You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@qpid.apache.org by ro...@apache.org on 2019/04/11 17:07:06 UTC
[qpid-proton] branch 0.27.x created (now 1b490b3)
This is an automated email from the ASF dual-hosted git repository.
robbie pushed a change to branch 0.27.x
in repository https://gitbox.apache.org/repos/asf/qpid-proton.git.
at 1b490b3 PROTON-2027: use make_work instead of lambda for wider platform coverage
This branch includes the following new commits:
new 8cb132b update versions to 0.27.1-SNAPSHOT
new 3d44d34 PROTON-2013: Updated Travis CI macOS jobs to be xcode8.3 and xcode10.1
new 790738e PROTON-1989: [c] Support TLSv1.3 with openssl 1.1.1
new 16c6220 PROTON-2010: Fix for Proton Python handling of comments and mech lists in connection config file. Also, small fix for JSON syntax in connect-config.md.
new 411f679 NO-JIRA: [c] missing break in send-ssl.c example
new c209b53 NO-JIRA: Fix unused-variable warning from clang
new 49ded1f PROTON-2017: [go] fix proton-c version check
new 3b6de8f PROTON-2004: [c] Allow Proton to compile with libressl
new 1b2c2ec PROTON-2018: [c] Introduce some ssl protocol tests
new 4aea0fd PROTON-2014: [c] Ensure SSL mutual authentication
new 2d3ba8a PROTON-2014: [c] Fix example broker to warn when it fails to set up ssl - Also make send-ssl tell you the remote peer
new 37e6a68 PROTON-2006: [C++] Fixed up service bus example to work - Connection options needed fixing -- You can't put user/password in the connection url anymore -- Need to turn SSL on and ensure SASL mech is PLAIN - Misuse of scheduling stopped the application exiting when finished
new fdeddad PROTON-2027: Make disconnect work like other wake mechanisms (eg. pn_connection_wake) and check for closing status. Count disconnects correctly for competing closes.
new 8a84224 PROTON-2027: Test case with two closing connection contexts competing with a third context in pn_proactor_disconnect().
new 1b490b3 PROTON-2027: use make_work instead of lambda for wider platform coverage
The 15 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@qpid.apache.org
For additional commands, e-mail: commits-help@qpid.apache.org
[qpid-proton] 12/15: PROTON-2006: [C++] Fixed up service bus
example to work - Connection options needed fixing -- You can't put
user/password in the connection url anymore -- Need to turn SSL on and
ensure SASL mech is PLAIN - Misuse of scheduling stopped the application
exiting when finished
Posted by ro...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
robbie pushed a commit to branch 0.27.x
in repository https://gitbox.apache.org/repos/asf/qpid-proton.git
commit 37e6a68de7dce46dcec13ca00415bb169934b747
Author: Andrew Stitcher <as...@apache.org>
AuthorDate: Tue Mar 26 16:26:26 2019 -0400
PROTON-2006: [C++] Fixed up service bus example to work
- Connection options needed fixing
-- You can't put user/password in the connection url anymore
-- Need to turn SSL on and ensure SASL mech is PLAIN
- Misuse of scheduling stopped the application exiting when finished
(cherry picked from commit eab1fef19b4e58a8b79408f29e10fe36b07a3b83)
---
cpp/examples/service_bus.cpp | 39 +++++++++++++++++++++++++--------------
1 file changed, 25 insertions(+), 14 deletions(-)
diff --git a/cpp/examples/service_bus.cpp b/cpp/examples/service_bus.cpp
index c99bca6..7f3052a 100644
--- a/cpp/examples/service_bus.cpp
+++ b/cpp/examples/service_bus.cpp
@@ -89,6 +89,7 @@ Done. No more messages.
#include <proton/message.hpp>
#include <proton/messaging_handler.hpp>
#include <proton/receiver_options.hpp>
+#include <proton/ssl.hpp>
#include <proton/sender.hpp>
#include <proton/sender_options.hpp>
#include <proton/source_options.hpp>
@@ -104,6 +105,7 @@ using proton::source_options;
using proton::connection_options;
using proton::sender_options;
using proton::receiver_options;
+using proton::ssl_client_options;
void do_next_sequence();
@@ -119,6 +121,7 @@ class session_receiver : public proton::messaging_handler {
private:
const std::string &connection_url;
const std::string &entity;
+ connection_options coptions;
proton::value session_identifier; // AMQP null type by default, matches any Service Bus sequence identifier
int message_count;
bool closed;
@@ -128,8 +131,10 @@ class session_receiver : public proton::messaging_handler {
proton::receiver receiver;
public:
- session_receiver(const std::string &c, const std::string &e,
- const char *sid) : connection_url(c), entity(e), message_count(0), closed(false), read_timeout(5000), last_read(0), container(0) {
+ session_receiver(const std::string &c, const std::string &e, const connection_options &co,
+ const char *sid) :
+ connection_url(c), entity(e), coptions(co),
+ message_count(0), closed(false), read_timeout(5000), last_read(0), container(0) {
if (sid)
session_identifier = std::string(sid);
// session_identifier is now either empty/null or an AMQP string type.
@@ -143,7 +148,7 @@ class session_receiver : public proton::messaging_handler {
void run (proton::container &c) {
message_count = 0;
closed = false;
- c.connect(connection_url, connection_options().handler(*this));
+ c.connect(connection_url, coptions.handler(*this));
container = &c;
}
@@ -159,7 +164,7 @@ class session_receiver : public proton::messaging_handler {
// identifier if none was specified).
last_read = proton::timestamp::now();
// Call this->process_timeout after read_timeout.
