>
#include <qpid/messaging/Session.h>
#include<cstdlib>
#include<iostream>
#include<stdlib.h>
#include<sstream>
using namespace qpid::messaging;
using std::stringstream;
using std::string;
int main(int argc, char** argv)
{
const char* url = "localhost:5671";
std::string connectionOptions =
"{username:admin,password:admin,transport:ssl}";
setenv("QPID_SSL_CERT_NAME", "QpidCppClient", 1);
setenv("QPID_SSL_CERT_DB", "/tmp/test/client_db", 1);
setenv("QPID_SSL_CERT_PASSWORD_FILE",
"/tmp/test/qpid-client-pfile", 1);
Connection connection(url, connectionOptions);
setenv("QPID_SSL_CERT_NAME", "QpidCppClient", 1);
setenv("QPID_SSL_CERT_DB", "/tmp/test/client_db", 1);
setenv("QPID_SSL_CERT_PASSWORD_FILE",
"/tmp/test/qpid-client-pfile", 1);
try
{
try
{
std::cout << "set QPID_SSL_CERT_NAME:" <<
getenv("QPID_SSL_CERT_NAME") << "\n";
std::cout << "set QPID_SSL_CERT_DB:" <<
getenv("QPID_SSL_CERT_DB") << "\n";
std::cout << "set QPID_SSL_CERT_PASSWORD_FILE:" <<
getenv("QPID_SSL_CERT_PASSWORD_FILE") << "\n";
connection.open();
}
catch (const std::exception& e)
{
std::cout << e.what() << "\n";
std::cout << "set QPID_SSL_CERT_NAME:" <<
getenv("QPID_SSL_CERT_NAME") << "\n";
std::cout << "set QPID_SSL_CERT_DB:" <<
getenv("QPID_SSL_CERT_DB") << "\n";
std::cout << "set QPID_SSL_CERT_PASSWORD_FILE:" <<
getenv("QPID_SSL_CERT_PASSWORD_FILE") << "\n";
}
Session session = connection.createSession();
Sender sender = session.createSender("service_queue");
Receiver receiver = session.createReceiver("#");
Address responseQueue = receiver.getAddress();
string s[] =
{
"Twas brillig, and the slithy toves",
"Did gire and gymble in the wabe.",
"All mimsy were the borogroves,",
"And the mome raths outgrabe."
};
Message request;
request.setReplyTo(responseQueue);
for (int i=0; i<4; i++)
{
request.setContent(s[i]);
sender.send(request);
Message response = receiver.fetch();
std::cout << request.getContent() << " -> " <<
response.getContent() << std::endl;
}
connection.close();
return 0;
}
catch(const std::exception& error)
{
std::cout << error.what() << std::endl;
connection.close();
}
return 1;
}
ii) compiled:
g++ -g -o test test.cpp -lqpidclient -lqpidmessaging
iii) run:
#./test
set QPID_SSL_CERT_NAME:QpidCppClient
set QPID_SSL_CERT_DB:/tmp/test/client_db
set QPID_SSL_CERT_PASSWORD_FILE:/tmp/test/qpid-client-pfile
Unknown protocol: ssl
(/builddir/build/BUILD/qpid-0.28-rc2/cpp/src/qpid/client/Connector.cpp:52)
set QPID_SSL_CERT_NAME:QpidCppClient
set QPID_SSL_CERT_DB:/tmp/test/client_db
set QPID_SSL_CERT_PASSWORD_FILE:/tmp/test/qpid-client-pfile
Failed to connect (reconnect disabled)
Thanks,
--Hari
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@qpid.apache.org
For additional commands, e-mail: users-help@qpid.apache.org
Re: SSL environment variables for C++ clients
Posted by Hari Pyla <ha...@vt.edu>.
On 05/27/2014 05:00 AM, Gordon Sim wrote:
> On 05/27/2014 01:58 AM, Hari Pyla wrote:
>> Hi Gordon,
>> I guess another artifact of such an initialization process is that if
>> a process forks a child process and if the child attempts to create a
>> new connection then it would fail in the child process. This precludes a
>> qid client from creating multiple processes which in turn can create
>> connections to the broker.
>
> We could probably change the initialisation to occur only on creation
> of the first SSL connection. If you raise a JIRA for that (and include
> your two examples, env vars and forking), then I'll try and get a fix in.
