You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@qpid.apache.org by Joe Porto <Jo...@agilex.com> on 2011/11/08 20:42:24 UTC
SSL connection problems from rabbitMQ client
I am running the .12 release of a java qpid broker. I am trying to access it via a rabbitmq java client. When not using SSL, this works well and I am able to send and receive a msg on the client. When I enable SSL and try to connect to the SSL port on the broker, I get a SocketTimeOutException on the client side. Tracing through the rabbitMQ code – it looks like this occurs when the client tries sending just the AMQP header. On the qpid broker, this error is thrown in the log:
ERROR [MINANetworkDriver(Acceptor)-15] (MINANetworkDriver.java:315) - Exception thrown and no ProtocolEngine to handle it
java.lang.NullPointerException
at org.apache.qpid.transport.network.mina.MINANetworkDriver.messageReceived(MINANetworkDriver.java:337)
at org.apache.mina.common.support.AbstractIoFilterChain$TailFilter.messageReceived(AbstractIoFilterChain.java:703)
at org.apache.mina.common.support.AbstractIoFilterChain.callNextMessageReceived(AbstractIoFilterChain.java:362)
at org.apache.mina.common.support.AbstractIoFilterChain.access$1200(AbstractIoFilterChain.java:54)
at org.apache.mina.common.support.AbstractIoFilterChain$EntryImpl$1.messageReceived(AbstractIoFilterChain.java:800)
at org.apache.mina.filter.executor.ExecutorFilter.processEvent(ExecutorFilter.java:243)
at org.apache.mina.filter.executor.ExecutorFilter$ProcessEventsRunnable.run(ExecutorFilter.java:305)
at edu.emory.mathcs.backport.java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:665)
at edu.emory.mathcs.backport.java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:690)
at java.lang.Thread.run(Thread.java:680)
---------------------------
My sample client code looks like this: (the client hangs on factory.newConnection();, and eventually the socket times out)
ConnectionFactory factory = new ConnectionFactory();
factory.setHost("10.1.21.21");
factory.setPort(8672);
factory.setVirtualHost("10.1.21.21");
factory.useSslProtocol("TLS");
Connection conn = factory.newConnection();
Channel channel = conn.createChannel();
…
---------------------
Any help would be greatly appreciated!
-Joe
RE: SSL connection problems from rabbitMQ client
Posted by Joe Porto <Jo...@agilex.com>.
Got it - yes the .15 version works correctly via SSL. Thanks!
My next step is to try and use the qpid client code to talk to a c++ broker. The issue is Android doesn't have the javax namespace... thus the JNDI stuff doesn't fly. Any way to get a connection started via qpid client without using that namespace?
________________________________________
From: Robbie Gemmell [robbie.gemmell@gmail.com]
Sent: Sunday, November 13, 2011 4:51 PM
To: users@qpid.apache.org
Subject: Re: SSL connection problems from rabbitMQ client
Either you are looking in the wrong bin directory, or you have not
built everything.
running 'ant build' in the java directory builds all the modules into
the build folder with build/lib containing all the jars, build/bin
containing all the scripts, build/etc containing all the config, etc.
running 'ant release-bin' from the java directory will get you binary
release artefacts built into qpid/java/<module/release/ for each
module (if it has a release artefact) which includes necessary libs
and any dependencies it has on other modules (such as broker and
client depending on common).
Or alternatively you can just grab the nightly artefact from:
https://builds.apache.org/view/M-R/view/Qpid/job/Qpid-Java-Artefact-Release/lastSuccessfulBuild/artifact/trunk/qpid/java/broker/release/
Robbie
On 13 November 2011 21:39, Joe Porto <Jo...@agilex.com> wrote:
> As for building from trunk.... I'm getting this error when running:
> qpid-run: No such file or directory
>
> I checked out from SVN, ran ant and built everything under the JAVA folder, and set the env variables...
> I noticed there is no qpid-run in the bin folder? What am I missing?
>
> Joe
> _____________________________________
> From: Robbie Gemmell [robbie.gemmell@gmail.com]
> Sent: Sunday, November 13, 2011 4:28 PM
> To: users@qpid.apache.org
> Subject: Re: SSL connection problems from rabbitMQ client
>
> I have no idea how to pass properties to Android applications.
>
> If you run it as a standard Java Application through Eclipse then you
> can set the properties using the JVM arguments section of the run
> options, or set environment variables using the environment section.
>
> qpid-server uses qpid-run, which certainly does use JAVA_OPTS, or else
> my broker just magically knew what I wanted earlier when I tried this
> before emailing the instructions:)
>
> Robbie
>
> On 13 November 2011 20:07, Joe Porto <Jo...@agilex.com> wrote:
>> Hmm
>>
>> Still no luck... How do you pass those variables to an android application? I'm running through eclipse... Also, qpid doesn't seem to make use of the JAVA_OPTS variable? I've changed that, but don't see any SSL debug output (I'm running qpid by the qpid-server command.. )
>> Joe
>> ________________________________________
>> From: Robbie Gemmell [robbie.gemmell@gmail.com]
>> Sent: Sunday, November 13, 2011 1:38 PM
>> To: users@qpid.apache.org
>> Subject: Re: SSL connection problems from rabbitMQ client
>>
>> Hi Joe,
>>
>> For the broker side I edited the etc/config.xml file as follows:
>> 1. Enable SSL by setting connector.ssl.enabled to true.
>> 2. Give the keystore path via connector.ssl.keyStorePath
>> 3. Give the keystore password via connector.ssl.keyStorePassword (I
>> admitedly forgot to tell you that its 'password' for those keystore
>> files, but it complains about that if its wrong).
>>
>> Giving the following (replacing /path/to as appropriate):
>> ...
>> <connector>
>> <ssl>
>> <port>5671</port>
>> <enabled>true</enabled>
>> <sslOnly>false</sslOnly>
>> <keyStorePath>/path/to/qpid/java/test-profiles/test_resources/ssl/java_broker_keystore.jks</keyStorePath>
>> <keyStorePassword>password</keyStorePassword>
>> </ssl>
>> ...etc
>>
>> For the client side I used two examples based on those at
>> http://www.rabbitmq.com/ssl.html, the first of which doesnt specify a
>> truststore and a second which does:
>>
>> RabbitExample.java
>> ==============
>> import java.io.*;
>> import java.security.*;
>> import javax.net.ssl.*;
>>
>> import com.rabbitmq.client.*;
>>
>> public class RabbitExample
>> {
>> public static void main(String[] args) throws Exception
>> {
>> ConnectionFactory factory = new ConnectionFactory();
>> factory.setHost("localhost");
>> factory.setPort(5671);
>> factory.useSslProtocol("TLS"); //Using just
>> factory.useSslProtocol(); works equally well here.
>>
>> Connection conn = factory.newConnection();
>> Channel channel = conn.createChannel();
>>
>> channel.queueDeclare("rabbitmq-java-test", false, true, true, null);
>> channel.basicPublish("", "rabbitmq-java-test", null, "Hello,
>> World".getBytes());
>>
>> GetResponse chResponse = channel.basicGet("rabbitmq-java-test", false);
>> if(chResponse == null) {
>> System.out.println("No message retrieved");
>> } else {
>> byte[] body = chResponse.getBody();
>> System.out.println("Recieved: " + new String(body));
>> }
>>
>> channel.close();
>> conn.close();
>> }
>> }
>>
>>
>> ExpandedRabbitExample.java
>> =====================
>> import java.io.*;
>> import java.security.*;
>> import javax.net.ssl.*;
>>
>> import com.rabbitmq.client.*;
>>
>> public class ExpandedRabbitExample
>> {
>> private static final String TRUSTSTORE =
>> "/path/to/qpid/java/test-profiles/test_resources/ssl/java_client_truststore.jks";
>> private static final String TRUSTSTORE_PASSWORD = "password";
>>
>> public static void main(String[] args) throws Exception
>> {
>> KeyStore tks = KeyStore.getInstance("JKS");
>> tks.load(new FileInputStream(TRUSTSTORE),
>> TRUSTSTORE_PASSWORD.toCharArray());
>>
>> TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
>> tmf.init(tks);
>>
>> SSLContext c = SSLContext.getInstance("TLS");
>> c.init(null, tmf.getTrustManagers(), null);
>>
>> ConnectionFactory factory = new ConnectionFactory();
>> factory.setHost("localhost");
>> factory.setPort(5671);
>> factory.useSslProtocol(c);
>>
>> Connection conn = factory.newConnection();
>> Channel channel = conn.createChannel();
>>
>> channel.queueDeclare("rabbitmq-java-test", false, true, true, null);
>> channel.basicPublish("", "rabbitmq-java-test", null, "Hello,
>> World".getBytes());
>>
>> GetResponse chResponse = channel.basicGet("rabbitmq-java-test", false);
>> if(chResponse == null) {
>> System.out.println("No message retrieved");
>> } else {
>> byte[] body = chResponse.getBody();
>> System.out.println("Recieved: " + new String(body));
>> }
>>
>> channel.close();
>> conn.close();
>> }
>> }
>>
>>
>> If you cant get the above working, it would be good if you turned on
>> SSL debug logging to get more information by setting the
>> 'javax.net.debug' system property to 'ssl' for both the client and
>> broker (for which you can export "-Djavax.net.debug=ssl" into the
>> JAVA_OPTS environment variable before startup to pass the value),
>> which will cause them to emit SSL logging to stdout.
>>
>> Robbie
>>
>> On 13 November 2011 00:52, Joe Porto <Jo...@agilex.com> wrote:
>>> Hmm I tried this again (this time with the trunk version of qpid) with the same problem (socket times out)… I put the broker_keystore path in the config file…. Did you? Can you list the steps you did to make this work? And the code you're using on the client?
>>>
>>>
>>> Joe
>>> ________________________________________
>>> From: Robbie Gemmell [robbie.gemmell@gmail.com]
>>> Sent: Friday, November 11, 2011 6:03 PM
>>> To: users@qpid.apache.org
>>> Subject: Re: SSL connection problems from rabbitMQ client
>>>
>>> On 11 November 2011 22:13, Joe Porto <Jo...@agilex.com> wrote:
>>>> I'm assuming you imported those files into your keystore…. When I do that, I'm getting the following error:
>>>>
>>>
>>> Which files? The test ones I mentioned from our repo? Those already
>>> are keystore files, with our test certificates/keys/cacerts imported
>>> as necessary, so you dont need to do anything to them to use them for
>>> testing.
>>>
>>> My comments about importing were directed at the guide you linked to,
>>> which says nothing about Java keystores because it seems to be for
>>> configuring an HTTPD installation and therefore the files created by
>>> it certainly wont work as-is.
>>>
>>>> Certificate not imported, alias <RootCA> already exists
>>>>
>>>> I've tried running: keytool -delete -alias RootCA
>>>>
>>>> But, I get an exception: keystore file does not exist….. I've been messing around with trying to tell it which keystore, but I don't know which keystore it's complaining about?
>>>>
>>>> Keystore –list returns an error saying keystore file does not exist… (and the path to follow doesn't exist…)
>>>>
>>>
>>> You dont appear to be telling it any keystore file location (
>>> -keystore <store>) in the above commands, so I imagine it is just
>>> looking in the default location as a result?
>>>
>>> This isnt a process we have documented since there are a wealth of
>>> different options to choose from, everyones needs are slightly
>>> different, and the various component parts of [self signed] SSL
>>> certificates and Java with SSL are documented to death elsewhere
>>> already...but perhaps we need to.
>>>
>>>> Joe
>>>>
>>>> From: Robbie Gemmell <ro...@gmail.com>>
>>>> Date: Thu, 10 Nov 2011 18:10:53 -0500
>>>> To: Joe Porto <jo...@agilex.com>>
>>>> Cc: "users@qpid.apache.org<ma...@qpid.apache.org>" <us...@qpid.apache.org>>
>>>> Subject: Re: SSL connection problems from rabbitMQ client
>>>>
>>>> Are you just using the files created from that guide directly? If so
>>>> that could be the problem, since you need to import the certificate /
>>>> key into a truststore / keystore file before using them, e.g. using
>>>> the keytool command bundled with the JDK.
>>>>
>>>> Robbie
>>>>
>>>> On 10 November 2011 22:21, Joe Porto <Jo...@agilex.com>> wrote:
>>>> Ah I read your response too quickly! I enabled the use SSL setting to true
>>>> in the config.xml…and I used the keystore and truststore that I created
>>>> myself following this website:
>>>> http://www.akadia.com/services/ssh_test_certificate.html
>>>> I'll give the sample ones a shot…
>>>>
>>>> Joe
>>>>
>>>> From: Robbie Gemmell <ro...@gmail.com>>
>>>>
>>>> Date: Thu, 10 Nov 2011 16:48:32 -0500
>>>> To: Joe Porto <jo...@agilex.com>>
>>>> Cc: "users@qpid.apache.org<ma...@qpid.apache.org>" <us...@qpid.apache.org>>
>>>> Subject: Re: SSL connection problems from rabbitMQ client
>>>>
>>>> Erm, so was I ? :)
>>>> Robbie
>>>> On 10 November 2011 21:26, Joe Porto <Jo...@agilex.com>> wrote:
>>>>
>>>> I was using a Qpid Broker…
>>>> Joe
>>>> From: Robbie Gemmell <ro...@gmail.com>>
>>>> Date: Thu, 10 Nov 2011 16:20:54 -0500
>>>> To: Joe Porto <jo...@agilex.com>>
>>>> Cc: "users@qpid.apache.org<ma...@qpid.apache.org>" <us...@qpid.apache.org>>
>>>> Subject: Re: SSL connection problems from rabbitMQ client
>>>> Hi Joe,
>>>> I just tried out connecting the RabbitMQ client using SSL to the
>>>> latest trunk revision of the Java broker, and it seemed to work ok
>>>> (well, it did make me notice that when we changed IO layers for the
>>>> broker and some protocols for the client recently that we missed a
>>>> limitation of SSLSocket that mean ConnectionClose currently generates
>>>> a nice stacktrace...but other than that, it works). Deliberately
>>>> making the client connect to the brokers 'plain' port failed as
>>>> expected, as did setting the client not to use SSL and connecting it
>>>> to the brokers SSL port. As well as the simpler 'no verification'
>>>> example you were using, I used an exapanded example based on those at
>>>> http://www.rabbitmq.com/ssl.html (the Java broker doesnt currently
>>>> support validating client certificates so I removed those bits).