- container->schedule(read_timeout, [this]() { this->process_timeout(); });
+ connection.work_queue().schedule(read_timeout, [this]() { this->process_timeout(); });
}
void on_receiver_open(proton::receiver &r) OVERRIDE {
@@ -189,7 +194,7 @@ class session_receiver : public proton::messaging_handler {
std::cout << "Done. No more messages." << std::endl;
} else {
proton::duration next = deadline - now;
- container->schedule(next, [this]() { this->process_timeout(); });
+ receiver.work_queue().schedule(next, [this]() { this->process_timeout(); });
}
}
};
@@ -200,16 +205,18 @@ class session_sender : public proton::messaging_handler {
private:
const std::string &connection_url;
const std::string &entity;
+ connection_options coptions;
int msg_count;
int total;
int accepts;
public:
- session_sender(const std::string &c, const std::string &e) : connection_url(c), entity(e),
- msg_count(0), total(7), accepts(0) {}
+ session_sender(const std::string &c, const std::string &e, const connection_options &co) :
+ connection_url(c), entity(e), coptions(co),
+ msg_count(0), total(7), accepts(0) {}
void run(proton::container &c) {
- c.open_sender(connection_url + "/" + entity, sender_options(), connection_options().handler(*this));
+ c.open_sender(connection_url + "/" + entity, sender_options(), coptions.handler(*this));
}
void send_remaining_messages(proton::sender &s) {
@@ -261,9 +268,9 @@ class sequence : public proton::messaging_handler {
public:
static sequence *the_sequence;
- sequence (const std::string &c, const std::string &e) :
+ sequence (const std::string &c, const std::string &e, const connection_options &co) :
container(0), sequence_no(0),
- snd(c, e), rcv_red(c, e, "red"), rcv_green(c, e, "green"), rcv_null(c, e, NULL) {
+ snd(c, e, co), rcv_red(c, e, co, "red"), rcv_green(c, e, co, "green"), rcv_null(c, e, co, NULL) {
the_sequence = this;
}
@@ -291,7 +298,6 @@ void do_next_sequence() { sequence::the_sequence->next_sequence(); }
int main(int argc, char **argv) {
std::string sb_namespace; // i.e. "foo.servicebus.windows.net"
- // Make sure the next two are urlencoded for Proton
std::string sb_key_name; // shared access key name for entity (AKA "Policy Name")
std::string sb_key; // shared access key
std::string sb_entity; // AKA the service bus queue. Must enable
@@ -309,9 +315,14 @@ int main(int argc, char **argv) {
check_arg(sb_key_name, "policy");
check_arg(sb_key, "key");
check_arg(sb_entity, "entity");
- std::string connection_string("amqps://" + sb_key_name + ":" + sb_key + "@" + sb_namespace);
-
- sequence seq(connection_string, sb_entity);
+ std::string connection_string("amqps://" + sb_namespace);
+
+ sequence seq(connection_string, sb_entity,
+ connection_options()
+ .user(sb_key_name)
+ .password(sb_key)
+ .ssl_client_options(ssl_client_options())
+ .sasl_allowed_mechs("PLAIN"));
proton::container(seq).run();
return 0;
} catch (const std::exception& e) {
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@qpid.apache.org
For additional commands, e-mail: commits-help@qpid.apache.org
[qpid-proton] 07/15: PROTON-2017: [go] fix proton-c version check
Posted by ro...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
robbie pushed a commit to branch 0.27.x
in repository https://gitbox.apache.org/repos/asf/qpid-proton.git
commit 49ded1fb5a458cd73391b2af739231bfa4dad354
Author: Alan Conway <ac...@redhat.com>
AuthorDate: Thu Mar 7 13:34:43 2019 -0500
PROTON-2017: [go] fix proton-c version check
(cherry picked from commit ae3af505020b76c0027d068cc4139857d5521135)
---
go/src/qpid.apache.org/amqp/version.go | 10 ++++++----
1 file changed, 6 insertions(+), 4 deletions(-)
diff --git a/go/src/qpid.apache.org/amqp/version.go b/go/src/qpid.apache.org/amqp/version.go
index 31d69d2..f770d08 100644
--- a/go/src/qpid.apache.org/amqp/version.go
+++ b/go/src/qpid.apache.org/amqp/version.go
@@ -22,14 +22,16 @@ under the License.
// Update the generator and re-run if you need to modify this code.
//
-
package amqp
-// Version check for proton library.
-// Done here because this is the lowest-level dependency for all the proton Go packages.
+// Version check for compatible proton-c library.
+//
+// NOTE: the required version should NOT be increased unless the Go
+// library is modified to require some new proton-c API. That hasn't
+// happened for a long time.
// #include <proton/version.h>
-// #if PN_VERSION_MAJOR == 0 && PN_VERSION_MINOR < 27
+// #if PN_VERSION_MAJOR == 0 && PN_VERSION_MINOR < 10
// #error packages qpid.apache.org/... require Proton-C library version 0.10 or greater
// #endif
import "C"
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@qpid.apache.org
For additional commands, e-mail: commits-help@qpid.apache.org
[qpid-proton] 05/15: NO-JIRA: [c] missing break in send-ssl.c
example
Posted by ro...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
robbie pushed a commit to branch 0.27.x
in repository https://gitbox.apache.org/repos/asf/qpid-proton.git
commit 411f679ab023dd77254ae6be36aee2e70319ceb0
Author: Jiří Daněk <jd...@redhat.com>
AuthorDate: Thu Feb 21 17:51:49 2019 +0100
NO-JIRA: [c] missing break in send-ssl.c example
CID 214944 (#1 of 1): Missing break in switch (MISSING_BREAK)unterminated_case: The case for value
PN_CONNECTION_REMOTE_OPEN is not terminated by a 'break' statement.
(cherry picked from commit 01d88598ecccd8cd24bd02533bc476594412a1a0)
---
c/examples/send-ssl.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/c/examples/send-ssl.c b/c/examples/send-ssl.c
index 76e66a9..c8b9e0c 100644
--- a/c/examples/send-ssl.c
+++ b/c/examples/send-ssl.c
@@ -134,6 +134,7 @@ static bool handle(app_data_t* app, pn_event_t* event) {
printf("secure connection: %s\n", name);
fflush(stdout);
}
+ break;
}
case PN_LINK_FLOW: {
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@qpid.apache.org
For additional commands, e-mail: commits-help@qpid.apache.org
[qpid-proton] 06/15: NO-JIRA: Fix unused-variable warning from clang
Posted by ro...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
robbie pushed a commit to branch 0.27.x
in repository https://gitbox.apache.org/repos/asf/qpid-proton.git
commit c209b5312788b24eff4a3ef7fbfbb43d106306ed
Author: Jiri Danek <jd...@redhat.com>
AuthorDate: Wed Feb 20 22:49:26 2019 -0800
NO-JIRA: Fix unused-variable warning from clang
(cherry picked from commit f16be7816f5736e932ae588b605d36b67e757206)
---
c/src/core/codec.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/c/src/core/codec.c b/c/src/core/codec.c
index f8608a1..93b209f 100644
--- a/c/src/core/codec.c
+++ b/c/src/core/codec.c
@@ -337,6 +337,7 @@ int pni_inspect_exit(void *ctx, pn_data_t *data, pni_node_t *node)
if (node->next) {
if (parent && parent->atom.type == PN_MAP && (pni_node_lindex(data, node) % 2) == 0) {
err = pn_string_addf(str, "=");
+ if (err) return err;
} else if (parent && parent->atom.type == PN_DESCRIBED && node->prev == 0) {
err = pn_string_addf(str, " ");
if (err) return err;
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@qpid.apache.org
For additional commands, e-mail: commits-help@qpid.apache.org
[qpid-proton] 13/15: PROTON-2027: Make disconnect work like other
wake mechanisms (eg. pn_connection_wake) and check for closing status.
Count disconnects correctly for competing closes.
Posted by ro...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
robbie pushed a commit to branch 0.27.x
in repository https://gitbox.apache.org/repos/asf/qpid-proton.git
commit fdeddad3767dac5022df7dc966be6681293c173e
Author: Cliff Jansen <cl...@apache.org>
AuthorDate: Mon Apr 8 04:47:52 2019 -0700
PROTON-2027: Make disconnect work like other wake mechanisms (eg. pn_connection_wake) and check for closing status. Count disconnects correctly for competing closes.