>
Hi Gordon,
Thank you for the prompt response. Please find the JIRA link below.
https://issues.apache.org/jira/browse/QPID-5788
Best,
--Hari
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@qpid.apache.org
> For additional commands, e-mail: users-help@qpid.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@qpid.apache.org
For additional commands, e-mail: users-help@qpid.apache.org
Re: SSL environment variables for C++ clients
Posted by Gordon Sim <gs...@redhat.com>.
On 05/27/2014 01:58 AM, Hari Pyla wrote:
> Hi Gordon,
> I guess another artifact of such an initialization process is that if
> a process forks a child process and if the child attempts to create a
> new connection then it would fail in the child process. This precludes a
> qid client from creating multiple processes which in turn can create
> connections to the broker.
We could probably change the initialisation to occur only on creation of
the first SSL connection. If you raise a JIRA for that (and include your
two examples, env vars and forking), then I'll try and get a fix in.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@qpid.apache.org
For additional commands, e-mail: users-help@qpid.apache.org
Re: SSL environment variables for C++ clients
Posted by Hari Pyla <ha...@vt.edu>.
On 5/19/14, 5:44 AM, Gordon Sim wrote:
> On 05/15/2014 04:11 PM, Hari Pyla wrote:
>> Hi,
>> I am setting the SSL client environment variables for a C++ client and
>> I ran into the following issue.
>> When I set them at the command line and run the client program things
>> works as expected. However, when I try to set them programmatically
>> prior(in program order) to opening a connection, qpid seems to ignore
>> the environment variables. I was wondering if there is anyway to specify
>> the environment variables programmatically in the qpid C++ client.
>
> The issue here is that the variables relating to finding and opening
> the certificate db are needed when initialising the NSS library, and
> this is not specific to any connection. At present the NSS library is
> initialised when the qpid client library is loaded.
>
Hi Gordon,
I guess another artifact of such an initialization process is that if
a process forks a child process and if the child attempts to create a
new connection then it would fail in the child process. This precludes a
qid client from creating multiple processes which in turn can create
connections to the broker. See below example. Is this currently a
limitation of qpid C++ client. My current work around to this issue is
to clone qpid client process with CLONE_VM flags set so all the newly
created process share the same virtual address pages of the qpid client
library.
===example===
#include <qpid/messaging/Connection.h>
#include<cstdlib>
#include<iostream>
#include<stdlib.h>
using namespace qpid::messaging;
int foo()
{
const char* url = "localhost:5672";
std::string connectionOptions =
"{username:test,password:test,transport:ssl}";
Connection connection(url, connectionOptions);
try
{
connection.open();
}
catch (const std::exception& e)
{
std::cout << e.what() << "\n";
}
connection.close();
return 0;
}
int main()
{
int retval = -1;
retval = fork();
if (retval == 0)
foo();
else
sleep(5);
return 0;
}
===error message===
On C++ qpid broker:
May 26 20:50:00 qa1 qpidd[21500]: 2014-05-26 20:50:00 [System] error
Error reading socket: Success(0)
On C++ qpid client:
2014-05-26 20:50:00 [Security] warning Connect failed: Failed: NSS error
[-8023]
(/builddir/build/BUILD/qpid-0.28-rc2/cpp/src/qpid/sys/ssl/SslSocket.cpp:156)
2014-05-26 20:50:00 [Client] warning Connection closed
Thanks,
-Hari
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@qpid.apache.org
> For additional commands, e-mail: users-help@qpid.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@qpid.apache.org
For additional commands, e-mail: users-help@qpid.apache.org
Re: SSL environment variables for C++ clients
Posted by Gordon Sim <gs...@redhat.com>.
On 05/15/2014 04:11 PM, Hari Pyla wrote:
> Hi,
> I am setting the SSL client environment variables for a C++ client and
> I ran into the following issue.
> When I set them at the command line and run the client program things
> works as expected. However, when I try to set them programmatically
> prior(in program order) to opening a connection, qpid seems to ignore
> the environment variables. I was wondering if there is anyway to specify
> the environment variables programmatically in the qpid C++ client.
The issue here is that the variables relating to finding and opening the
certificate db are needed when initialising the NSS library, and this is
not specific to any connection. At present the NSS library is
initialised when the qpid client library is loaded.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@qpid.apache.org
For additional commands, e-mail: users-help@qpid.apache.org