>>>> Could you share how you are configuring the broker, and creating your
>>>> certificates? I used the broker keystore and client truststore we use
>>>> in our tests, which are located at
>>>> qpid/java/test-profiles/test_resources/ssl/java_broker_keystore.jks
>>>> and qpid/java/test-profiles/test_resources/ssl/java_client_truststore.jks
>>>> in a checkout of our trunk
>>>> (http://svn.apache.org/repos/asf/qpid/trunk/)
>>>> Regards,
>>>> Robbie
>>>> On 9 November 2011 20:45, Joe Porto <Jo...@agilex.com>> wrote:
>>>> I don't know… only have been playing with the qpid broker….
>>>> From: Robbie Gemmell <ro...@gmail.com>>
>>>> Date: Wed, 9 Nov 2011 15:44:04 -0500
>>>> To: "users@qpid.apache.org<ma...@qpid.apache.org>" <us...@qpid.apache.org>>
>>>> Cc: Joe Porto <jo...@agilex.com>>
>>>> Subject: Re: SSL connection problems from rabbitMQ client
>>>> Interesting. This isnt a combination that I have tried before, but I
>>>> dont know any obvious reason it wouldnt work. I will try to take a
>>>> look at it, but it isnt likely to be for a few days at best. The
>>>> default example broker config was changed to use port 5671 because
>>>> that is the assigned port for AMQP + SSL, I dont know where the number
>>>> previously [not] used in the config came from.
>>>> Out of interest, do you know if the client SSL example works ok when
>>>> using the RabbitMQ broker?
>>>> Robbie
>>>> On 8 November 2011 20:55, Joe Porto <Jo...@agilex.com>> wrote:
>>>> Hi Robbie,
>>>> Thanks for the quick feedback. I installed the .15 version and enabled the
>>>> configuration to use SSL (interesting they changed the port to 5671). It
>>>> still fails from the client side at the same point (when it's trying to send
>>>> the header) , but this time it doesn't throw an error in the server log.
>>>> Thoughts?
>>>> Joe
>>>> From: Robbie Gemmell <ro...@gmail.com>>
>>>> Reply-To: "users@qpid.apache.org<ma...@qpid.apache.org>" <us...@qpid.apache.org>>
>>>> Date: Tue, 8 Nov 2011 15:16:04 -0500
>>>> To: "users@qpid.apache.org<ma...@qpid.apache.org>" <us...@qpid.apache.org>>
>>>> Subject: Re: SSL connection problems from rabbitMQ client
>>>> Put simply, SSL support in the broker wasnt functional until after
>>>> 0.12 was finalised. It was fixed as part of the development stream for
>>>> 0.14, which branched from trunk a few days ago for release in around a
>>>> month.
>>>> You will need to use a non-release version if you want to make it work
>>>> in the mean time. You can get a nightly release build of the current
>>>> trunk broker at the following URL if you want to at least try it out:
>>>> https://builds.apache.org/view/M-R/view/Qpid/job/Qpid-Java-Release/lastSuccessfulBuild/artifact/trunk/qpid/java/broker/release/
>>>> Robbie
>>>> On 8 November 2011 19:42, Joe Porto <Jo...@agilex.com>> wrote:
>>>> I am running the .12 release of a java qpid broker. I am trying to access
>>>> it via a rabbitmq java client. When not using SSL, this works well and I am
>>>> able to send and receive a msg on the client. When I enable SSL and try to
>>>> connect to the SSL port on the broker, I get a SocketTimeOutException on the
>>>> client side. Tracing through the rabbitMQ code – it looks like this occurs
>>>> when the client tries sending just the AMQP header. On the qpid broker,
>>>> this error is thrown in the log:
>>>> ERROR [MINANetworkDriver(Acceptor)-15] (MINANetworkDriver.java:315) -
>>>> Exception thrown and no ProtocolEngine to handle it
>>>> java.lang.NullPointerException
>>>> at
>>>> org.apache.qpid.transport.network.mina.MINANetworkDriver.messageReceived(MINANetworkDriver.java:337)
>>>> at
>>>> org.apache.mina.common.support.AbstractIoFilterChain$TailFilter.messageReceived(AbstractIoFilterChain.java:703)
>>>> at
>>>> org.apache.mina.common.support.AbstractIoFilterChain.callNextMessageReceived(AbstractIoFilterChain.java:362)
>>>> at
>>>> org.apache.mina.common.support.AbstractIoFilterChain.access$1200(AbstractIoFilterChain.java:54)
>>>> at
>>>> org.apache.mina.common.support.AbstractIoFilterChain$EntryImpl$1.messageReceived(AbstractIoFilterChain.java:800)
>>>> at
>>>> org.apache.mina.filter.executor.ExecutorFilter.processEvent(ExecutorFilter.java:243)
>>>> at
>>>> org.apache.mina.filter.executor.ExecutorFilter$ProcessEventsRunnable.run(ExecutorFilter.java:305)
>>>> at
>>>> edu.emory.mathcs.backport.java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:665)
>>>> at
>>>> edu.emory.mathcs.backport.java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:690)
>>>> at java.lang.Thread.run(Thread.java:680)
>>>> ---------------------------
>>>> My sample client code looks like this: (the client hangs on
>>>> factory.newConnection();, and eventually the socket times out)
>>>> ConnectionFactory factory = new ConnectionFactory();
>>>> factory.setHost("10.1.21.21");
>>>> factory.setPort(8672);
>>>> factory.setVirtualHost("10.1.21.21");
>>>> factory.useSslProtocol("TLS");
>>>> Connection conn = factory.newConnection();
>>>> Channel channel = conn.createChannel();
>>>> …
>>>> ---------------------
>>>> Any help would be greatly appreciated!
>>>> -Joe
>>>> ---------------------------------------------------------------------
>>>> Apache Qpid - AMQP Messaging Implementation
>>>> Project: http://qpid.apache.org
>>>> Use/Interact: mailto:users-subscribe@qpid.apache.org
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>
>>> ---------------------------------------------------------------------
>>> Apache Qpid - AMQP Messaging Implementation
>>> Project: http://qpid.apache.org
>>> Use/Interact: mailto:users-subscribe@qpid.apache.org
>>>
>>>
>>> ---------------------------------------------------------------------
>>> Apache Qpid - AMQP Messaging Implementation
>>> Project: http://qpid.apache.org
>>> Use/Interact: mailto:users-subscribe@qpid.apache.org
>>>
>>>
>>
>> ---------------------------------------------------------------------
>> Apache Qpid - AMQP Messaging Implementation
>> Project: http://qpid.apache.org
>> Use/Interact: mailto:users-subscribe@qpid.apache.org
>>
>>
>> ---------------------------------------------------------------------
>> Apache Qpid - AMQP Messaging Implementation
>> Project: http://qpid.apache.org
>> Use/Interact: mailto:users-subscribe@qpid.apache.org
>>
>>
>
> ---------------------------------------------------------------------
> Apache Qpid - AMQP Messaging Implementation
> Project: http://qpid.apache.org
> Use/Interact: mailto:users-subscribe@qpid.apache.org
>
>
> ---------------------------------------------------------------------
> Apache Qpid - AMQP Messaging Implementation
> Project: http://qpid.apache.org
> Use/Interact: mailto:users-subscribe@qpid.apache.org
>
>
---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project: http://qpid.apache.org
Use/Interact: mailto:users-subscribe@qpid.apache.org
---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project: http://qpid.apache.org
Use/Interact: mailto:users-subscribe@qpid.apache.org
Re: SSL connection problems from rabbitMQ client
Posted by Robbie Gemmell <ro...@gmail.com>.
Either you are looking in the wrong bin directory, or you have not
built everything.
running 'ant build' in the java directory builds all the modules into
the build folder with build/lib containing all the jars, build/bin
containing all the scripts, build/etc containing all the config, etc.
running 'ant release-bin' from the java directory will get you binary
release artefacts built into qpid/java/<module/release/ for each
module (if it has a release artefact) which includes necessary libs
and any dependencies it has on other modules (such as broker and
client depending on common).
Or alternatively you can just grab the nightly artefact from:
https://builds.apache.org/view/M-R/view/Qpid/job/Qpid-Java-Artefact-Release/lastSuccessfulBuild/artifact/trunk/qpid/java/broker/release/
Robbie
On 13 November 2011 21:39, Joe Porto <Jo...@agilex.com> wrote:
> As for building from trunk.... I'm getting this error when running:
> qpid-run: No such file or directory
>
> I checked out from SVN, ran ant and built everything under the JAVA folder, and set the env variables...
> I noticed there is no qpid-run in the bin folder? What am I missing?
>
> Joe
> _____________________________________
> From: Robbie Gemmell [robbie.gemmell@gmail.com]
> Sent: Sunday, November 13, 2011 4:28 PM
> To: users@qpid.apache.org
> Subject: Re: SSL connection problems from rabbitMQ client
>
> I have no idea how to pass properties to Android applications.
>
> If you run it as a standard Java Application through Eclipse then you
> can set the properties using the JVM arguments section of the run
> options, or set environment variables using the environment section.
>
> qpid-server uses qpid-run, which certainly does use JAVA_OPTS, or else
> my broker just magically knew what I wanted earlier when I tried this
> before emailing the instructions:)
>
> Robbie
>
> On 13 November 2011 20:07, Joe Porto <Jo...@agilex.com> wrote:
>> Hmm
>>
>> Still no luck... How do you pass those variables to an android application? I'm running through eclipse... Also, qpid doesn't seem to make use of the JAVA_OPTS variable? I've changed that, but don't see any SSL debug output (I'm running qpid by the qpid-server command.. )
>> Joe
>> ________________________________________
>> From: Robbie Gemmell [robbie.gemmell@gmail.com]
>> Sent: Sunday, November 13, 2011 1:38 PM
>> To: users@qpid.apache.org
>> Subject: Re: SSL connection problems from rabbitMQ client
>>
>> Hi Joe,
>>
>> For the broker side I edited the etc/config.xml file as follows:
>> 1. Enable SSL by setting connector.ssl.enabled to true.
>> 2. Give the keystore path via connector.ssl.keyStorePath
>> 3. Give the keystore password via connector.ssl.keyStorePassword (I
>> admitedly forgot to tell you that its 'password' for those keystore
>> files, but it complains about that if its wrong).
>>
>> Giving the following (replacing /path/to as appropriate):
>> ...
>> <connector>
>> <ssl>
>> <port>5671</port>
>> <enabled>true</enabled>
>> <sslOnly>false</sslOnly>
>> <keyStorePath>/path/to/qpid/java/test-profiles/test_resources/ssl/java_broker_keystore.jks</keyStorePath>
>> <keyStorePassword>password</keyStorePassword>
>> </ssl>
>> ...etc
>>
>> For the client side I used two examples based on those at
>> http://www.rabbitmq.com/ssl.html, the first of which doesnt specify a
>> truststore and a second which does:
>>
>> RabbitExample.java
>> ==============
>> import java.io.*;
>> import java.security.*;
>> import javax.net.ssl.*;
>>
>> import com.rabbitmq.client.*;
>>
>> public class RabbitExample
>> {
>> public static void main(String[] args) throws Exception
>> {
>> ConnectionFactory factory = new ConnectionFactory();
>> factory.setHost("localhost");
>> factory.setPort(5671);
>> factory.useSslProtocol("TLS"); //Using just
>> factory.useSslProtocol(); works equally well here.
>>
>> Connection conn = factory.newConnection();
>> Channel channel = conn.createChannel();
>>
>> channel.queueDeclare("rabbitmq-java-test", false, true, true, null);
>> channel.basicPublish("", "rabbitmq-java-test", null, "Hello,
>> World".getBytes());
>>
>> GetResponse chResponse = channel.basicGet("rabbitmq-java-test", false);
>> if(chResponse == null) {
>> System.out.println("No message retrieved");
>> } else {
>> byte[] body = chResponse.getBody();
>> System.out.println("Recieved: " + new String(body));
>> }
>>
>> channel.close();
>> conn.close();
>> }
>> }
>>
>>
>> ExpandedRabbitExample.java
>> =====================
>> import java.io.*;
>> import java.security.*;
>> import javax.net.ssl.*;
>>
>> import com.rabbitmq.client.*;
>>
>> public class ExpandedRabbitExample
>> {
>> private static final String TRUSTSTORE =
>> "/path/to/qpid/java/test-profiles/test_resources/ssl/java_client_truststore.jks";
>> private static final String TRUSTSTORE_PASSWORD = "password";
>>
>> public static void main(String[] args) throws Exception
>> {
>> KeyStore tks = KeyStore.getInstance("JKS");
>> tks.load(new FileInputStream(TRUSTSTORE),
>> TRUSTSTORE_PASSWORD.toCharArray());
>>
>> TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
>> tmf.init(tks);
>>
>> SSLContext c = SSLContext.getInstance("TLS");
>> c.init(null, tmf.getTrustManagers(), null);
>>
>> ConnectionFactory factory = new ConnectionFactory();
>> factory.setHost("localhost");
>> factory.setPort(5671);
>> factory.useSslProtocol(c);
>>
>> Connection conn = factory.newConnection();
>> Channel channel = conn.createChannel();
>>
>> channel.queueDeclare("rabbitmq-java-test", false, true, true, null);
>> channel.basicPublish("", "rabbitmq-java-test", null, "Hello,
>> World".getBytes());
>>
>> GetResponse chResponse = channel.basicGet("rabbitmq-java-test", false);
>> if(chResponse == null) {
>> System.out.println("No message retrieved");
>> } else {
>> byte[] body = chResponse.getBody();
>> System.out.println("Recieved: " + new String(body));
>> }
>>
>> channel.close();
>> conn.close();
>> }
>> }
>>
>>
>> If you cant get the above working, it would be good if you turned on
>> SSL debug logging to get more information by setting the
>> 'javax.net.debug' system property to 'ssl' for both the client and
>> broker (for which you can export "-Djavax.net.debug=ssl" into the
>> JAVA_OPTS environment variable before startup to pass the value),
>> which will cause them to emit SSL logging to stdout.
>>
>> Robbie
>>
>> On 13 November 2011 00:52, Joe Porto <Jo...@agilex.com> wrote:
>>> Hmm I tried this again (this time with the trunk version of qpid) with the same problem (socket times out)… I put the broker_keystore path in the config file…. Did you? Can you list the steps you did to make this work? And the code you're using on the client?