(cherry picked from commit d4a6971af2c64b7d9e8aa31a1e807690d4f26a7e)
---
c/src/proactor/epoll.c | 18 ++++++++++--------
c/src/proactor/win_iocp.c | 8 ++++----
2 files changed, 14 insertions(+), 12 deletions(-)
diff --git a/c/src/proactor/epoll.c b/c/src/proactor/epoll.c
index 5537025..998a1b9 100644
--- a/c/src/proactor/epoll.c
+++ b/c/src/proactor/epoll.c
@@ -2051,11 +2051,11 @@ static bool proactor_remove(pcontext_t *ctx) {
bool can_free = true;
if (ctx->disconnecting) {
// No longer on contexts list
- if (--ctx->disconnect_ops == 0) {
- --p->disconnects_pending;
+ --p->disconnects_pending;
+ if (--ctx->disconnect_ops != 0) {
+ // procator_disconnect() does the free
+ can_free = false;
}
- else // procator_disconnect() still processing
- can_free = false; // this psocket
}
else {
// normal case
@@ -2262,13 +2262,14 @@ void pn_proactor_disconnect(pn_proactor_t *p, pn_condition_t *cond) {
ctx = next;
next = ctx->next; /* Save next pointer in case we free ctx */
bool do_free = false;
- bool ctx_notify = true;
+ bool ctx_notify = false;
pmutex *ctx_mutex = NULL;
pconnection_t *pc = pcontext_pconnection(ctx);
if (pc) {
ctx_mutex = &pc->context.mutex;
lock(ctx_mutex);
if (!ctx->closing) {
+ ctx_notify = true;
if (ctx->working) {
// Must defer
pc->queued_disconnect = true;
@@ -2292,6 +2293,7 @@ void pn_proactor_disconnect(pn_proactor_t *p, pn_condition_t *cond) {
ctx_mutex = &l->context.mutex;
lock(ctx_mutex);
if (!ctx->closing) {
+ ctx_notify = true;
if (cond) {
pn_condition_copy(pn_listener_condition(l), cond);
}
@@ -2308,16 +2310,16 @@ void pn_proactor_disconnect(pn_proactor_t *p, pn_condition_t *cond) {
// If initiating the close, wake the pcontext to do the free.
if (ctx_notify)
ctx_notify = wake(ctx);
+ if (ctx_notify)
+ wake_notify(ctx);
}
unlock(&p->context.mutex);
unlock(ctx_mutex);
+ // Unsafe to touch ctx after lock release, except if we are the designated final_free
if (do_free) {
if (pc) pconnection_final_free(pc);
else listener_final_free(pcontext_listener(ctx));
- } else {
- if (ctx_notify)
- wake_notify(ctx);
}
}
if (notify)
diff --git a/c/src/proactor/win_iocp.c b/c/src/proactor/win_iocp.c
index 59194c6..d2a2dd0 100644
--- a/c/src/proactor/win_iocp.c
+++ b/c/src/proactor/win_iocp.c
@@ -3263,11 +3263,11 @@ static bool proactor_remove(pcontext_t *ctx) {
bool can_free = true;
if (ctx->disconnecting) {
// No longer on contexts list
- if (--ctx->disconnect_ops == 0) {
- --p->disconnects_pending;
+ --p->disconnects_pending;
+ if (--ctx->disconnect_ops != 0) {
+ // proactor_disconnect() does the free
+ can_free = false;
}
- else // proactor_disconnect() still processing
- can_free = false; // this psocket
}
else {
// normal case
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@qpid.apache.org
For additional commands, e-mail: commits-help@qpid.apache.org
[qpid-proton] 11/15: PROTON-2014: [c] Fix example broker to warn
when it fails to set up ssl - Also make send-ssl tell you the remote peer
Posted by ro...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
robbie pushed a commit to branch 0.27.x
in repository https://gitbox.apache.org/repos/asf/qpid-proton.git
commit 2d3ba8aadc6657410a9e9f020c4d371cb41cd41b
Author: Andrew Stitcher <as...@apache.org>
AuthorDate: Fri Mar 8 13:14:34 2019 -0500
PROTON-2014: [c] Fix example broker to warn when it fails to set up ssl
- Also make send-ssl tell you the remote peer
(cherry picked from commit 159fac1f90d9b1ace1138d510176e7a5da54e9e9)
---
c/examples/broker.c | 8 ++++++--
c/examples/send-ssl.c | 10 +++++++++-
2 files changed, 15 insertions(+), 3 deletions(-)
diff --git a/c/examples/broker.c b/c/examples/broker.c
index 6ffe8ed..fd6aba2 100644
--- a/c/examples/broker.c
+++ b/c/examples/broker.c
@@ -301,6 +301,7 @@ static bool handle(broker_t* b, pn_event_t* e) {
pn_sasl_allowed_mechs(pn_sasl(t), "ANONYMOUS");
if (b->ssl_domain) {
pn_ssl_init(pn_ssl(t), b->ssl_domain, NULL);
+ pn_transport_require_encryption(t, false); /* Must call this after pn_ssl_init */
}
pn_listener_accept2(pn_event_listener(e), NULL, t);
break;
@@ -443,6 +444,7 @@ static void* broker_thread(void *void_broker) {
int main(int argc, char **argv) {
const char *host = (argc > 1) ? argv[1] : "";
const char *port = (argc > 2) ? argv[2] : "amqp";
+ int err;
broker_t b = {0};
b.proactor = pn_proactor();
@@ -450,8 +452,10 @@ int main(int argc, char **argv) {
b.container_id = argv[0];
b.threads = 4;
b.ssl_domain = pn_ssl_domain(PN_SSL_MODE_SERVER);
- SET_CREDENTIALS(b.ssl_domain, "tserver");
- pn_ssl_domain_allow_unsecured_client(b.ssl_domain); /* Allow SSL and plain connections */
+ err = SET_CREDENTIALS(b.ssl_domain, "tserver");
+ if (err) {
+ printf("Failed to set up server certificate: %s, private key: %s\n", CERTIFICATE("tserver"), SSL_FILE("tserver-private-key.pem"));
+ }
{
/* Listen on addr */
char addr[PN_MAX_ADDR];
diff --git a/c/examples/send-ssl.c b/c/examples/send-ssl.c
index c8b9e0c..0228192 100644
--- a/c/examples/send-ssl.c
+++ b/c/examples/send-ssl.c
@@ -116,6 +116,7 @@ static bool handle(app_data_t* app, pn_event_t* event) {
pn_connection_t* c = pn_event_connection(event);
pn_session_t* s = pn_session(pn_event_connection(event));
pn_connection_set_container(c, app->container_id);
+ pn_connection_set_hostname(c, app->host);
pn_connection_open(c);
pn_session_open(s);
{
@@ -131,8 +132,15 @@ static bool handle(app_data_t* app, pn_event_t* event) {
if (ssl) {
char name[1024];
pn_ssl_get_protocol_name(ssl, name, sizeof(name));
- printf("secure connection: %s\n", name);
+ {
+ const char *subject = pn_ssl_get_remote_subject(ssl);
+ if (subject) {
+ printf("secure connection: to %s using %s\n", subject, name);
+ } else {
+ printf("anonymous connection: using %s\n", name);
+ }
fflush(stdout);
+ }
}
break;
}
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@qpid.apache.org
For additional commands, e-mail: commits-help@qpid.apache.org
[qpid-proton] 01/15: update versions to 0.27.1-SNAPSHOT
Posted by ro...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
robbie pushed a commit to branch 0.27.x
in repository https://gitbox.apache.org/repos/asf/qpid-proton.git
commit 8cb132b3773dada106156ce4ef1226a00882d14e
Author: Robbie Gemmell <ro...@apache.org>
AuthorDate: Thu Apr 11 15:07:59 2019 +0100
update versions to 0.27.1-SNAPSHOT
---
VERSION.txt | 2 +-
python/docs/conf.py | 4 ++--
2 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/VERSION.txt b/VERSION.txt
index 1b58cc1..282da0a 100644
--- a/VERSION.txt
+++ b/VERSION.txt
@@ -1 +1 @@
-0.27.0
+0.27.1-SNAPSHOT
diff --git a/python/docs/conf.py b/python/docs/conf.py
index 0b5a187..c0b962f 100644
--- a/python/docs/conf.py
+++ b/python/docs/conf.py
@@ -48,9 +48,9 @@ copyright = u'2015-2019, Apache Qpid'