>>>
>>>
>>> Joe
>>> ________________________________________
>>> From: Robbie Gemmell [robbie.gemmell@gmail.com]
>>> Sent: Friday, November 11, 2011 6:03 PM
>>> To: users@qpid.apache.org
>>> Subject: Re: SSL connection problems from rabbitMQ client
>>>
>>> On 11 November 2011 22:13, Joe Porto <Jo...@agilex.com> wrote:
>>>> I'm assuming you imported those files into your keystore…. When I do that, I'm getting the following error:
>>>>
>>>
>>> Which files? The test ones I mentioned from our repo? Those already
>>> are keystore files, with our test certificates/keys/cacerts imported
>>> as necessary, so you dont need to do anything to them to use them for
>>> testing.
>>>
>>> My comments about importing were directed at the guide you linked to,
>>> which says nothing about Java keystores because it seems to be for
>>> configuring an HTTPD installation and therefore the files created by
>>> it certainly wont work as-is.
>>>
>>>> Certificate not imported, alias <RootCA> already exists
>>>>
>>>> I've tried running: keytool -delete -alias RootCA
>>>>
>>>> But, I get an exception: keystore file does not exist….. I've been messing around with trying to tell it which keystore, but I don't know which keystore it's complaining about?
>>>>
>>>> Keystore –list returns an error saying keystore file does not exist… (and the path to follow doesn't exist…)
>>>>
>>>
>>> You dont appear to be telling it any keystore file location (
>>> -keystore <store>) in the above commands, so I imagine it is just
>>> looking in the default location as a result?
>>>
>>> This isnt a process we have documented since there are a wealth of
>>> different options to choose from, everyones needs are slightly
>>> different, and the various component parts of [self signed] SSL
>>> certificates and Java with SSL are documented to death elsewhere
>>> already...but perhaps we need to.
>>>
>>>> Joe
>>>>
>>>> From: Robbie Gemmell <ro...@gmail.com>>
>>>> Date: Thu, 10 Nov 2011 18:10:53 -0500
>>>> To: Joe Porto <jo...@agilex.com>>
>>>> Cc: "users@qpid.apache.org<ma...@qpid.apache.org>" <us...@qpid.apache.org>>
>>>> Subject: Re: SSL connection problems from rabbitMQ client
>>>>
>>>> Are you just using the files created from that guide directly? If so
>>>> that could be the problem, since you need to import the certificate /
>>>> key into a truststore / keystore file before using them, e.g. using
>>>> the keytool command bundled with the JDK.
>>>>
>>>> Robbie
>>>>
>>>> On 10 November 2011 22:21, Joe Porto <Jo...@agilex.com>> wrote:
>>>> Ah I read your response too quickly! I enabled the use SSL setting to true
>>>> in the config.xml…and I used the keystore and truststore that I created
>>>> myself following this website:
>>>> http://www.akadia.com/services/ssh_test_certificate.html
>>>> I'll give the sample ones a shot…
>>>>
>>>> Joe
>>>>
>>>> From: Robbie Gemmell <ro...@gmail.com>>
>>>>
>>>> Date: Thu, 10 Nov 2011 16:48:32 -0500
>>>> To: Joe Porto <jo...@agilex.com>>
>>>> Cc: "users@qpid.apache.org<ma...@qpid.apache.org>" <us...@qpid.apache.org>>
>>>> Subject: Re: SSL connection problems from rabbitMQ client
>>>>
>>>> Erm, so was I ? :)
>>>> Robbie
>>>> On 10 November 2011 21:26, Joe Porto <Jo...@agilex.com>> wrote:
>>>>
>>>> I was using a Qpid Broker…
>>>> Joe
>>>> From: Robbie Gemmell <ro...@gmail.com>>
>>>> Date: Thu, 10 Nov 2011 16:20:54 -0500
>>>> To: Joe Porto <jo...@agilex.com>>
>>>> Cc: "users@qpid.apache.org<ma...@qpid.apache.org>" <us...@qpid.apache.org>>
>>>> Subject: Re: SSL connection problems from rabbitMQ client
>>>> Hi Joe,
>>>> I just tried out connecting the RabbitMQ client using SSL to the
>>>> latest trunk revision of the Java broker, and it seemed to work ok
>>>> (well, it did make me notice that when we changed IO layers for the
>>>> broker and some protocols for the client recently that we missed a
>>>> limitation of SSLSocket that mean ConnectionClose currently generates
>>>> a nice stacktrace...but other than that, it works). Deliberately
>>>> making the client connect to the brokers 'plain' port failed as
>>>> expected, as did setting the client not to use SSL and connecting it
>>>> to the brokers SSL port. As well as the simpler 'no verification'
>>>> example you were using, I used an exapanded example based on those at
>>>> http://www.rabbitmq.com/ssl.html (the Java broker doesnt currently
>>>> support validating client certificates so I removed those bits).
>>>> Could you share how you are configuring the broker, and creating your
>>>> certificates? I used the broker keystore and client truststore we use
>>>> in our tests, which are located at
>>>> qpid/java/test-profiles/test_resources/ssl/java_broker_keystore.jks
>>>> and qpid/java/test-profiles/test_resources/ssl/java_client_truststore.jks
>>>> in a checkout of our trunk
>>>> (http://svn.apache.org/repos/asf/qpid/trunk/)
>>>> Regards,
>>>> Robbie
>>>> On 9 November 2011 20:45, Joe Porto <Jo...@agilex.com>> wrote:
>>>> I don't know… only have been playing with the qpid broker….
>>>> From: Robbie Gemmell <ro...@gmail.com>>
>>>> Date: Wed, 9 Nov 2011 15:44:04 -0500
>>>> To: "users@qpid.apache.org<ma...@qpid.apache.org>" <us...@qpid.apache.org>>
>>>> Cc: Joe Porto <jo...@agilex.com>>
>>>> Subject: Re: SSL connection problems from rabbitMQ client
>>>> Interesting. This isnt a combination that I have tried before, but I
>>>> dont know any obvious reason it wouldnt work. I will try to take a
>>>> look at it, but it isnt likely to be for a few days at best. The
>>>> default example broker config was changed to use port 5671 because
>>>> that is the assigned port for AMQP + SSL, I dont know where the number
>>>> previously [not] used in the config came from.
>>>> Out of interest, do you know if the client SSL example works ok when
>>>> using the RabbitMQ broker?
>>>> Robbie
>>>> On 8 November 2011 20:55, Joe Porto <Jo...@agilex.com>> wrote:
>>>> Hi Robbie,
>>>> Thanks for the quick feedback. I installed the .15 version and enabled the
>>>> configuration to use SSL (interesting they changed the port to 5671). It
>>>> still fails from the client side at the same point (when it's trying to send
>>>> the header) , but this time it doesn't throw an error in the server log.
>>>> Thoughts?
>>>> Joe
>>>> From: Robbie Gemmell <ro...@gmail.com>>
>>>> Reply-To: "users@qpid.apache.org<ma...@qpid.apache.org>" <us...@qpid.apache.org>>
>>>> Date: Tue, 8 Nov 2011 15:16:04 -0500
>>>> To: "users@qpid.apache.org<ma...@qpid.apache.org>" <us...@qpid.apache.org>>
>>>> Subject: Re: SSL connection problems from rabbitMQ client
>>>> Put simply, SSL support in the broker wasnt functional until after
>>>> 0.12 was finalised. It was fixed as part of the development stream for
>>>> 0.14, which branched from trunk a few days ago for release in around a
>>>> month.
>>>> You will need to use a non-release version if you want to make it work
>>>> in the mean time. You can get a nightly release build of the current
>>>> trunk broker at the following URL if you want to at least try it out:
>>>> https://builds.apache.org/view/M-R/view/Qpid/job/Qpid-Java-Release/lastSuccessfulBuild/artifact/trunk/qpid/java/broker/release/
>>>> Robbie
>>>> On 8 November 2011 19:42, Joe Porto <Jo...@agilex.com>> wrote:
>>>> I am running the .12 release of a java qpid broker. I am trying to access
>>>> it via a rabbitmq java client. When not using SSL, this works well and I am
>>>> able to send and receive a msg on the client. When I enable SSL and try to
>>>> connect to the SSL port on the broker, I get a SocketTimeOutException on the
>>>> client side. Tracing through the rabbitMQ code – it looks like this occurs
>>>> when the client tries sending just the AMQP header. On the qpid broker,
>>>> this error is thrown in the log:
>>>> ERROR [MINANetworkDriver(Acceptor)-15] (MINANetworkDriver.java:315) -
>>>> Exception thrown and no ProtocolEngine to handle it
>>>> java.lang.NullPointerException
>>>> at
>>>> org.apache.qpid.transport.network.mina.MINANetworkDriver.messageReceived(MINANetworkDriver.java:337)
>>>> at
>>>> org.apache.mina.common.support.AbstractIoFilterChain$TailFilter.messageReceived(AbstractIoFilterChain.java:703)
>>>> at
>>>> org.apache.mina.common.support.AbstractIoFilterChain.callNextMessageReceived(AbstractIoFilterChain.java:362)
>>>> at
>>>> org.apache.mina.common.support.AbstractIoFilterChain.access$1200(AbstractIoFilterChain.java:54)
>>>> at
>>>> org.apache.mina.common.support.AbstractIoFilterChain$EntryImpl$1.messageReceived(AbstractIoFilterChain.java:800)
>>>> at
>>>> org.apache.mina.filter.executor.ExecutorFilter.processEvent(ExecutorFilter.java:243)
>>>> at
>>>> org.apache.mina.filter.executor.ExecutorFilter$ProcessEventsRunnable.run(ExecutorFilter.java:305)
>>>> at
>>>> edu.emory.mathcs.backport.java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:665)
>>>> at
>>>> edu.emory.mathcs.backport.java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:690)
>>>> at java.lang.Thread.run(Thread.java:680)
>>>> ---------------------------
>>>> My sample client code looks like this: (the client hangs on
>>>> factory.newConnection();, and eventually the socket times out)
>>>> ConnectionFactory factory = new ConnectionFactory();
>>>> factory.setHost("10.1.21.21");
>>>> factory.setPort(8672);
>>>> factory.setVirtualHost("10.1.21.21");
>>>> factory.useSslProtocol("TLS");
>>>> Connection conn = factory.newConnection();
>>>> Channel channel = conn.createChannel();
>>>> …
>>>> ---------------------
>>>> Any help would be greatly appreciated!
>>>> -Joe
>>>> ---------------------------------------------------------------------
>>>> Apache Qpid - AMQP Messaging Implementation
>>>> Project: http://qpid.apache.org
>>>> Use/Interact: mailto:users-subscribe@qpid.apache.org
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>
>>> ---------------------------------------------------------------------
>>> Apache Qpid - AMQP Messaging Implementation
>>> Project: http://qpid.apache.org
>>> Use/Interact: mailto:users-subscribe@qpid.apache.org
>>>
>>>
>>> ---------------------------------------------------------------------
>>> Apache Qpid - AMQP Messaging Implementation
>>> Project: http://qpid.apache.org
>>> Use/Interact: mailto:users-subscribe@qpid.apache.org
>>>
>>>
>>
>> ---------------------------------------------------------------------
>> Apache Qpid - AMQP Messaging Implementation
>> Project: http://qpid.apache.org
>> Use/Interact: mailto:users-subscribe@qpid.apache.org
>>
>>
>> ---------------------------------------------------------------------
>> Apache Qpid - AMQP Messaging Implementation
>> Project: http://qpid.apache.org
>> Use/Interact: mailto:users-subscribe@qpid.apache.org
>>
>>
>
> ---------------------------------------------------------------------
> Apache Qpid - AMQP Messaging Implementation
> Project: http://qpid.apache.org
> Use/Interact: mailto:users-subscribe@qpid.apache.org
>
>
> ---------------------------------------------------------------------
> Apache Qpid - AMQP Messaging Implementation
> Project: http://qpid.apache.org
> Use/Interact: mailto:users-subscribe@qpid.apache.org
>
>
---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project: http://qpid.apache.org
Use/Interact: mailto:users-subscribe@qpid.apache.org
RE: SSL connection problems from rabbitMQ client
Posted by Joe Porto <Jo...@agilex.com>.
As for building from trunk.... I'm getting this error when running:
qpid-run: No such file or directory
I checked out from SVN, ran ant and built everything under the JAVA folder, and set the env variables...
I noticed there is no qpid-run in the bin folder? What am I missing?
Joe
_____________________________________
From: Robbie Gemmell [robbie.gemmell@gmail.com]
Sent: Sunday, November 13, 2011 4:28 PM
To: users@qpid.apache.org
Subject: Re: SSL connection problems from rabbitMQ client
I have no idea how to pass properties to Android applications.
If you run it as a standard Java Application through Eclipse then you
can set the properties using the JVM arguments section of the run
options, or set environment variables using the environment section.
qpid-server uses qpid-run, which certainly does use JAVA_OPTS, or else
my broker just magically knew what I wanted earlier when I tried this
before emailing the instructions:)
Robbie
On 13 November 2011 20:07, Joe Porto <Jo...@agilex.com> wrote:
> Hmm
>
> Still no luck... How do you pass those variables to an android application? I'm running through eclipse... Also, qpid doesn't seem to make use of the JAVA_OPTS variable? I've changed that, but don't see any SSL debug output (I'm running qpid by the qpid-server command.. )
> Joe
> ________________________________________
> From: Robbie Gemmell [robbie.gemmell@gmail.com]
> Sent: Sunday, November 13, 2011 1:38 PM
> To: users@qpid.apache.org
> Subject: Re: SSL connection problems from rabbitMQ client
>
> Hi Joe,
>
> For the broker side I edited the etc/config.xml file as follows:
> 1. Enable SSL by setting connector.ssl.enabled to true.
> 2. Give the keystore path via connector.ssl.keyStorePath
> 3. Give the keystore password via connector.ssl.keyStorePassword (I
> admitedly forgot to tell you that its 'password' for those keystore
> files, but it complains about that if its wrong).
>
> Giving the following (replacing /path/to as appropriate):
> ...