# built documents.
#
# The short X.Y version.
-version = '0.27.0'
+version = '0.27.1'
# The full version, including alpha/beta/rc tags.
-release = '0.27.0'
+release = '0.27.1-SNAPSHOT'
# The language for content autogenerated by Sphinx. Refer to documentation
# for a list of supported languages.
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@qpid.apache.org
For additional commands, e-mail: commits-help@qpid.apache.org
[qpid-proton] 08/15: PROTON-2004: [c] Allow Proton to compile with
libressl
Posted by ro...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
robbie pushed a commit to branch 0.27.x
in repository https://gitbox.apache.org/repos/asf/qpid-proton.git
commit 3b6de8f825ca1829815735edd88056a072d7acbe
Author: Andrew Stitcher <as...@apache.org>
AuthorDate: Mon Mar 4 13:49:53 2019 -0500
PROTON-2004: [c] Allow Proton to compile with libressl
(cherry picked from commit 87898b3d71aea5bfd9e4157d6da04071e1461339)
---
c/src/ssl/openssl.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/c/src/ssl/openssl.c b/c/src/ssl/openssl.c
index c791b73..89cc1aa 100644
--- a/c/src/ssl/openssl.c
+++ b/c/src/ssl/openssl.c
@@ -74,7 +74,7 @@ struct pn_ssl_domain_t {
char *ciphers;
int ref_count;
-#if OPENSSL_VERSION_NUMBER >= 0x10100000
+#ifdef SSL_SECOP_PEER
int default_seclevel;
#endif
pn_ssl_mode_t mode;
@@ -522,7 +522,7 @@ pn_ssl_domain_t *pn_ssl_domain( pn_ssl_mode_t mode )
// Mitigate the CRIME vulnerability
SSL_CTX_set_options(domain->ctx, SSL_OP_NO_COMPRESSION);
#endif
-#if OPENSSL_VERSION_NUMBER >= 0x10100000
+#ifdef SSL_SECOP_PEER
domain->default_seclevel = SSL_CTX_get_security_level(domain->ctx);
#endif
@@ -719,7 +719,7 @@ int pn_ssl_domain_set_peer_authentication(pn_ssl_domain_t *domain,
case PN_SSL_VERIFY_PEER:
case PN_SSL_VERIFY_PEER_NAME:
-#if OPENSSL_VERSION_NUMBER >= 0x10100000
+#ifdef SSL_SECOP_PEER
SSL_CTX_set_security_level(domain->ctx, domain->default_seclevel);
#endif
@@ -759,7 +759,7 @@ int pn_ssl_domain_set_peer_authentication(pn_ssl_domain_t *domain,
break;
case PN_SSL_ANONYMOUS_PEER: // hippie free love mode... :)
-#if OPENSSL_VERSION_NUMBER >= 0x10100000
+#ifdef SSL_SECOP_PEER
// Must use lowest OpenSSL security level to enable anonymous ciphers.
SSL_CTX_set_security_level(domain->ctx, 0);
#endif
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@qpid.apache.org
For additional commands, e-mail: commits-help@qpid.apache.org
[qpid-proton] 15/15: PROTON-2027: use make_work instead of lambda
for wider platform coverage
Posted by ro...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
robbie pushed a commit to branch 0.27.x
in repository https://gitbox.apache.org/repos/asf/qpid-proton.git
commit 1b490b30954616e7c135929153b20337666a84b7
Author: Cliff Jansen <cl...@apache.org>
AuthorDate: Tue Apr 9 14:04:41 2019 -0700
PROTON-2027: use make_work instead of lambda for wider platform coverage
(cherry picked from commit 5b6ed8e166c47922ee94502ac30a7d5c235a4406)
---
cpp/src/container_test.cpp | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/cpp/src/container_test.cpp b/cpp/src/container_test.cpp
index 5ad0e57..f48a676 100644
--- a/cpp/src/container_test.cpp
+++ b/cpp/src/container_test.cpp
@@ -409,6 +409,7 @@ void test_container_mt_stop() {
class test_mt_handler_wq : public test_mt_handler {
public:
proton::work_queue *wq_;
+ proton::work call_do_close_;
proton::connection connection_;
std::mutex wqlock_;
@@ -421,6 +422,7 @@ public:
if (!connection_) {
connection_ = c;
wq_ = &c.work_queue();
+ call_do_close_ = make_work(&test_mt_handler_wq::do_close, this);
}
else
return;
@@ -429,7 +431,7 @@ public:
}
void initiate_close() {
std::unique_lock<std::mutex> l(wqlock_);
- wq_->add( [this]() { this->do_close(); });
+ wq_->add(call_do_close_);
}
void do_close() { connection_.close(); }
void on_connection_close(proton::connection &) PN_CPP_OVERRIDE { set("closed"); }
@@ -488,4 +490,3 @@ int main(int argc, char** argv) {
#endif
return failed;
}
-
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@qpid.apache.org
For additional commands, e-mail: commits-help@qpid.apache.org
[qpid-proton] 02/15: PROTON-2013: Updated Travis CI macOS jobs to
be xcode8.3 and xcode10.1
Posted by ro...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
robbie pushed a commit to branch 0.27.x
in repository https://gitbox.apache.org/repos/asf/qpid-proton.git
commit 3d44d34284e1cea4b3cb9c45389bd8314461ca16
Author: Roddie Kieley <rk...@apache.org>
AuthorDate: Thu Mar 7 09:44:52 2019 -0330
PROTON-2013: Updated Travis CI macOS jobs to be xcode8.3 and xcode10.1
(cherry picked from commit dba3586158fe1cbd7b477c58338ed6e6b5d1c019)
---
.travis.yml | 11 ++++-------
1 file changed, 4 insertions(+), 7 deletions(-)
diff --git a/.travis.yml b/.travis.yml
index d3cfabb..d6fa114 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -33,26 +33,23 @@ matrix:
- bash <(curl -s https://codecov.io/bash)
- os: osx
- osx_image: xcode7.3
+ osx_image: xcode8.3
env:
- PKG_CONFIG_PATH='/usr/local/opt/openssl/lib/pkgconfig'
- PATH="/usr/local/opt/python/libexec/bin:/usr/local/bin:$PATH"
- - QPID_PROTON_CMAKE_ARGS='-DCMAKE_OSX_DEPLOYMENT_TARGET=10.11 -DBUILD_RUBY=NO'
+ - QPID_PROTON_CMAKE_ARGS='-DCMAKE_OSX_DEPLOYMENT_TARGET=10.12 -DBUILD_RUBY=NO'
before_install:
- brew update
- - brew upgrade cmake openssl
- brew install libuv swig
- os: osx
- osx_image: xcode9
+ osx_image: xcode10.1
env:
- PKG_CONFIG_PATH='/usr/local/opt/openssl/lib/pkgconfig'
- PATH="/usr/local/opt/python/libexec/bin:/usr/local/bin:$PATH"
- - QPID_PROTON_CMAKE_ARGS='-DCMAKE_OSX_DEPLOYMENT_TARGET=10.13 -DBUILD_RUBY=NO'
+ - QPID_PROTON_CMAKE_ARGS='-DCMAKE_OSX_DEPLOYMENT_TARGET=10.13 -DBUILD_RUBY=NO -DBUILD_PYTHON=OFF'
before_install:
- brew update
- - brew uninstall postgis
- - brew upgrade cmake python openssl
- brew install libuv swig
# Note addons is apt specific at the moment and will not be applied for osx.
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@qpid.apache.org
For additional commands, e-mail: commits-help@qpid.apache.org
[qpid-proton] 10/15: PROTON-2014: [c] Ensure SSL mutual
authentication
Posted by ro...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
robbie pushed a commit to branch 0.27.x
in repository https://gitbox.apache.org/repos/asf/qpid-proton.git
commit 4aea0fd8502f5e9af7f22fd60645eeec07bce0b2
Author: Andrew Stitcher <as...@apache.org>
AuthorDate: Thu Mar 7 15:51:11 2019 -0500
PROTON-2014: [c] Ensure SSL mutual authentication
(cherry picked from commit 97c7733f07712665f3d08091c82c393e4c3adbf7)
---
c/src/ssl/openssl.c | 8 ++++++++
c/src/ssl/schannel.c | 5 +++++
2 files changed, 13 insertions(+)
diff --git a/c/src/ssl/openssl.c b/c/src/ssl/openssl.c
index 89cc1aa..63d7562 100644
--- a/c/src/ssl/openssl.c
+++ b/c/src/ssl/openssl.c
@@ -756,6 +756,14 @@ int pn_ssl_domain_set_peer_authentication(pn_ssl_domain_t *domain,
#if (OPENSSL_VERSION_NUMBER < 0x00905100L)
SSL_CTX_set_verify_depth(domain->ctx, 1);
#endif
+
+ // A bit of a hack - If we asked for peer verification then disallow anonymous ciphers
+ // A much more robust thing would be to ensure that we actually have a peer certificate
+ // when we've finished the SSL handshake
+ if (!domain->ciphers && !SSL_CTX_set_cipher_list( domain->ctx, CIPHERS_AUTHENTICATE )) {
+ ssl_log_error("Failed to set cipher list to %s", CIPHERS_AUTHENTICATE);
+ return -1;
+ }
break;
case PN_SSL_ANONYMOUS_PEER: // hippie free love mode... :)
diff --git a/c/src/ssl/schannel.c b/c/src/ssl/schannel.c
index 15e7d8a..bebaf56 100644
--- a/c/src/ssl/schannel.c
+++ b/c/src/ssl/schannel.c
@@ -1354,6 +1354,11 @@ static void server_handshake(pn_transport_t* transport)
ssl_log(transport, "server handshake successful %d max record size", max);
break;
+ case SEC_E_ALGORITHM_MISMATCH:
+ ssl_log(transport, "server handshake failed: no common algorithm");
+ ssl_failed(transport, "server handshake failed: no common algorithm");
+ break;
+
case SEC_I_CONTEXT_EXPIRED:
// ended before we got going
default:
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@qpid.apache.org
For additional commands, e-mail: commits-help@qpid.apache.org
[qpid-proton] 04/15: PROTON-2010: Fix for Proton Python handling of
comments and mech lists in connection config file. Also,
small fix for JSON syntax in connect-config.md.
Posted by ro...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
robbie pushed a commit to branch 0.27.x
in repository https://gitbox.apache.org/repos/asf/qpid-proton.git
commit 16c62204c65f4ae7a867606569fb90279ed987ae
Author: Kim van der Riet <kv...@localhost.localdomain>
AuthorDate: Tue Feb 26 12:20:25 2019 -0500
PROTON-2010: Fix for Proton Python handling of comments and mech lists in connection config file. Also, small fix for JSON syntax in connect-config.md.
(cherry picked from commit 4f18c353b5f73cc020d3ba3b66600e7ddc7d5441) with fixups
---
docs/connect-config.md | 4 ++--
python/proton/_common.py | 1 -
python/proton/_reactor.py | 17 ++++++++++++++++-
python/proton/_transport.py | 2 ++
4 files changed, 20 insertions(+), 4 deletions(-)
diff --git a/docs/connect-config.md b/docs/connect-config.md
index eeaea4e..ec3b5ff 100644
--- a/docs/connect-config.md
+++ b/docs/connect-config.md
@@ -35,8 +35,8 @@ values, all properties are optional.
// Note: it is an error to have a "tls" object unless scheme="amqps"
"tls": {
"cert": null, // [string] name of client certificate or database
- "key": null // [string] private key or identity for client certificate
+ "key": null, // [string] private key or identity for client certificate
"ca": null, // [string] name of CA certificate or database
- "verify": true, // [bool] if true, require a valid cert with matching host name
+ "verify": true // [bool] if true, require a valid cert with matching host name
}
}
diff --git a/python/proton/_common.py b/python/proton/_common.py
index 3715c6a..d64f408 100644
--- a/python/proton/_common.py
+++ b/python/proton/_common.py
@@ -77,7 +77,6 @@ def unicode2utf8(string):
# Anything else illegal - specifically python3 bytes
raise TypeError("Unrecognized string type: %r (%s)" % (string, type(string)))
-
def utf82unicode(string):
"""Convert C strings returned from proton-c into python unicode"""
if string is None:
diff --git a/python/proton/_reactor.py b/python/proton/_reactor.py
index a47625f..19abf39 100644
--- a/python/proton/_reactor.py
+++ b/python/proton/_reactor.py
@@ -20,6 +20,7 @@
from __future__ import absolute_import
import json
+import re
import os
import logging
import traceback
@@ -740,10 +741,24 @@ def get_default_config():
conf = os.environ.get('MESSAGING_CONNECT_FILE') or find_config_file()
if conf and os.path.isfile(conf):
with open(conf, 'r') as f:
- return json.load(f)
+ json_text = f.read()
+ json_text = _strip_json_comments(json_text)
+ return json.loads(json_text)
else:
return {}
+def _strip_json_comments(json_text):
+ """This strips c-style comments from text, taking into account '/*comments*/' and '//comments'
+ nested inside a string etc."""