> <connector>
> <ssl>
> <port>5671</port>
> <enabled>true</enabled>
> <sslOnly>false</sslOnly>
> <keyStorePath>/path/to/qpid/java/test-profiles/test_resources/ssl/java_broker_keystore.jks</keyStorePath>
> <keyStorePassword>password</keyStorePassword>
> </ssl>
> ...etc
>
> For the client side I used two examples based on those at
> http://www.rabbitmq.com/ssl.html, the first of which doesnt specify a
> truststore and a second which does:
>
> RabbitExample.java
> ==============
> import java.io.*;
> import java.security.*;
> import javax.net.ssl.*;
>
> import com.rabbitmq.client.*;
>
> public class RabbitExample
> {
> public static void main(String[] args) throws Exception
> {
> ConnectionFactory factory = new ConnectionFactory();
> factory.setHost("localhost");
> factory.setPort(5671);
> factory.useSslProtocol("TLS"); //Using just
> factory.useSslProtocol(); works equally well here.
>
> Connection conn = factory.newConnection();
> Channel channel = conn.createChannel();
>
> channel.queueDeclare("rabbitmq-java-test", false, true, true, null);
> channel.basicPublish("", "rabbitmq-java-test", null, "Hello,
> World".getBytes());
>
> GetResponse chResponse = channel.basicGet("rabbitmq-java-test", false);
> if(chResponse == null) {
> System.out.println("No message retrieved");
> } else {
> byte[] body = chResponse.getBody();
> System.out.println("Recieved: " + new String(body));
> }
>
> channel.close();
> conn.close();
> }
> }
>
>
> ExpandedRabbitExample.java
> =====================
> import java.io.*;
> import java.security.*;
> import javax.net.ssl.*;
>
> import com.rabbitmq.client.*;
>
> public class ExpandedRabbitExample
> {
> private static final String TRUSTSTORE =
> "/path/to/qpid/java/test-profiles/test_resources/ssl/java_client_truststore.jks";
> private static final String TRUSTSTORE_PASSWORD = "password";
>
> public static void main(String[] args) throws Exception
> {
> KeyStore tks = KeyStore.getInstance("JKS");
> tks.load(new FileInputStream(TRUSTSTORE),
> TRUSTSTORE_PASSWORD.toCharArray());
>
> TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
> tmf.init(tks);
>
> SSLContext c = SSLContext.getInstance("TLS");
> c.init(null, tmf.getTrustManagers(), null);
>
> ConnectionFactory factory = new ConnectionFactory();
> factory.setHost("localhost");
> factory.setPort(5671);
> factory.useSslProtocol(c);
>
> Connection conn = factory.newConnection();
> Channel channel = conn.createChannel();
>
> channel.queueDeclare("rabbitmq-java-test", false, true, true, null);
> channel.basicPublish("", "rabbitmq-java-test", null, "Hello,
> World".getBytes());
>
> GetResponse chResponse = channel.basicGet("rabbitmq-java-test", false);
> if(chResponse == null) {
> System.out.println("No message retrieved");
> } else {
> byte[] body = chResponse.getBody();
> System.out.println("Recieved: " + new String(body));
> }
>
> channel.close();
> conn.close();
> }
> }
>
>
> If you cant get the above working, it would be good if you turned on
> SSL debug logging to get more information by setting the
> 'javax.net.debug' system property to 'ssl' for both the client and
> broker (for which you can export "-Djavax.net.debug=ssl" into the
> JAVA_OPTS environment variable before startup to pass the value),
> which will cause them to emit SSL logging to stdout.
>
> Robbie
>
> On 13 November 2011 00:52, Joe Porto <Jo...@agilex.com> wrote:
>> Hmm I tried this again (this time with the trunk version of qpid) with the same problem (socket times out)… I put the broker_keystore path in the config file…. Did you? Can you list the steps you did to make this work? And the code you're using on the client?
>>
>>
>> Joe
>> ________________________________________
>> From: Robbie Gemmell [robbie.gemmell@gmail.com]
>> Sent: Friday, November 11, 2011 6:03 PM
>> To: users@qpid.apache.org
>> Subject: Re: SSL connection problems from rabbitMQ client
>>
>> On 11 November 2011 22:13, Joe Porto <Jo...@agilex.com> wrote:
>>> I'm assuming you imported those files into your keystore…. When I do that, I'm getting the following error:
>>>
>>
>> Which files? The test ones I mentioned from our repo? Those already
>> are keystore files, with our test certificates/keys/cacerts imported
>> as necessary, so you dont need to do anything to them to use them for
>> testing.
>>
>> My comments about importing were directed at the guide you linked to,
>> which says nothing about Java keystores because it seems to be for
>> configuring an HTTPD installation and therefore the files created by
>> it certainly wont work as-is.
>>
>>> Certificate not imported, alias <RootCA> already exists
>>>
>>> I've tried running: keytool -delete -alias RootCA
>>>
>>> But, I get an exception: keystore file does not exist….. I've been messing around with trying to tell it which keystore, but I don't know which keystore it's complaining about?
>>>
>>> Keystore –list returns an error saying keystore file does not exist… (and the path to follow doesn't exist…)
>>>
>>
>> You dont appear to be telling it any keystore file location (
>> -keystore <store>) in the above commands, so I imagine it is just
>> looking in the default location as a result?
>>
>> This isnt a process we have documented since there are a wealth of
>> different options to choose from, everyones needs are slightly
>> different, and the various component parts of [self signed] SSL
>> certificates and Java with SSL are documented to death elsewhere
>> already...but perhaps we need to.
>>
>>> Joe
>>>
>>> From: Robbie Gemmell <ro...@gmail.com>>
>>> Date: Thu, 10 Nov 2011 18:10:53 -0500
>>> To: Joe Porto <jo...@agilex.com>>
>>> Cc: "users@qpid.apache.org<ma...@qpid.apache.org>" <us...@qpid.apache.org>>
>>> Subject: Re: SSL connection problems from rabbitMQ client
>>>
>>> Are you just using the files created from that guide directly? If so
>>> that could be the problem, since you need to import the certificate /
>>> key into a truststore / keystore file before using them, e.g. using
>>> the keytool command bundled with the JDK.
>>>
>>> Robbie
>>>
>>> On 10 November 2011 22:21, Joe Porto <Jo...@agilex.com>> wrote:
>>> Ah I read your response too quickly! I enabled the use SSL setting to true
>>> in the config.xml…and I used the keystore and truststore that I created
>>> myself following this website:
>>> http://www.akadia.com/services/ssh_test_certificate.html
>>> I'll give the sample ones a shot…
>>>
>>> Joe
>>>
>>> From: Robbie Gemmell <ro...@gmail.com>>
>>>
>>> Date: Thu, 10 Nov 2011 16:48:32 -0500
>>> To: Joe Porto <jo...@agilex.com>>
>>> Cc: "users@qpid.apache.org<ma...@qpid.apache.org>" <us...@qpid.apache.org>>
>>> Subject: Re: SSL connection problems from rabbitMQ client
>>>
>>> Erm, so was I ? :)
>>> Robbie
>>> On 10 November 2011 21:26, Joe Porto <Jo...@agilex.com>> wrote:
>>>
>>> I was using a Qpid Broker…
>>> Joe
>>> From: Robbie Gemmell <ro...@gmail.com>>
>>> Date: Thu, 10 Nov 2011 16:20:54 -0500
>>> To: Joe Porto <jo...@agilex.com>>
>>> Cc: "users@qpid.apache.org<ma...@qpid.apache.org>" <us...@qpid.apache.org>>
>>> Subject: Re: SSL connection problems from rabbitMQ client
>>> Hi Joe,
>>> I just tried out connecting the RabbitMQ client using SSL to the
>>> latest trunk revision of the Java broker, and it seemed to work ok
>>> (well, it did make me notice that when we changed IO layers for the
>>> broker and some protocols for the client recently that we missed a
>>> limitation of SSLSocket that mean ConnectionClose currently generates
>>> a nice stacktrace...but other than that, it works). Deliberately
>>> making the client connect to the brokers 'plain' port failed as
>>> expected, as did setting the client not to use SSL and connecting it
>>> to the brokers SSL port. As well as the simpler 'no verification'
>>> example you were using, I used an exapanded example based on those at
>>> http://www.rabbitmq.com/ssl.html (the Java broker doesnt currently
>>> support validating client certificates so I removed those bits).
>>> Could you share how you are configuring the broker, and creating your
>>> certificates? I used the broker keystore and client truststore we use
>>> in our tests, which are located at
>>> qpid/java/test-profiles/test_resources/ssl/java_broker_keystore.jks
>>> and qpid/java/test-profiles/test_resources/ssl/java_client_truststore.jks
>>> in a checkout of our trunk
>>> (http://svn.apache.org/repos/asf/qpid/trunk/)
>>> Regards,
>>> Robbie
>>> On 9 November 2011 20:45, Joe Porto <Jo...@agilex.com>> wrote:
>>> I don't know… only have been playing with the qpid broker….
>>> From: Robbie Gemmell <ro...@gmail.com>>
>>> Date: Wed, 9 Nov 2011 15:44:04 -0500
>>> To: "users@qpid.apache.org<ma...@qpid.apache.org>" <us...@qpid.apache.org>>
>>> Cc: Joe Porto <jo...@agilex.com>>
>>> Subject: Re: SSL connection problems from rabbitMQ client
>>> Interesting. This isnt a combination that I have tried before, but I
>>> dont know any obvious reason it wouldnt work. I will try to take a
>>> look at it, but it isnt likely to be for a few days at best. The
>>> default example broker config was changed to use port 5671 because
>>> that is the assigned port for AMQP + SSL, I dont know where the number
>>> previously [not] used in the config came from.
>>> Out of interest, do you know if the client SSL example works ok when
>>> using the RabbitMQ broker?
>>> Robbie
>>> On 8 November 2011 20:55, Joe Porto <Jo...@agilex.com>> wrote:
>>> Hi Robbie,
>>> Thanks for the quick feedback. I installed the .15 version and enabled the
>>> configuration to use SSL (interesting they changed the port to 5671). It
>>> still fails from the client side at the same point (when it's trying to send
>>> the header) , but this time it doesn't throw an error in the server log.
>>> Thoughts?
>>> Joe
>>> From: Robbie Gemmell <ro...@gmail.com>>
>>> Reply-To: "users@qpid.apache.org<ma...@qpid.apache.org>" <us...@qpid.apache.org>>
>>> Date: Tue, 8 Nov 2011 15:16:04 -0500
>>> To: "users@qpid.apache.org<ma...@qpid.apache.org>" <us...@qpid.apache.org>>
>>> Subject: Re: SSL connection problems from rabbitMQ client
>>> Put simply, SSL support in the broker wasnt functional until after
>>> 0.12 was finalised. It was fixed as part of the development stream for
>>> 0.14, which branched from trunk a few days ago for release in around a
>>> month.
>>> You will need to use a non-release version if you want to make it work
>>> in the mean time. You can get a nightly release build of the current
>>> trunk broker at the following URL if you want to at least try it out:
>>> https://builds.apache.org/view/M-R/view/Qpid/job/Qpid-Java-Release/lastSuccessfulBuild/artifact/trunk/qpid/java/broker/release/
>>> Robbie
>>> On 8 November 2011 19:42, Joe Porto <Jo...@agilex.com>> wrote:
>>> I am running the .12 release of a java qpid broker. I am trying to access
>>> it via a rabbitmq java client. When not using SSL, this works well and I am
>>> able to send and receive a msg on the client. When I enable SSL and try to
>>> connect to the SSL port on the broker, I get a SocketTimeOutException on the
>>> client side. Tracing through the rabbitMQ code – it looks like this occurs
>>> when the client tries sending just the AMQP header. On the qpid broker,
>>> this error is thrown in the log:
>>> ERROR [MINANetworkDriver(Acceptor)-15] (MINANetworkDriver.java:315) -
>>> Exception thrown and no ProtocolEngine to handle it
>>> java.lang.NullPointerException
>>> at
>>> org.apache.qpid.transport.network.mina.MINANetworkDriver.messageReceived(MINANetworkDriver.java:337)
>>> at
>>> org.apache.mina.common.support.AbstractIoFilterChain$TailFilter.messageReceived(AbstractIoFilterChain.java:703)
>>> at
>>> org.apache.mina.common.support.AbstractIoFilterChain.callNextMessageReceived(AbstractIoFilterChain.java:362)
>>> at
>>> org.apache.mina.common.support.AbstractIoFilterChain.access$1200(AbstractIoFilterChain.java:54)
>>> at
>>> org.apache.mina.common.support.AbstractIoFilterChain$EntryImpl$1.messageReceived(AbstractIoFilterChain.java:800)
>>> at
>>> org.apache.mina.filter.executor.ExecutorFilter.processEvent(ExecutorFilter.java:243)
>>> at
>>> org.apache.mina.filter.executor.ExecutorFilter$ProcessEventsRunnable.run(ExecutorFilter.java:305)
>>> at
>>> edu.emory.mathcs.backport.java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:665)
>>> at
>>> edu.emory.mathcs.backport.java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:690)
>>> at java.lang.Thread.run(Thread.java:680)
>>> ---------------------------
>>> My sample client code looks like this: (the client hangs on
>>> factory.newConnection();, and eventually the socket times out)
>>> ConnectionFactory factory = new ConnectionFactory();
>>> factory.setHost("10.1.21.21");
>>> factory.setPort(8672);
>>> factory.setVirtualHost("10.1.21.21");
>>> factory.useSslProtocol("TLS");
>>> Connection conn = factory.newConnection();
>>> Channel channel = conn.createChannel();
>>> …
>>> ---------------------
>>> Any help would be greatly appreciated!
>>> -Joe
>>> ---------------------------------------------------------------------
>>> Apache Qpid - AMQP Messaging Implementation
>>> Project: http://qpid.apache.org
>>> Use/Interact: mailto:users-subscribe@qpid.apache.org
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>
>> ---------------------------------------------------------------------
>> Apache Qpid - AMQP Messaging Implementation
>> Project: http://qpid.apache.org
>> Use/Interact: mailto:users-subscribe@qpid.apache.org
>>
>>
>> ---------------------------------------------------------------------
>> Apache Qpid - AMQP Messaging Implementation
>> Project: http://qpid.apache.org
>> Use/Interact: mailto:users-subscribe@qpid.apache.org
>>
>>
>
> ---------------------------------------------------------------------
> Apache Qpid - AMQP Messaging Implementation
> Project: http://qpid.apache.org
> Use/Interact: mailto:users-subscribe@qpid.apache.org
>
>
> ---------------------------------------------------------------------
> Apache Qpid - AMQP Messaging Implementation
> Project: http://qpid.apache.org
> Use/Interact: mailto:users-subscribe@qpid.apache.org
>
>
---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project: http://qpid.apache.org
Use/Interact: mailto:users-subscribe@qpid.apache.org
---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project: http://qpid.apache.org
Use/Interact: mailto:users-subscribe@qpid.apache.org
Re: SSL connection problems from rabbitMQ client
Posted by Robbie Gemmell <ro...@gmail.com>.