+ def replacer(match):
+ s = match.group(0)
+ if s.startswith('/'):
+ return " " # note: a space and not an empty string
+ else:
+ return s
+ pattern = re.compile(r'//.*?$|/\*.*?\*/|\'(?:\\.|[^\\\'])*\'|"(?:\\.|[^\\"])*"', re.DOTALL | re.MULTILINE)
+ return re.sub(pattern, replacer, json_text)
+
def get_default_port_for_scheme(scheme):
if scheme == 'amqps':
return 5671
diff --git a/python/proton/_transport.py b/python/proton/_transport.py
index 3db0078..7b2e30b 100644
--- a/python/proton/_transport.py
+++ b/python/proton/_transport.py
@@ -307,6 +307,8 @@ class SASL(Wrapper):
return outcome
def allowed_mechs(self, mechs):
+ if isinstance(mechs, list):
+ mechs = " ".join(mechs)
pn_sasl_allowed_mechs(self._sasl, unicode2utf8(mechs))
def _get_allow_insecure_mechs(self):
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@qpid.apache.org
For additional commands, e-mail: commits-help@qpid.apache.org
[qpid-proton] 14/15: PROTON-2027: Test case with two closing
connection contexts competing with a third context in
pn_proactor_disconnect().
Posted by ro...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
robbie pushed a commit to branch 0.27.x
in repository https://gitbox.apache.org/repos/asf/qpid-proton.git
commit 8a84224cc79377b09bed59a33d1d11b641b45505
Author: Cliff Jansen <cl...@apache.org>
AuthorDate: Mon Apr 8 04:58:48 2019 -0700
PROTON-2027: Test case with two closing connection contexts competing with a third context in pn_proactor_disconnect().
(cherry picked from commit f973528912b3b74e8d1e50317429e202e9f51ec4)
---
cpp/src/container_test.cpp | 61 +++++++++++++++++++++++++++++++++++++++++++++-
1 file changed, 60 insertions(+), 1 deletion(-)
diff --git a/cpp/src/container_test.cpp b/cpp/src/container_test.cpp
index 0e74aaa..5ad0e57 100644
--- a/cpp/src/container_test.cpp
+++ b/cpp/src/container_test.cpp
@@ -375,7 +375,7 @@ void test_container_mt_stop_empty() {
} catch (const std::exception &e) {
std::cerr << FAIL_MSG(e.what()) << std::endl;
// If join hangs, let the test die by timeout. We cannot
- // detach and continue: deleting the container while t is
+ // detach and continue: deleting the container while it is
// still alive will put the process in an undefined state.
t.join();
throw;
@@ -406,6 +406,64 @@ void test_container_mt_stop() {
}
}
+class test_mt_handler_wq : public test_mt_handler {
+public:
+ proton::work_queue *wq_;
+ proton::connection connection_;
+ std::mutex wqlock_;
+
+ test_mt_handler_wq() : wq_(0) {}
+
+ void on_connection_open(proton::connection &c) PN_CPP_OVERRIDE {
+ {
+ std::unique_lock<std::mutex> l(wqlock_);
+ // Just record first connection side, inbound or outbound
+ if (!connection_) {
+ connection_ = c;
+ wq_ = &c.work_queue();
+ }
+ else
+ return;
+ }
+ test_mt_handler::on_connection_open(c);
+ }
+ void initiate_close() {
+ std::unique_lock<std::mutex> l(wqlock_);
+ wq_->add( [this]() { this->do_close(); });
+ }
+ void do_close() { connection_.close(); }
+ void on_connection_close(proton::connection &) PN_CPP_OVERRIDE { set("closed"); }
+};
+
+void test_container_mt_close_race() {
+ test_mt_handler_wq th;
+ proton::container c(th);
+ c.auto_stop(false);
+ container_runner runner(c);
+ auto t = std::thread(runner);
+ // Must ensure that thread is joined
+ try {
+ test_listen_handler lh;
+ ASSERT_EQUAL("start", th.wait());
+ c.listen("//:0", lh); // Also opens a connection
+ ASSERT_EQUAL("open", th.wait());
+ th.initiate_close();
+ ASSERT_EQUAL("closed", th.wait());
+ // The two sides of the connection are closing, each with its
+ // own connection context. Start a proactor disconnect to run
+ // competing close cleanup in a third context. PROTON-2027.
+ c.stop();
+ t.join();
+ } catch (const std::exception& e) {
+ std::cerr << FAIL_MSG(e.what()) << std::endl;
+ // If join hangs, let the test die by timeout. We cannot
+ // detach and continue: deleting the container while t is
+ // still alive will put the process in an undefined state.
+ t.join();
+ throw;
+ }
+}
+
#endif
} // namespace
@@ -426,6 +484,7 @@ int main(int argc, char** argv) {
#if PN_CPP_SUPPORTS_THREADS
RUN_ARGV_TEST(failed, test_container_mt_stop_empty());
RUN_ARGV_TEST(failed, test_container_mt_stop());
+ RUN_ARGV_TEST(failed, test_container_mt_close_race());
#endif
return failed;
}
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@qpid.apache.org
For additional commands, e-mail: commits-help@qpid.apache.org
[qpid-proton] 03/15: PROTON-1989: [c] Support TLSv1.3 with openssl
1.1.1
Posted by ro...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
robbie pushed a commit to branch 0.27.x
in repository https://gitbox.apache.org/repos/asf/qpid-proton.git
commit 790738e469350eab5dea1ddbd9907c583d06261f
Author: Andrew Stitcher <as...@apache.org>
AuthorDate: Fri Feb 22 16:20:07 2019 -0500
PROTON-1989: [c] Support TLSv1.3 with openssl 1.1.1
(cherry picked from commit 7db4c2c0b720c567d808ae71e49abeb734f5a6a2)
---
c/include/proton/ssl.h | 2 +-
c/src/ssl/openssl.c | 16 +++++++++++++---
c/tests/ssl_test.cpp | 12 ++++++++++++
3 files changed, 26 insertions(+), 4 deletions(-)
diff --git a/c/include/proton/ssl.h b/c/include/proton/ssl.h
index 81a17a2..8258e16 100644
--- a/c/include/proton/ssl.h
+++ b/c/include/proton/ssl.h
@@ -232,7 +232,7 @@ PN_EXTERN int pn_ssl_domain_set_peer_authentication(pn_ssl_domain_t *domain,
* @param[in] domain the ssl domain to configure.
* @param[in] protocols string representing the protocol list.
* This list is a space separated string of the allowed TLS protocols,
- * The current possibilities are TLSv1 TLSv1.1 TLSv1.2. None of the earlier SSL
+ * The current possibilities are TLSv1 TLSv1.1 TLSv1.2 TLSv1.3. None of the earlier SSL
* protocols are allowed for security reason.
*
* @note If this API not called then all the TLS protocols are allowed. The API only acts to
diff --git a/c/src/ssl/openssl.c b/c/src/ssl/openssl.c
index c2b5869..c791b73 100644
--- a/c/src/ssl/openssl.c
+++ b/c/src/ssl/openssl.c
@@ -624,10 +624,20 @@ int pn_ssl_domain_set_protocols(pn_ssl_domain_t *domain, const char *protocols)
{
{"TLSv1", SSL_OP_NO_TLSv1},
{"TLSv1.1", SSL_OP_NO_TLSv1_1},
- {"TLSv1.2", SSL_OP_NO_TLSv1_2}
+ {"TLSv1.2", SSL_OP_NO_TLSv1_2},
+#ifdef SSL_OP_NO_TLSv1_3
+ {"TLSv1.3", SSL_OP_NO_TLSv1_3},
+#endif
};
static const char seps[] = " ,;";
- static const long all_prots = SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1 | SSL_OP_NO_TLSv1_2;
+ static const long all_prots =
+ SSL_OP_NO_TLSv1
+ | SSL_OP_NO_TLSv1_1
+ | SSL_OP_NO_TLSv1_2
+#ifdef SSL_OP_NO_TLSv1_3
+ | SSL_OP_NO_TLSv1_3
+#endif
+ ;
// Start with all protocols turned off
long options = all_prots;
@@ -643,7 +653,7 @@ int pn_ssl_domain_set_protocols(pn_ssl_domain_t *domain, const char *protocols)
}
if (tsize==0) break; // No more tokens
- // Linear search the posibilities for the option to set
+ // Linear search the possibilities for the option to set
for (size_t i = 0; i<sizeof(protocol_options)/sizeof(*protocol_options); ++i) {
if (strncmp(token, protocol_options[i].name, tsize)==0) {
options &= ~protocol_options[i].option;
diff --git a/c/tests/ssl_test.cpp b/c/tests/ssl_test.cpp
index bd1e228..122ad4c 100644
--- a/c/tests/ssl_test.cpp
+++ b/c/tests/ssl_test.cpp
@@ -41,12 +41,24 @@ TEST_CASE("ssl_protocols") {
CHECK(pn_ssl_domain_set_protocols(sd, "TLSv1.1") == 0);
CHECK(pn_ssl_domain_set_protocols(sd, "TLSv1.2") == 0);
+ // Check whether TLS 1.3 is supported
+ bool tls1_3 = (pn_ssl_domain_set_protocols(sd, "TLSv1.3") == 0);
+
// Multiple protocols
CHECK(pn_ssl_domain_set_protocols(sd, "TLSv1 TLSv1.1 TLSv1.2") == 0);
CHECK(pn_ssl_domain_set_protocols(sd, "TLSv1 TLSv1.1") == 0);
CHECK(pn_ssl_domain_set_protocols(sd, "TLSv1.1 TLSv1.2") == 0);
CHECK(pn_ssl_domain_set_protocols(sd, "TLSv1 TLSv1.2") == 0);
+ // Can only do these if we have tls 1.3
+ if (tls1_3) {
+ CHECK(pn_ssl_domain_set_protocols(sd, "TLSv1 TLSv1.1 TLSv1.2 TLSv1.3") == 0);
+ CHECK(pn_ssl_domain_set_protocols(sd, "TLSv1.2 TLSv1.3") == 0);
+ } else {
+ CHECK(pn_ssl_domain_set_protocols(sd, "TLSv1 TLSv1.1 TLSv1.2 TLSv1.3") == PN_ARG_ERR);
+ CHECK(pn_ssl_domain_set_protocols(sd, "TLSv1.2 TLSv1.3") == PN_ARG_ERR);
+ }
+
// Illegal separators
CHECK(pn_ssl_domain_set_protocols(sd, "TLSv1/TLSv1.1 TLSv1.2") == PN_ARG_ERR);
CHECK(pn_ssl_domain_set_protocols(sd, "TLSv1-TLSv1.1 TLSv1.2") == PN_ARG_ERR);
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@qpid.apache.org
For additional commands, e-mail: commits-help@qpid.apache.org
[qpid-proton] 09/15: PROTON-2018: [c] Introduce some ssl protocol
tests
Posted by ro...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
robbie pushed a commit to branch 0.27.x
in repository https://gitbox.apache.org/repos/asf/qpid-proton.git
commit 1b2c2ec755d7cba9f7f94cde76bd11d59f146b24
Author: Andrew Stitcher <as...@apache.org>
AuthorDate: Thu Mar 7 15:50:08 2019 -0500
PROTON-2018: [c] Introduce some ssl protocol tests
(cherry picked from commit 2e7b4027ae63471b95d0f2a829a798d3329b395a)
---
c/tests/CMakeLists.txt | 5 +
c/tests/ssl_proactor_test.cpp | 213 ++++++++++++++++++++++++++++++++++++++++++
2 files changed, 218 insertions(+)
diff --git a/c/tests/CMakeLists.txt b/c/tests/CMakeLists.txt
index 502e9a5..3642112 100644
--- a/c/tests/CMakeLists.txt
+++ b/c/tests/CMakeLists.txt
@@ -42,6 +42,8 @@ if (CMAKE_CXX_COMPILER)
set_target_properties(${exe} PROPERTIES
COMPILE_FLAGS "${CMAKE_CXX_FLAGS} ${CXX_WARNING_FLAGS}")
add_test(NAME ${exe} COMMAND ${test_env} ${TEST_EXE_PREFIX_CMD} $<TARGET_FILE:${exe}>)
+ set_tests_properties(${exe} PROPERTIES
+ WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR})
endmacro()
## Tests that depend only on qpid-proton-core
@@ -66,6 +68,9 @@ if (CMAKE_CXX_COMPILER)
add_c_test(c-proactor-test pn_test_proactor.cpp proactor_test.cpp)
target_link_libraries(c-proactor-test qpid-proton-core qpid-proton-proactor ${PLATFORM_LIBS})
+ add_c_test(c-ssl-proactor-test pn_test_proactor.cpp ssl_proactor_test.cpp)
+ target_link_libraries(c-ssl-proactor-test qpid-proton-core qpid-proton-proactor ${PLATFORM_LIBS})