I have no idea how to pass properties to Android applications.
If you run it as a standard Java Application through Eclipse then you
can set the properties using the JVM arguments section of the run
options, or set environment variables using the environment section.
qpid-server uses qpid-run, which certainly does use JAVA_OPTS, or else
my broker just magically knew what I wanted earlier when I tried this
before emailing the instructions:)
Robbie
On 13 November 2011 20:07, Joe Porto <Jo...@agilex.com> wrote:
> Hmm
>
> Still no luck... How do you pass those variables to an android application? I'm running through eclipse... Also, qpid doesn't seem to make use of the JAVA_OPTS variable? I've changed that, but don't see any SSL debug output (I'm running qpid by the qpid-server command.. )
> Joe
> ________________________________________
> From: Robbie Gemmell [robbie.gemmell@gmail.com]
> Sent: Sunday, November 13, 2011 1:38 PM
> To: users@qpid.apache.org
> Subject: Re: SSL connection problems from rabbitMQ client
>
> Hi Joe,
>
> For the broker side I edited the etc/config.xml file as follows:
> 1. Enable SSL by setting connector.ssl.enabled to true.
> 2. Give the keystore path via connector.ssl.keyStorePath
> 3. Give the keystore password via connector.ssl.keyStorePassword (I
> admitedly forgot to tell you that its 'password' for those keystore
> files, but it complains about that if its wrong).
>
> Giving the following (replacing /path/to as appropriate):
> ...
> <connector>
> <ssl>
> <port>5671</port>
> <enabled>true</enabled>
> <sslOnly>false</sslOnly>
> <keyStorePath>/path/to/qpid/java/test-profiles/test_resources/ssl/java_broker_keystore.jks</keyStorePath>
> <keyStorePassword>password</keyStorePassword>
> </ssl>
> ...etc
>
> For the client side I used two examples based on those at
> http://www.rabbitmq.com/ssl.html, the first of which doesnt specify a
> truststore and a second which does:
>
> RabbitExample.java
> ==============
> import java.io.*;
> import java.security.*;
> import javax.net.ssl.*;
>
> import com.rabbitmq.client.*;
>
> public class RabbitExample
> {
> public static void main(String[] args) throws Exception
> {
> ConnectionFactory factory = new ConnectionFactory();
> factory.setHost("localhost");
> factory.setPort(5671);
> factory.useSslProtocol("TLS"); //Using just
> factory.useSslProtocol(); works equally well here.
>
> Connection conn = factory.newConnection();
> Channel channel = conn.createChannel();
>
> channel.queueDeclare("rabbitmq-java-test", false, true, true, null);
> channel.basicPublish("", "rabbitmq-java-test", null, "Hello,
> World".getBytes());
>
> GetResponse chResponse = channel.basicGet("rabbitmq-java-test", false);
> if(chResponse == null) {
> System.out.println("No message retrieved");
> } else {
> byte[] body = chResponse.getBody();
> System.out.println("Recieved: " + new String(body));
> }
>
> channel.close();
> conn.close();
> }
> }
>
>
> ExpandedRabbitExample.java
> =====================
> import java.io.*;
> import java.security.*;
> import javax.net.ssl.*;
>
> import com.rabbitmq.client.*;
>
> public class ExpandedRabbitExample
> {
> private static final String TRUSTSTORE =
> "/path/to/qpid/java/test-profiles/test_resources/ssl/java_client_truststore.jks";
> private static final String TRUSTSTORE_PASSWORD = "password";
>
> public static void main(String[] args) throws Exception
> {
> KeyStore tks = KeyStore.getInstance("JKS");
> tks.load(new FileInputStream(TRUSTSTORE),
> TRUSTSTORE_PASSWORD.toCharArray());
>
> TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
> tmf.init(tks);
>
> SSLContext c = SSLContext.getInstance("TLS");
> c.init(null, tmf.getTrustManagers(), null);
>
> ConnectionFactory factory = new ConnectionFactory();
> factory.setHost("localhost");
> factory.setPort(5671);
> factory.useSslProtocol(c);
>
> Connection conn = factory.newConnection();
> Channel channel = conn.createChannel();
>
> channel.queueDeclare("rabbitmq-java-test", false, true, true, null);
> channel.basicPublish("", "rabbitmq-java-test", null, "Hello,
> World".getBytes());
>
> GetResponse chResponse = channel.basicGet("rabbitmq-java-test", false);
> if(chResponse == null) {
> System.out.println("No message retrieved");
> } else {
> byte[] body = chResponse.getBody();
> System.out.println("Recieved: " + new String(body));
> }
>
> channel.close();
> conn.close();
> }
> }
>
>
> If you cant get the above working, it would be good if you turned on
> SSL debug logging to get more information by setting the
> 'javax.net.debug' system property to 'ssl' for both the client and
> broker (for which you can export "-Djavax.net.debug=ssl" into the
> JAVA_OPTS environment variable before startup to pass the value),
> which will cause them to emit SSL logging to stdout.
>
> Robbie
>
> On 13 November 2011 00:52, Joe Porto <Jo...@agilex.com> wrote:
>> Hmm I tried this again (this time with the trunk version of qpid) with the same problem (socket times out)… I put the broker_keystore path in the config file…. Did you? Can you list the steps you did to make this work? And the code you're using on the client?
>>
>>
>> Joe
>> ________________________________________
>> From: Robbie Gemmell [robbie.gemmell@gmail.com]
>> Sent: Friday, November 11, 2011 6:03 PM
>> To: users@qpid.apache.org
>> Subject: Re: SSL connection problems from rabbitMQ client
>>
>> On 11 November 2011 22:13, Joe Porto <Jo...@agilex.com> wrote:
>>> I'm assuming you imported those files into your keystore…. When I do that, I'm getting the following error:
>>>
>>
>> Which files? The test ones I mentioned from our repo? Those already
>> are keystore files, with our test certificates/keys/cacerts imported
>> as necessary, so you dont need to do anything to them to use them for
>> testing.
>>
>> My comments about importing were directed at the guide you linked to,
>> which says nothing about Java keystores because it seems to be for
>> configuring an HTTPD installation and therefore the files created by
>> it certainly wont work as-is.
>>
>>> Certificate not imported, alias <RootCA> already exists
>>>
>>> I've tried running: keytool -delete -alias RootCA
>>>
>>> But, I get an exception: keystore file does not exist….. I've been messing around with trying to tell it which keystore, but I don't know which keystore it's complaining about?
>>>
>>> Keystore –list returns an error saying keystore file does not exist… (and the path to follow doesn't exist…)
>>>
>>
>> You dont appear to be telling it any keystore file location (
>> -keystore <store>) in the above commands, so I imagine it is just
>> looking in the default location as a result?
>>
>> This isnt a process we have documented since there are a wealth of
>> different options to choose from, everyones needs are slightly
>> different, and the various component parts of [self signed] SSL
>> certificates and Java with SSL are documented to death elsewhere
>> already...but perhaps we need to.
>>
>>> Joe
>>>
>>> From: Robbie Gemmell <ro...@gmail.com>>
>>> Date: Thu, 10 Nov 2011 18:10:53 -0500
>>> To: Joe Porto <jo...@agilex.com>>
>>> Cc: "users@qpid.apache.org<ma...@qpid.apache.org>" <us...@qpid.apache.org>>
>>> Subject: Re: SSL connection problems from rabbitMQ client
>>>
>>> Are you just using the files created from that guide directly? If so
>>> that could be the problem, since you need to import the certificate /
>>> key into a truststore / keystore file before using them, e.g. using
>>> the keytool command bundled with the JDK.
>>>
>>> Robbie
>>>
>>> On 10 November 2011 22:21, Joe Porto <Jo...@agilex.com>> wrote:
>>> Ah I read your response too quickly! I enabled the use SSL setting to true
>>> in the config.xml…and I used the keystore and truststore that I created
>>> myself following this website:
>>> http://www.akadia.com/services/ssh_test_certificate.html
>>> I'll give the sample ones a shot…
>>>
>>> Joe
>>>
>>> From: Robbie Gemmell <ro...@gmail.com>>
>>>
>>> Date: Thu, 10 Nov 2011 16:48:32 -0500
>>> To: Joe Porto <jo...@agilex.com>>
>>> Cc: "users@qpid.apache.org<ma...@qpid.apache.org>" <us...@qpid.apache.org>>
>>> Subject: Re: SSL connection problems from rabbitMQ client
>>>
>>> Erm, so was I ? :)
>>> Robbie
>>> On 10 November 2011 21:26, Joe Porto <Jo...@agilex.com>> wrote:
>>>
>>> I was using a Qpid Broker…
>>> Joe
>>> From: Robbie Gemmell <ro...@gmail.com>>
>>> Date: Thu, 10 Nov 2011 16:20:54 -0500
>>> To: Joe Porto <jo...@agilex.com>>
>>> Cc: "users@qpid.apache.org<ma...@qpid.apache.org>" <us...@qpid.apache.org>>
>>> Subject: Re: SSL connection problems from rabbitMQ client
>>> Hi Joe,
>>> I just tried out connecting the RabbitMQ client using SSL to the
>>> latest trunk revision of the Java broker, and it seemed to work ok
>>> (well, it did make me notice that when we changed IO layers for the
>>> broker and some protocols for the client recently that we missed a
>>> limitation of SSLSocket that mean ConnectionClose currently generates
>>> a nice stacktrace...but other than that, it works). Deliberately
>>> making the client connect to the brokers 'plain' port failed as
>>> expected, as did setting the client not to use SSL and connecting it
>>> to the brokers SSL port. As well as the simpler 'no verification'
>>> example you were using, I used an exapanded example based on those at
>>> http://www.rabbitmq.com/ssl.html (the Java broker doesnt currently
>>> support validating client certificates so I removed those bits).
>>> Could you share how you are configuring the broker, and creating your
>>> certificates? I used the broker keystore and client truststore we use
>>> in our tests, which are located at
>>> qpid/java/test-profiles/test_resources/ssl/java_broker_keystore.jks
>>> and qpid/java/test-profiles/test_resources/ssl/java_client_truststore.jks
>>> in a checkout of our trunk
>>> (http://svn.apache.org/repos/asf/qpid/trunk/)
>>> Regards,
>>> Robbie
>>> On 9 November 2011 20:45, Joe Porto <Jo...@agilex.com>> wrote:
>>> I don't know… only have been playing with the qpid broker….
>>> From: Robbie Gemmell <ro...@gmail.com>>
>>> Date: Wed, 9 Nov 2011 15:44:04 -0500
>>> To: "users@qpid.apache.org<ma...@qpid.apache.org>" <us...@qpid.apache.org>>
>>> Cc: Joe Porto <jo...@agilex.com>>
>>> Subject: Re: SSL connection problems from rabbitMQ client
>>> Interesting. This isnt a combination that I have tried before, but I
>>> dont know any obvious reason it wouldnt work. I will try to take a
>>> look at it, but it isnt likely to be for a few days at best. The
>>> default example broker config was changed to use port 5671 because
>>> that is the assigned port for AMQP + SSL, I dont know where the number
>>> previously [not] used in the config came from.
>>> Out of interest, do you know if the client SSL example works ok when
>>> using the RabbitMQ broker?
>>> Robbie
>>> On 8 November 2011 20:55, Joe Porto <Jo...@agilex.com>> wrote:
>>> Hi Robbie,
>>> Thanks for the quick feedback. I installed the .15 version and enabled the
>>> configuration to use SSL (interesting they changed the port to 5671). It
>>> still fails from the client side at the same point (when it's trying to send
>>> the header) , but this time it doesn't throw an error in the server log.
>>> Thoughts?
>>> Joe
>>> From: Robbie Gemmell <ro...@gmail.com>>
>>> Reply-To: "users@qpid.apache.org<ma...@qpid.apache.org>" <us...@qpid.apache.org>>
>>> Date: Tue, 8 Nov 2011 15:16:04 -0500
>>> To: "users@qpid.apache.org<ma...@qpid.apache.org>" <us...@qpid.apache.org>>
>>> Subject: Re: SSL connection problems from rabbitMQ client
>>> Put simply, SSL support in the broker wasnt functional until after
>>> 0.12 was finalised. It was fixed as part of the development stream for
>>> 0.14, which branched from trunk a few days ago for release in around a
>>> month.
>>> You will need to use a non-release version if you want to make it work
>>> in the mean time. You can get a nightly release build of the current
>>> trunk broker at the following URL if you want to at least try it out:
>>> https://builds.apache.org/view/M-R/view/Qpid/job/Qpid-Java-Release/lastSuccessfulBuild/artifact/trunk/qpid/java/broker/release/
>>> Robbie
>>> On 8 November 2011 19:42, Joe Porto <Jo...@agilex.com>> wrote:
>>> I am running the .12 release of a java qpid broker. I am trying to access
>>> it via a rabbitmq java client. When not using SSL, this works well and I am
>>> able to send and receive a msg on the client. When I enable SSL and try to
>>> connect to the SSL port on the broker, I get a SocketTimeOutException on the
>>> client side. Tracing through the rabbitMQ code – it looks like this occurs
>>> when the client tries sending just the AMQP header. On the qpid broker,
>>> this error is thrown in the log:
>>> ERROR [MINANetworkDriver(Acceptor)-15] (MINANetworkDriver.java:315) -
>>> Exception thrown and no ProtocolEngine to handle it
>>> java.lang.NullPointerException
>>> at
>>> org.apache.qpid.transport.network.mina.MINANetworkDriver.messageReceived(MINANetworkDriver.java:337)
>>> at
>>> org.apache.mina.common.support.AbstractIoFilterChain$TailFilter.messageReceived(AbstractIoFilterChain.java:703)
>>> at
>>> org.apache.mina.common.support.AbstractIoFilterChain.callNextMessageReceived(AbstractIoFilterChain.java:362)
>>> at
>>> org.apache.mina.common.support.AbstractIoFilterChain.access$1200(AbstractIoFilterChain.java:54)
>>> at
>>> org.apache.mina.common.support.AbstractIoFilterChain$EntryImpl$1.messageReceived(AbstractIoFilterChain.java:800)
>>> at
>>> org.apache.mina.filter.executor.ExecutorFilter.processEvent(ExecutorFilter.java:243)
>>> at
>>> org.apache.mina.filter.executor.ExecutorFilter$ProcessEventsRunnable.run(ExecutorFilter.java:305)
>>> at
>>> edu.emory.mathcs.backport.java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:665)
>>> at
>>> edu.emory.mathcs.backport.java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:690)
>>> at java.lang.Thread.run(Thread.java:680)
>>> ---------------------------
>>> My sample client code looks like this: (the client hangs on
>>> factory.newConnection();, and eventually the socket times out)
>>> ConnectionFactory factory = new ConnectionFactory();
>>> factory.setHost("10.1.21.21");
>>> factory.setPort(8672);
>>> factory.setVirtualHost("10.1.21.21");
>>> factory.useSslProtocol("TLS");
>>> Connection conn = factory.newConnection();
>>> Channel channel = conn.createChannel();
>>> …
>>> ---------------------
>>> Any help would be greatly appreciated!