+
# Thread race test.
#
# TODO aconway 2018-11-14: enable by default when races and xcode
diff --git a/c/tests/ssl_proactor_test.cpp b/c/tests/ssl_proactor_test.cpp
new file mode 100644
index 0000000..c9eafc7
--- /dev/null
+++ b/c/tests/ssl_proactor_test.cpp
@@ -0,0 +1,213 @@
+/*
+ *
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+
+#include "./pn_test_proactor.hpp"
+
+#include <proton/connection.h>
+#include <proton/condition.h>
+#include <proton/delivery.h>
+#include <proton/link.h>
+#include <proton/listener.h>
+#include <proton/netaddr.h>
+#include <proton/proactor.h>
+#include <proton/session.h>
+#include <proton/sasl.h>
+#include <proton/ssl.h>
+#include <proton/transport.h>
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+typedef struct app_data_t {
+ const char *amqp_address;
+ const char *container_id;
+
+ pn_ssl_domain_t *server_ssl_domain;
+
+ bool connection_succeeded;
+ bool transport_error;
+} app_data_t;
+
+/* Note must be run in the current directory to find certificate files */
+#define SSL_FILE(NAME) "ssl-certs/" NAME
+#define SSL_PW "tclientpw"
+/* Windows vs. OpenSSL certificates */
+#if defined(_WIN32)
+# define CERTIFICATE(NAME) SSL_FILE(NAME "-certificate.p12")
+# define SET_CREDENTIALS(DOMAIN, NAME) \
+ pn_ssl_domain_set_credentials(DOMAIN, SSL_FILE(NAME "-full.p12"), "", SSL_PW)
+#else
+# define CERTIFICATE(NAME) SSL_FILE(NAME "-certificate.pem")
+# define SET_CREDENTIALS(DOMAIN, NAME) \
+ pn_ssl_domain_set_credentials(DOMAIN, CERTIFICATE(NAME), SSL_FILE(NAME "-private-key.pem"), SSL_PW)
+#endif
+
+
+/* Returns true to continue, false if finished */
+static bool server_handler(app_data_t* app, pn_event_t* event) {
+ pn_listener_t *l = pn_event_listener(event);
+ switch (pn_event_type(event)) {
+
+ // Server side
+ case PN_LISTENER_ACCEPT: {
+ /* Configure a transport to allow SSL and SASL connections. See ssl_domain setup in main() */
+ pn_transport_t *t = pn_transport();
+ pn_transport_set_server(t); /* Must call before pn_sasl() */
+ pn_sasl_allowed_mechs(pn_sasl(t), "ANONYMOUS");
+ if (app->server_ssl_domain) {
+ pn_ssl_init(pn_ssl(t), app->server_ssl_domain, NULL);
+ }
+ pn_listener_accept2(l, NULL, t);
+
+ /* Accept only one connection */
+ pn_listener_close(l);
+ break;
+ }
+
+ case PN_TRANSPORT_CLOSED:
+ break;
+
+ default: break;
+ }
+ return true;
+}
+
+static bool client_handler(app_data_t* app, pn_event_t* event) {
+ switch (pn_event_type(event)) {
+ // Client side
+ case PN_CONNECTION_INIT: {
+ pn_connection_t* c = pn_event_connection(event);
+ pn_session_t* s = pn_session(pn_event_connection(event));
+ pn_connection_set_container(c, app->container_id);
+ pn_connection_open(c);
+ pn_session_open(s);
+ {
+ pn_link_t* l = pn_sender(s, "my_sender");
+ pn_terminus_set_address(pn_link_target(l), app->amqp_address);
+ pn_link_open(l);
+ break;
+ }
+ }
+
+ case PN_CONNECTION_BOUND: {
+ break;
+ }
+
+ case PN_CONNECTION_REMOTE_OPEN:
+ app->connection_succeeded = true;
+ pn_connection_close(pn_event_connection(event));
+ break;
+
+ case PN_TRANSPORT_ERROR:
+ app->transport_error = true;
+ break;
+
+ case PN_CONNECTION_REMOTE_CLOSE:
+ pn_connection_close(pn_event_connection(event));
+ break;
+
+ case PN_SESSION_REMOTE_CLOSE:
+ pn_connection_close(pn_event_connection(event));
+ break;
+
+ case PN_LINK_REMOTE_CLOSE:
+ case PN_LINK_REMOTE_DETACH:
+ pn_connection_close(pn_event_connection(event));
+ break;
+
+ default: break;
+ }
+ return true;
+}
+
+typedef bool handler_t(app_data_t* app, pn_event_t* event);
+void run(pn_proactor_t *p, app_data_t *app, handler_t *shandler, handler_t *chandler) {
+ /* Loop and handle server/client events */
+ do {
+ pn_event_batch_t *events = pn_proactor_wait(p);
+ pn_event_t *e;
+ for (e = pn_event_batch_next(events); e; e = pn_event_batch_next(events)) {
+ if (pn_event_type(e)==PN_PROACTOR_INACTIVE) {
+ return;
+ }
+
+ if (pn_event_listener(e)) {
+ if (!shandler(app, e)) {
+ return;
+ }
+ } else {
+ if (!chandler(app, e)) {
+ return;
+ }
+ }
+ }
+ pn_proactor_done(p, events);
+ } while(true);
+}
+
+TEST_CASE("ssl") {
+ struct app_data_t app = {0};
+
+ app.container_id = "ssl-test";
+ app.amqp_address = "fubar";
+
+ pn_test::auto_free<pn_proactor_t, pn_proactor_free> proactor(pn_proactor());
+
+ /* Configure server for default SSL */
+ pn_test::auto_free<pn_ssl_domain_t, pn_ssl_domain_free>
+ sd(pn_ssl_domain(PN_SSL_MODE_SERVER));
+ app.server_ssl_domain = sd;
+
+ /* Configure a client for SSL */
+ pn_transport_t *t = pn_transport();
+ pn_test::auto_free<pn_ssl_domain_t, pn_ssl_domain_free>
+ cd(pn_ssl_domain(PN_SSL_MODE_CLIENT));
+
+ SECTION("Anonymous connections don't verify") {
+ REQUIRE(pn_ssl_domain_set_trusted_ca_db(cd, CERTIFICATE("tclient")) == 0);
+ REQUIRE(pn_ssl_domain_set_peer_authentication(cd, PN_SSL_VERIFY_PEER_NAME, NULL) == 0);
+ REQUIRE(pn_ssl_init(pn_ssl(t), cd, NULL) == 0);
+
+ pn_proactor_listen(proactor, pn_listener(), "", 16);
+ pn_proactor_connect2(proactor, NULL, t, "");
+
+ run(proactor, &app, server_handler, client_handler);
+ CHECK(app.connection_succeeded==false);
+ CHECK(app.transport_error==true);
+ }
+
+ SECTION("Anonymous connections connect if anonymous allowed") {
+#ifndef _WIN32
+ REQUIRE(pn_ssl_domain_set_peer_authentication(cd, PN_SSL_ANONYMOUS_PEER, NULL) == 0);
+ REQUIRE(pn_ssl_init(pn_ssl(t), cd, NULL) == 0);
+
+ pn_proactor_listen(proactor, pn_listener(), "", 16);
+ pn_proactor_connect2(proactor, NULL, t, "");
+
+ run(proactor, &app, server_handler, client_handler);
+ CHECK(app.connection_succeeded==true);
+ CHECK(app.transport_error==false);
+#else
+ SUCCEED("Skipped: Windows schannel does not support anonymous connections");
+#endif
+ }
+}
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@qpid.apache.org
For additional commands, e-mail: commits-help@qpid.apache.org