>>> -Joe
>>> ---------------------------------------------------------------------
>>> Apache Qpid - AMQP Messaging Implementation
>>> Project: http://qpid.apache.org
>>> Use/Interact: mailto:users-subscribe@qpid.apache.org
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>
>> ---------------------------------------------------------------------
>> Apache Qpid - AMQP Messaging Implementation
>> Project: http://qpid.apache.org
>> Use/Interact: mailto:users-subscribe@qpid.apache.org
>>
>>
>> ---------------------------------------------------------------------
>> Apache Qpid - AMQP Messaging Implementation
>> Project: http://qpid.apache.org
>> Use/Interact: mailto:users-subscribe@qpid.apache.org
>>
>>
>
> ---------------------------------------------------------------------
> Apache Qpid - AMQP Messaging Implementation
> Project: http://qpid.apache.org
> Use/Interact: mailto:users-subscribe@qpid.apache.org
>
>
> ---------------------------------------------------------------------
> Apache Qpid - AMQP Messaging Implementation
> Project: http://qpid.apache.org
> Use/Interact: mailto:users-subscribe@qpid.apache.org
>
>
---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project: http://qpid.apache.org
Use/Interact: mailto:users-subscribe@qpid.apache.org
RE: SSL connection problems from rabbitMQ client
Posted by Joe Porto <Jo...@agilex.com>.
Hmm
Still no luck... How do you pass those variables to an android application? I'm running through eclipse... Also, qpid doesn't seem to make use of the JAVA_OPTS variable? I've changed that, but don't see any SSL debug output (I'm running qpid by the qpid-server command.. )
Joe
________________________________________
From: Robbie Gemmell [robbie.gemmell@gmail.com]
Sent: Sunday, November 13, 2011 1:38 PM
To: users@qpid.apache.org
Subject: Re: SSL connection problems from rabbitMQ client
Hi Joe,
For the broker side I edited the etc/config.xml file as follows:
1. Enable SSL by setting connector.ssl.enabled to true.
2. Give the keystore path via connector.ssl.keyStorePath
3. Give the keystore password via connector.ssl.keyStorePassword (I
admitedly forgot to tell you that its 'password' for those keystore
files, but it complains about that if its wrong).
Giving the following (replacing /path/to as appropriate):
...
<connector>
<ssl>
<port>5671</port>
<enabled>true</enabled>
<sslOnly>false</sslOnly>
<keyStorePath>/path/to/qpid/java/test-profiles/test_resources/ssl/java_broker_keystore.jks</keyStorePath>
<keyStorePassword>password</keyStorePassword>
</ssl>
...etc
For the client side I used two examples based on those at
http://www.rabbitmq.com/ssl.html, the first of which doesnt specify a
truststore and a second which does:
RabbitExample.java
==============
import java.io.*;
import java.security.*;
import javax.net.ssl.*;
import com.rabbitmq.client.*;
public class RabbitExample
{
public static void main(String[] args) throws Exception
{
ConnectionFactory factory = new ConnectionFactory();
factory.setHost("localhost");
factory.setPort(5671);
factory.useSslProtocol("TLS"); //Using just
factory.useSslProtocol(); works equally well here.
Connection conn = factory.newConnection();
Channel channel = conn.createChannel();
channel.queueDeclare("rabbitmq-java-test", false, true, true, null);
channel.basicPublish("", "rabbitmq-java-test", null, "Hello,
World".getBytes());
GetResponse chResponse = channel.basicGet("rabbitmq-java-test", false);
if(chResponse == null) {
System.out.println("No message retrieved");
} else {
byte[] body = chResponse.getBody();
System.out.println("Recieved: " + new String(body));
}
channel.close();
conn.close();
}
}
ExpandedRabbitExample.java
=====================
import java.io.*;
import java.security.*;
import javax.net.ssl.*;
import com.rabbitmq.client.*;
public class ExpandedRabbitExample
{
private static final String TRUSTSTORE =
"/path/to/qpid/java/test-profiles/test_resources/ssl/java_client_truststore.jks";
private static final String TRUSTSTORE_PASSWORD = "password";
public static void main(String[] args) throws Exception
{
KeyStore tks = KeyStore.getInstance("JKS");
tks.load(new FileInputStream(TRUSTSTORE),
TRUSTSTORE_PASSWORD.toCharArray());
TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
tmf.init(tks);
SSLContext c = SSLContext.getInstance("TLS");
c.init(null, tmf.getTrustManagers(), null);
ConnectionFactory factory = new ConnectionFactory();
factory.setHost("localhost");
factory.setPort(5671);
factory.useSslProtocol(c);
Connection conn = factory.newConnection();
Channel channel = conn.createChannel();
channel.queueDeclare("rabbitmq-java-test", false, true, true, null);
channel.basicPublish("", "rabbitmq-java-test", null, "Hello,
World".getBytes());
GetResponse chResponse = channel.basicGet("rabbitmq-java-test", false);
if(chResponse == null) {
System.out.println("No message retrieved");
} else {
byte[] body = chResponse.getBody();
System.out.println("Recieved: " + new String(body));
}
channel.close();
conn.close();
}
}
If you cant get the above working, it would be good if you turned on
SSL debug logging to get more information by setting the
'javax.net.debug' system property to 'ssl' for both the client and
broker (for which you can export "-Djavax.net.debug=ssl" into the
JAVA_OPTS environment variable before startup to pass the value),
which will cause them to emit SSL logging to stdout.
Robbie
On 13 November 2011 00:52, Joe Porto <Jo...@agilex.com> wrote:
> Hmm I tried this again (this time with the trunk version of qpid) with the same problem (socket times out)… I put the broker_keystore path in the config file…. Did you? Can you list the steps you did to make this work? And the code you're using on the client?
>
>
> Joe
> ________________________________________
> From: Robbie Gemmell [robbie.gemmell@gmail.com]
> Sent: Friday, November 11, 2011 6:03 PM
> To: users@qpid.apache.org
> Subject: Re: SSL connection problems from rabbitMQ client
>
> On 11 November 2011 22:13, Joe Porto <Jo...@agilex.com> wrote:
>> I'm assuming you imported those files into your keystore…. When I do that, I'm getting the following error:
>>
>
> Which files? The test ones I mentioned from our repo? Those already
> are keystore files, with our test certificates/keys/cacerts imported
> as necessary, so you dont need to do anything to them to use them for
> testing.
>
> My comments about importing were directed at the guide you linked to,
> which says nothing about Java keystores because it seems to be for
> configuring an HTTPD installation and therefore the files created by
> it certainly wont work as-is.
>
>> Certificate not imported, alias <RootCA> already exists
>>
>> I've tried running: keytool -delete -alias RootCA
>>
>> But, I get an exception: keystore file does not exist….. I've been messing around with trying to tell it which keystore, but I don't know which keystore it's complaining about?
>>
>> Keystore –list returns an error saying keystore file does not exist… (and the path to follow doesn't exist…)
>>
>
> You dont appear to be telling it any keystore file location (
> -keystore <store>) in the above commands, so I imagine it is just
> looking in the default location as a result?
>
> This isnt a process we have documented since there are a wealth of
> different options to choose from, everyones needs are slightly
> different, and the various component parts of [self signed] SSL
> certificates and Java with SSL are documented to death elsewhere
> already...but perhaps we need to.
>
>> Joe
>>
>> From: Robbie Gemmell <ro...@gmail.com>>
>> Date: Thu, 10 Nov 2011 18:10:53 -0500
>> To: Joe Porto <jo...@agilex.com>>
>> Cc: "users@qpid.apache.org<ma...@qpid.apache.org>" <us...@qpid.apache.org>>
>> Subject: Re: SSL connection problems from rabbitMQ client
>>
>> Are you just using the files created from that guide directly? If so
>> that could be the problem, since you need to import the certificate /
>> key into a truststore / keystore file before using them, e.g. using
>> the keytool command bundled with the JDK.
>>
>> Robbie
>>
>> On 10 November 2011 22:21, Joe Porto <Jo...@agilex.com>> wrote:
>> Ah I read your response too quickly! I enabled the use SSL setting to true
>> in the config.xml…and I used the keystore and truststore that I created
>> myself following this website:
>> http://www.akadia.com/services/ssh_test_certificate.html
>> I'll give the sample ones a shot…
>>
>> Joe
>>
>> From: Robbie Gemmell <ro...@gmail.com>>
>>
>> Date: Thu, 10 Nov 2011 16:48:32 -0500
>> To: Joe Porto <jo...@agilex.com>>
>> Cc: "users@qpid.apache.org<ma...@qpid.apache.org>" <us...@qpid.apache.org>>
>> Subject: Re: SSL connection problems from rabbitMQ client
>>
>> Erm, so was I ? :)
>> Robbie
>> On 10 November 2011 21:26, Joe Porto <Jo...@agilex.com>> wrote:
>>
>> I was using a Qpid Broker…
>> Joe
>> From: Robbie Gemmell <ro...@gmail.com>>
>> Date: Thu, 10 Nov 2011 16:20:54 -0500
>> To: Joe Porto <jo...@agilex.com>>
>> Cc: "users@qpid.apache.org<ma...@qpid.apache.org>" <us...@qpid.apache.org>>
>> Subject: Re: SSL connection problems from rabbitMQ client
>> Hi Joe,
>> I just tried out connecting the RabbitMQ client using SSL to the
>> latest trunk revision of the Java broker, and it seemed to work ok
>> (well, it did make me notice that when we changed IO layers for the
>> broker and some protocols for the client recently that we missed a
>> limitation of SSLSocket that mean ConnectionClose currently generates
>> a nice stacktrace...but other than that, it works). Deliberately
>> making the client connect to the brokers 'plain' port failed as
>> expected, as did setting the client not to use SSL and connecting it
>> to the brokers SSL port. As well as the simpler 'no verification'
>> example you were using, I used an exapanded example based on those at
>> http://www.rabbitmq.com/ssl.html (the Java broker doesnt currently
>> support validating client certificates so I removed those bits).
>> Could you share how you are configuring the broker, and creating your
>> certificates? I used the broker keystore and client truststore we use
>> in our tests, which are located at
>> qpid/java/test-profiles/test_resources/ssl/java_broker_keystore.jks
>> and qpid/java/test-profiles/test_resources/ssl/java_client_truststore.jks
>> in a checkout of our trunk
>> (http://svn.apache.org/repos/asf/qpid/trunk/)
>> Regards,
>> Robbie
>> On 9 November 2011 20:45, Joe Porto <Jo...@agilex.com>> wrote:
>> I don't know… only have been playing with the qpid broker….
>> From: Robbie Gemmell <ro...@gmail.com>>
>> Date: Wed, 9 Nov 2011 15:44:04 -0500
>> To: "users@qpid.apache.org<ma...@qpid.apache.org>" <us...@qpid.apache.org>>
>> Cc: Joe Porto <jo...@agilex.com>>
>> Subject: Re: SSL connection problems from rabbitMQ client
>> Interesting. This isnt a combination that I have tried before, but I
>> dont know any obvious reason it wouldnt work. I will try to take a
>> look at it, but it isnt likely to be for a few days at best. The
>> default example broker config was changed to use port 5671 because
>> that is the assigned port for AMQP + SSL, I dont know where the number
>> previously [not] used in the config came from.
>> Out of interest, do you know if the client SSL example works ok when
>> using the RabbitMQ broker?
>> Robbie
>> On 8 November 2011 20:55, Joe Porto <Jo...@agilex.com>> wrote:
>> Hi Robbie,
>> Thanks for the quick feedback. I installed the .15 version and enabled the
>> configuration to use SSL (interesting they changed the port to 5671). It
>> still fails from the client side at the same point (when it's trying to send
>> the header) , but this time it doesn't throw an error in the server log.
>> Thoughts?
>> Joe
>> From: Robbie Gemmell <ro...@gmail.com>>
>> Reply-To: "users@qpid.apache.org<ma...@qpid.apache.org>" <us...@qpid.apache.org>>
>> Date: Tue, 8 Nov 2011 15:16:04 -0500
>> To: "users@qpid.apache.org<ma...@qpid.apache.org>" <us...@qpid.apache.org>>
>> Subject: Re: SSL connection problems from rabbitMQ client
>> Put simply, SSL support in the broker wasnt functional until after
>> 0.12 was finalised. It was fixed as part of the development stream for
>> 0.14, which branched from trunk a few days ago for release in around a
>> month.
>> You will need to use a non-release version if you want to make it work
>> in the mean time. You can get a nightly release build of the current
>> trunk broker at the following URL if you want to at least try it out:
>> https://builds.apache.org/view/M-R/view/Qpid/job/Qpid-Java-Release/lastSuccessfulBuild/artifact/trunk/qpid/java/broker/release/
>> Robbie
>> On 8 November 2011 19:42, Joe Porto <Jo...@agilex.com>> wrote:
>> I am running the .12 release of a java qpid broker. I am trying to access
>> it via a rabbitmq java client. When not using SSL, this works well and I am
>> able to send and receive a msg on the client. When I enable SSL and try to
>> connect to the SSL port on the broker, I get a SocketTimeOutException on the
>> client side. Tracing through the rabbitMQ code – it looks like this occurs
>> when the client tries sending just the AMQP header. On the qpid broker,
>> this error is thrown in the log:
>> ERROR [MINANetworkDriver(Acceptor)-15] (MINANetworkDriver.java:315) -
>> Exception thrown and no ProtocolEngine to handle it
>> java.lang.NullPointerException
>> at
>> org.apache.qpid.transport.network.mina.MINANetworkDriver.messageReceived(MINANetworkDriver.java:337)
>> at
>> org.apache.mina.common.support.AbstractIoFilterChain$TailFilter.messageReceived(AbstractIoFilterChain.java:703)
>> at
>> org.apache.mina.common.support.AbstractIoFilterChain.callNextMessageReceived(AbstractIoFilterChain.java:362)
>> at
>> org.apache.mina.common.support.AbstractIoFilterChain.access$1200(AbstractIoFilterChain.java:54)
>> at
>> org.apache.mina.common.support.AbstractIoFilterChain$EntryImpl$1.messageReceived(AbstractIoFilterChain.java:800)
>> at
>> org.apache.mina.filter.executor.ExecutorFilter.processEvent(ExecutorFilter.java:243)
>> at
>> org.apache.mina.filter.executor.ExecutorFilter$ProcessEventsRunnable.run(ExecutorFilter.java:305)
>> at
>> edu.emory.mathcs.backport.java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:665)
>> at
>> edu.emory.mathcs.backport.java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:690)
>> at java.lang.Thread.run(Thread.java:680)
>> ---------------------------
>> My sample client code looks like this: (the client hangs on
>> factory.newConnection();, and eventually the socket times out)
>> ConnectionFactory factory = new ConnectionFactory();
>> factory.setHost("10.1.21.21");
>> factory.setPort(8672);
>> factory.setVirtualHost("10.1.21.21");
>> factory.useSslProtocol("TLS");
>> Connection conn = factory.newConnection();
>> Channel channel = conn.createChannel();
>> …
>> ---------------------
>> Any help would be greatly appreciated!
>> -Joe
>> ---------------------------------------------------------------------
>> Apache Qpid - AMQP Messaging Implementation
>> Project: http://qpid.apache.org
>> Use/Interact: mailto:users-subscribe@qpid.apache.org
>>
>>
>>
>>
>>
>>
>>
>
> ---------------------------------------------------------------------
> Apache Qpid - AMQP Messaging Implementation
> Project: http://qpid.apache.org
> Use/Interact: mailto:users-subscribe@qpid.apache.org
>
>
> ---------------------------------------------------------------------
> Apache Qpid - AMQP Messaging Implementation
> Project: http://qpid.apache.org
> Use/Interact: mailto:users-subscribe@qpid.apache.org
>
>
---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project: http://qpid.apache.org
Use/Interact: mailto:users-subscribe@qpid.apache.org
---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project: http://qpid.apache.org
Use/Interact: mailto:users-subscribe@qpid.apache.org
Re: SSL connection problems from rabbitMQ client
Posted by Robbie Gemmell <ro...@gmail.com>.
The config in that area has changed since 0.12 to make it consistent
both in itself and with other areas of the config file. I imagine you
are getting a deprecated warning in your log file for the keystore
path/password, though they should still be getting picked up using the
old config naming. In general you should use the up to date example
config.xml as your starting point for a given revision of the code.
Robbie
On 13 November 2011 20:59, Joe Porto <Jo...@agilex.com> wrote:
> PS My config.xml file looks like this (slightly different than yours, maybe because it's .012 version ) ?:
>
> <connector>
> <!-- To enable SSL edit the keystorePath and keystorePassword
> and set enabled to true.
> To disasble Non-SSL port set sslOnly to true -->
> <ssl>
> <enabled>true</enabled>
> <sslOnly>false</sslOnly>
> <keystorePath>/Users/portohome/Development/java_broker_keystore.jks</keystorePath>
> <keystorePassword>password</keystorePassword>
> </ssl>
> <qpidnio>false</qpidnio>
> <protectio>
> <enabled>false</enabled>
> <readBufferLimitSize>262144</readBufferLimitSize>
> <writeBufferLimitSize>262144</writeBufferLimitSize>
> </protectio>
> <transport>nio</transport>
> <port>5672</port>
> <sslport>8672</sslport>
> <socketReceiveBuffer>32768</socketReceiveBuffer>
> <socketSendBuffer>32768</socketSendBuffer>
> </connector>
>
> -Joe
> ________________________________________
> From: Robbie Gemmell [robbie.gemmell@gmail.com]
> Sent: Sunday, November 13, 2011 1:38 PM
> To: users@qpid.apache.org
> Subject: Re: SSL connection problems from rabbitMQ client
>
> Hi Joe,
>
> For the broker side I edited the etc/config.xml file as follows:
> 1. Enable SSL by setting connector.ssl.enabled to true.
> 2. Give the keystore path via connector.ssl.keyStorePath
> 3. Give the keystore password via connector.ssl.keyStorePassword (I
> admitedly forgot to tell you that its 'password' for those keystore
> files, but it complains about that if its wrong).
>
> Giving the following (replacing /path/to as appropriate):
> ...
> <connector>
> <ssl>
> <port>5671</port>
> <enabled>true</enabled>
> <sslOnly>false</sslOnly>
> <keyStorePath>/path/to/qpid/java/test-profiles/test_resources/ssl/java_broker_keystore.jks</keyStorePath>
> <keyStorePassword>password</keyStorePassword>
> </ssl>
> ...etc
>
> For the client side I used two examples based on those at
> http://www.rabbitmq.com/ssl.html, the first of which doesnt specify a
> truststore and a second which does:
>
> RabbitExample.java
> ==============
> import java.io.*;
> import java.security.*;
> import javax.net.ssl.*;
>
> import com.rabbitmq.client.*;
>
> public class RabbitExample
> {
> public static void main(String[] args) throws Exception
> {
> ConnectionFactory factory = new ConnectionFactory();
> factory.setHost("localhost");
> factory.setPort(5671);
> factory.useSslProtocol("TLS"); //Using just
> factory.useSslProtocol(); works equally well here.
>
> Connection conn = factory.newConnection();
> Channel channel = conn.createChannel();
>
> channel.queueDeclare("rabbitmq-java-test", false, true, true, null);
> channel.basicPublish("", "rabbitmq-java-test", null, "Hello,
> World".getBytes());
>
> GetResponse chResponse = channel.basicGet("rabbitmq-java-test", false);
> if(chResponse == null) {
> System.out.println("No message retrieved");
> } else {
> byte[] body = chResponse.getBody();
> System.out.println("Recieved: " + new String(body));
> }
>
> channel.close();
> conn.close();
> }
> }
>
>
> ExpandedRabbitExample.java
> =====================
> import java.io.*;
> import java.security.*;
> import javax.net.ssl.*;
>
> import com.rabbitmq.client.*;
>
> public class ExpandedRabbitExample
> {
> private static final String TRUSTSTORE =
> "/path/to/qpid/java/test-profiles/test_resources/ssl/java_client_truststore.jks";
> private static final String TRUSTSTORE_PASSWORD = "password";
>
> public static void main(String[] args) throws Exception
> {
> KeyStore tks = KeyStore.getInstance("JKS");
> tks.load(new FileInputStream(TRUSTSTORE),
> TRUSTSTORE_PASSWORD.toCharArray());
>
> TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
> tmf.init(tks);
>
> SSLContext c = SSLContext.getInstance("TLS");
> c.init(null, tmf.getTrustManagers(), null);
>
> ConnectionFactory factory = new ConnectionFactory();
> factory.setHost("localhost");
> factory.setPort(5671);
> factory.useSslProtocol(c);
>
> Connection conn = factory.newConnection();
> Channel channel = conn.createChannel();
>
> channel.queueDeclare("rabbitmq-java-test", false, true, true, null);
> channel.basicPublish("", "rabbitmq-java-test", null, "Hello,
> World".getBytes());
>
> GetResponse chResponse = channel.basicGet("rabbitmq-java-test", false);
> if(chResponse == null) {
> System.out.println("No message retrieved");
> } else {
> byte[] body = chResponse.getBody();
> System.out.println("Recieved: " + new String(body));
> }
>
> channel.close();
> conn.close();
> }
> }
>
>
> If you cant get the above working, it would be good if you turned on
> SSL debug logging to get more information by setting the
> 'javax.net.debug' system property to 'ssl' for both the client and
> broker (for which you can export "-Djavax.net.debug=ssl" into the
> JAVA_OPTS environment variable before startup to pass the value),
> which will cause them to emit SSL logging to stdout.
>
> Robbie
>
> On 13 November 2011 00:52, Joe Porto <Jo...@agilex.com> wrote:
>> Hmm I tried this again (this time with the trunk version of qpid) with the same problem (socket times out)… I put the broker_keystore path in the config file…. Did you? Can you list the steps you did to make this work? And the code you're using on the client?
>>
>>
>> Joe
>> ________________________________________
>> From: Robbie Gemmell [robbie.gemmell@gmail.com]
>> Sent: Friday, November 11, 2011 6:03 PM
>> To: users@qpid.apache.org
>> Subject: Re: SSL connection problems from rabbitMQ client
>>
>> On 11 November 2011 22:13, Joe Porto <Jo...@agilex.com> wrote:
>>> I'm assuming you imported those files into your keystore…. When I do that, I'm getting the following error:
>>>
>>
>> Which files? The test ones I mentioned from our repo? Those already
>> are keystore files, with our test certificates/keys/cacerts imported
>> as necessary, so you dont need to do anything to them to use them for
>> testing.
>>
>> My comments about importing were directed at the guide you linked to,
>> which says nothing about Java keystores because it seems to be for
>> configuring an HTTPD installation and therefore the files created by
>> it certainly wont work as-is.
>>
>>> Certificate not imported, alias <RootCA> already exists
>>>
>>> I've tried running: keytool -delete -alias RootCA
>>>
>>> But, I get an exception: keystore file does not exist….. I've been messing around with trying to tell it which keystore, but I don't know which keystore it's complaining about?
>>>
>>> Keystore –list returns an error saying keystore file does not exist… (and the path to follow doesn't exist…)
>>>
>>
>> You dont appear to be telling it any keystore file location (
>> -keystore <store>) in the above commands, so I imagine it is just
>> looking in the default location as a result?
>>
>> This isnt a process we have documented since there are a wealth of
>> different options to choose from, everyones needs are slightly
>> different, and the various component parts of [self signed] SSL
>> certificates and Java with SSL are documented to death elsewhere
>> already...but perhaps we need to.
>>
>>> Joe
>>>
>>> From: Robbie Gemmell <ro...@gmail.com>>
>>> Date: Thu, 10 Nov 2011 18:10:53 -0500
>>> To: Joe Porto <jo...@agilex.com>>
>>> Cc: "users@qpid.apache.org<ma...@qpid.apache.org>" <us...@qpid.apache.org>>
>>> Subject: Re: SSL connection problems from rabbitMQ client
>>>
>>> Are you just using the files created from that guide directly? If so
>>> that could be the problem, since you need to import the certificate /
>>> key into a truststore / keystore file before using them, e.g. using
>>> the keytool command bundled with the JDK.
>>>
>>> Robbie
>>>
>>> On 10 November 2011 22:21, Joe Porto <Jo...@agilex.com>> wrote:
>>> Ah I read your response too quickly! I enabled the use SSL setting to true
>>> in the config.xml…and I used the keystore and truststore that I created
>>> myself following this website:
>>> http://www.akadia.com/services/ssh_test_certificate.html
>>> I'll give the sample ones a shot…
>>>
>>> Joe
>>>
>>> From: Robbie Gemmell <ro...@gmail.com>>
>>>
>>> Date: Thu, 10 Nov 2011 16:48:32 -0500
>>> To: Joe Porto <jo...@agilex.com>>
>>> Cc: "users@qpid.apache.org<ma...@qpid.apache.org>" <us...@qpid.apache.org>>
>>> Subject: Re: SSL connection problems from rabbitMQ client
>>>
>>> Erm, so was I ? :)
>>> Robbie
>>> On 10 November 2011 21:26, Joe Porto <Jo...@agilex.com>> wrote:
>>>
>>> I was using a Qpid Broker…
>>> Joe
>>> From: Robbie Gemmell <ro...@gmail.com>>
>>> Date: Thu, 10 Nov 2011 16:20:54 -0500
>>> To: Joe Porto <jo...@agilex.com>>
>>> Cc: "users@qpid.apache.org<ma...@qpid.apache.org>" <us...@qpid.apache.org>>
>>> Subject: Re: SSL connection problems from rabbitMQ client
>>> Hi Joe,
>>> I just tried out connecting the RabbitMQ client using SSL to the
>>> latest trunk revision of the Java broker, and it seemed to work ok
>>> (well, it did make me notice that when we changed IO layers for the
>>> broker and some protocols for the client recently that we missed a
>>> limitation of SSLSocket that mean ConnectionClose currently generates
>>> a nice stacktrace...but other than that, it works). Deliberately
>>> making the client connect to the brokers 'plain' port failed as
>>> expected, as did setting the client not to use SSL and connecting it
>>> to the brokers SSL port. As well as the simpler 'no verification'
>>> example you were using, I used an exapanded example based on those at
>>> http://www.rabbitmq.com/ssl.html (the Java broker doesnt currently
>>> support validating client certificates so I removed those bits).
>>> Could you share how you are configuring the broker, and creating your
>>> certificates? I used the broker keystore and client truststore we use
>>> in our tests, which are located at
>>> qpid/java/test-profiles/test_resources/ssl/java_broker_keystore.jks
>>> and qpid/java/test-profiles/test_resources/ssl/java_client_truststore.jks
>>> in a checkout of our trunk
>>> (http://svn.apache.org/repos/asf/qpid/trunk/)
>>> Regards,
>>> Robbie
>>> On 9 November 2011 20:45, Joe Porto <Jo...@agilex.com>> wrote:
>>> I don't know… only have been playing with the qpid broker….
>>> From: Robbie Gemmell <ro...@gmail.com>>
>>> Date: Wed, 9 Nov 2011 15:44:04 -0500
>>> To: "users@qpid.apache.org<ma...@qpid.apache.org>" <us...@qpid.apache.org>>
>>> Cc: Joe Porto <jo...@agilex.com>>
>>> Subject: Re: SSL connection problems from rabbitMQ client
>>> Interesting. This isnt a combination that I have tried before, but I
>>> dont know any obvious reason it wouldnt work. I will try to take a
>>> look at it, but it isnt likely to be for a few days at best. The
>>> default example broker config was changed to use port 5671 because
>>> that is the assigned port for AMQP + SSL, I dont know where the number
>>> previously [not] used in the config came from.
>>> Out of interest, do you know if the client SSL example works ok when
>>> using the RabbitMQ broker?
>>> Robbie
>>> On 8 November 2011 20:55, Joe Porto <Jo...@agilex.com>> wrote:
>>> Hi Robbie,
>>> Thanks for the quick feedback. I installed the .15 version and enabled the
>>> configuration to use SSL (interesting they changed the port to 5671). It
>>> still fails from the client side at the same point (when it's trying to send
>>> the header) , but this time it doesn't throw an error in the server log.
>>> Thoughts?
>>> Joe
>>> From: Robbie Gemmell <ro...@gmail.com>>
>>> Reply-To: "users@qpid.apache.org<ma...@qpid.apache.org>" <us...@qpid.apache.org>>
>>> Date: Tue, 8 Nov 2011 15:16:04 -0500
>>> To: "users@qpid.apache.org<ma...@qpid.apache.org>" <us...@qpid.apache.org>>
>>> Subject: Re: SSL connection problems from rabbitMQ client
>>> Put simply, SSL support in the broker wasnt functional until after
>>> 0.12 was finalised. It was fixed as part of the development stream for
>>> 0.14, which branched from trunk a few days ago for release in around a
>>> month.
>>> You will need to use a non-release version if you want to make it work
>>> in the mean time. You can get a nightly release build of the current
>>> trunk broker at the following URL if you want to at least try it out:
>>> https://builds.apache.org/view/M-R/view/Qpid/job/Qpid-Java-Release/lastSuccessfulBuild/artifact/trunk/qpid/java/broker/release/
>>> Robbie
>>> On 8 November 2011 19:42, Joe Porto <Jo...@agilex.com>> wrote:
>>> I am running the .12 release of a java qpid broker. I am trying to access
>>> it via a rabbitmq java client. When not using SSL, this works well and I am
>>> able to send and receive a msg on the client. When I enable SSL and try to
>>> connect to the SSL port on the broker, I get a SocketTimeOutException on the
>>> client side. Tracing through the rabbitMQ code – it looks like this occurs
>>> when the client tries sending just the AMQP header. On the qpid broker,
>>> this error is thrown in the log:
>>> ERROR [MINANetworkDriver(Acceptor)-15] (MINANetworkDriver.java:315) -
>>> Exception thrown and no ProtocolEngine to handle it
>>> java.lang.NullPointerException
>>> at
>>> org.apache.qpid.transport.network.mina.MINANetworkDriver.messageReceived(MINANetworkDriver.java:337)
>>> at
>>> org.apache.mina.common.support.AbstractIoFilterChain$TailFilter.messageReceived(AbstractIoFilterChain.java:703)
>>> at
>>> org.apache.mina.common.support.AbstractIoFilterChain.callNextMessageReceived(AbstractIoFilterChain.java:362)
>>> at
>>> org.apache.mina.common.support.AbstractIoFilterChain.access$1200(AbstractIoFilterChain.java:54)
>>> at
>>> org.apache.mina.common.support.AbstractIoFilterChain$EntryImpl$1.messageReceived(AbstractIoFilterChain.java:800)
>>> at
>>> org.apache.mina.filter.executor.ExecutorFilter.processEvent(ExecutorFilter.java:243)
>>> at
>>> org.apache.mina.filter.executor.ExecutorFilter$ProcessEventsRunnable.run(ExecutorFilter.java:305)
>>> at
>>> edu.emory.mathcs.backport.java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:665)
>>> at
>>> edu.emory.mathcs.backport.java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:690)
>>> at java.lang.Thread.run(Thread.java:680)
>>> ---------------------------
>>> My sample client code looks like this: (the client hangs on
>>> factory.newConnection();, and eventually the socket times out)
>>> ConnectionFactory factory = new ConnectionFactory();
>>> factory.setHost("10.1.21.21");
>>> factory.setPort(8672);
>>> factory.setVirtualHost("10.1.21.21");
>>> factory.useSslProtocol("TLS");
>>> Connection conn = factory.newConnection();
>>> Channel channel = conn.createChannel();
>>> …
>>> ---------------------
>>> Any help would be greatly appreciated!
>>> -Joe
>>> ---------------------------------------------------------------------
>>> Apache Qpid - AMQP Messaging Implementation
>>> Project: http://qpid.apache.org
>>> Use/Interact: mailto:users-subscribe@qpid.apache.org
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>
>> ---------------------------------------------------------------------
>> Apache Qpid - AMQP Messaging Implementation
>> Project: http://qpid.apache.org
>> Use/Interact: mailto:users-subscribe@qpid.apache.org
>>
>>
>> ---------------------------------------------------------------------
>> Apache Qpid - AMQP Messaging Implementation
>> Project: http://qpid.apache.org
>> Use/Interact: mailto:users-subscribe@qpid.apache.org
>>
>>
>
> ---------------------------------------------------------------------
> Apache Qpid - AMQP Messaging Implementation
> Project: http://qpid.apache.org
> Use/Interact: mailto:users-subscribe@qpid.apache.org
>
>
> ---------------------------------------------------------------------
> Apache Qpid - AMQP Messaging Implementation
> Project: http://qpid.apache.org
> Use/Interact: mailto:users-subscribe@qpid.apache.org
>
>
---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project: http://qpid.apache.org
Use/Interact: mailto:users-subscribe@qpid.apache.org
RE: SSL connection problems from rabbitMQ client
Posted by Joe Porto <Jo...@agilex.com>.
PS My config.xml file looks like this (slightly different than yours, maybe because it's .012 version ) ?:
<connector>
<!-- To enable SSL edit the keystorePath and keystorePassword
and set enabled to true.
To disasble Non-SSL port set sslOnly to true -->
<ssl>
<enabled>true</enabled>
<sslOnly>false</sslOnly>
<keystorePath>/Users/portohome/Development/java_broker_keystore.jks</keystorePath>
<keystorePassword>password</keystorePassword>
</ssl>
<qpidnio>false</qpidnio>
<protectio>
<enabled>false</enabled>
<readBufferLimitSize>262144</readBufferLimitSize>
<writeBufferLimitSize>262144</writeBufferLimitSize>
</protectio>
<transport>nio</transport>
<port>5672</port>
<sslport>8672</sslport>
<socketReceiveBuffer>32768</socketReceiveBuffer>
<socketSendBuffer>32768</socketSendBuffer>
</connector>
-Joe
________________________________________
From: Robbie Gemmell [robbie.gemmell@gmail.com]
Sent: Sunday, November 13, 2011 1:38 PM
To: users@qpid.apache.org
Subject: Re: SSL connection problems from rabbitMQ client
Hi Joe,
For the broker side I edited the etc/config.xml file as follows:
1. Enable SSL by setting connector.ssl.enabled to true.
2. Give the keystore path via connector.ssl.keyStorePath
3. Give the keystore password via connector.ssl.keyStorePassword (I
admitedly forgot to tell you that its 'password' for those keystore
files, but it complains about that if its wrong).
Giving the following (replacing /path/to as appropriate):
...
<connector>
<ssl>
<port>5671</port>
<enabled>true</enabled>
<sslOnly>false</sslOnly>
<keyStorePath>/path/to/qpid/java/test-profiles/test_resources/ssl/java_broker_keystore.jks</keyStorePath>
<keyStorePassword>password</keyStorePassword>
</ssl>
...etc
For the client side I used two examples based on those at
http://www.rabbitmq.com/ssl.html, the first of which doesnt specify a
truststore and a second which does:
RabbitExample.java
==============
import java.io.*;
import java.security.*;
import javax.net.ssl.*;
import com.rabbitmq.client.*;
public class RabbitExample
{
public static void main(String[] args) throws Exception
{
ConnectionFactory factory = new ConnectionFactory();
factory.setHost("localhost");
factory.setPort(5671);
factory.useSslProtocol("TLS"); //Using just
factory.useSslProtocol(); works equally well here.
Connection conn = factory.newConnection();
Channel channel = conn.createChannel();
channel.queueDeclare("rabbitmq-java-test", false, true, true, null);
channel.basicPublish("", "rabbitmq-java-test", null, "Hello,
World".getBytes());
GetResponse chResponse = channel.basicGet("rabbitmq-java-test", false);
if(chResponse == null) {
System.out.println("No message retrieved");
} else {
byte[] body = chResponse.getBody();
System.out.println("Recieved: " + new String(body));
}
channel.close();
conn.close();
}
}
ExpandedRabbitExample.java
=====================
import java.io.*;
import java.security.*;
import javax.net.ssl.*;
import com.rabbitmq.client.*;
public class ExpandedRabbitExample
{
private static final String TRUSTSTORE =
"/path/to/qpid/java/test-profiles/test_resources/ssl/java_client_truststore.jks";
private static final String TRUSTSTORE_PASSWORD = "password";
public static void main(String[] args) throws Exception
{
KeyStore tks = KeyStore.getInstance("JKS");
tks.load(new FileInputStream(TRUSTSTORE),
TRUSTSTORE_PASSWORD.toCharArray());
TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
tmf.init(tks);
SSLContext c = SSLContext.getInstance("TLS");
c.init(null, tmf.getTrustManagers(), null);
ConnectionFactory factory = new ConnectionFactory();
factory.setHost("localhost");
factory.setPort(5671);
factory.useSslProtocol(c);
Connection conn = factory.newConnection();
Channel channel = conn.createChannel();
channel.queueDeclare("rabbitmq-java-test", false, true, true, null);
channel.basicPublish("", "rabbitmq-java-test", null, "Hello,
World".getBytes());
GetResponse chResponse = channel.basicGet("rabbitmq-java-test", false);
if(chResponse == null) {
System.out.println("No message retrieved");
} else {
byte[] body = chResponse.getBody();
System.out.println("Recieved: " + new String(body));
}
channel.close();
conn.close();
}
}
If you cant get the above working, it would be good if you turned on
SSL debug logging to get more information by setting the
'javax.net.debug' system property to 'ssl' for both the client and
broker (for which you can export "-Djavax.net.debug=ssl" into the
JAVA_OPTS environment variable before startup to pass the value),
which will cause them to emit SSL logging to stdout.
Robbie
On 13 November 2011 00:52, Joe Porto <Jo...@agilex.com> wrote:
> Hmm I tried this again (this time with the trunk version of qpid) with the same problem (socket times out)… I put the broker_keystore path in the config file…. Did you? Can you list the steps you did to make this work? And the code you're using on the client?
>
>
> Joe
> ________________________________________
> From: Robbie Gemmell [robbie.gemmell@gmail.com]
> Sent: Friday, November 11, 2011 6:03 PM
> To: users@qpid.apache.org
> Subject: Re: SSL connection problems from rabbitMQ client
>
> On 11 November 2011 22:13, Joe Porto <Jo...@agilex.com> wrote:
>> I'm assuming you imported those files into your keystore…. When I do that, I'm getting the following error:
>>
>
> Which files? The test ones I mentioned from our repo? Those already
> are keystore files, with our test certificates/keys/cacerts imported
> as necessary, so you dont need to do anything to them to use them for
> testing.
>
> My comments about importing were directed at the guide you linked to,
> which says nothing about Java keystores because it seems to be for
> configuring an HTTPD installation and therefore the files created by
> it certainly wont work as-is.
>
>> Certificate not imported, alias <RootCA> already exists
>>
>> I've tried running: keytool -delete -alias RootCA
>>
>> But, I get an exception: keystore file does not exist….. I've been messing around with trying to tell it which keystore, but I don't know which keystore it's complaining about?
>>
>> Keystore –list returns an error saying keystore file does not exist… (and the path to follow doesn't exist…)
>>
>
> You dont appear to be telling it any keystore file location (
> -keystore <store>) in the above commands, so I imagine it is just
> looking in the default location as a result?
>
> This isnt a process we have documented since there are a wealth of
> different options to choose from, everyones needs are slightly
> different, and the various component parts of [self signed] SSL
> certificates and Java with SSL are documented to death elsewhere
> already...but perhaps we need to.
>
>> Joe
>>
>> From: Robbie Gemmell <ro...@gmail.com>>
>> Date: Thu, 10 Nov 2011 18:10:53 -0500
>> To: Joe Porto <jo...@agilex.com>>
>> Cc: "users@qpid.apache.org<ma...@qpid.apache.org>" <us...@qpid.apache.org>>
>> Subject: Re: SSL connection problems from rabbitMQ client
>>
>> Are you just using the files created from that guide directly? If so
>> that could be the problem, since you need to import the certificate /
>> key into a truststore / keystore file before using them, e.g. using
>> the keytool command bundled with the JDK.
>>
>> Robbie
>>
>> On 10 November 2011 22:21, Joe Porto <Jo...@agilex.com>> wrote:
>> Ah I read your response too quickly! I enabled the use SSL setting to true
>> in the config.xml…and I used the keystore and truststore that I created
>> myself following this website:
>> http://www.akadia.com/services/ssh_test_certificate.html
>> I'll give the sample ones a shot…
>>
>> Joe
>>
>> From: Robbie Gemmell <ro...@gmail.com>>
>>
>> Date: Thu, 10 Nov 2011 16:48:32 -0500
>> To: Joe Porto <jo...@agilex.com>>
>> Cc: "users@qpid.apache.org<ma...@qpid.apache.org>" <us...@qpid.apache.org>>
>> Subject: Re: SSL connection problems from rabbitMQ client
>>
>> Erm, so was I ? :)
>> Robbie
>> On 10 November 2011 21:26, Joe Porto <Jo...@agilex.com>> wrote:
>>
>> I was using a Qpid Broker…
>> Joe
>> From: Robbie Gemmell <ro...@gmail.com>>
>> Date: Thu, 10 Nov 2011 16:20:54 -0500
>> To: Joe Porto <jo...@agilex.com>>
>> Cc: "users@qpid.apache.org<ma...@qpid.apache.org>" <us...@qpid.apache.org>>
>> Subject: Re: SSL connection problems from rabbitMQ client
>> Hi Joe,
>> I just tried out connecting the RabbitMQ client using SSL to the
>> latest trunk revision of the Java broker, and it seemed to work ok
>> (well, it did make me notice that when we changed IO layers for the
>> broker and some protocols for the client recently that we missed a
>> limitation of SSLSocket that mean ConnectionClose currently generates
>> a nice stacktrace...but other than that, it works). Deliberately
>> making the client connect to the brokers 'plain' port failed as
>> expected, as did setting the client not to use SSL and connecting it
>> to the brokers SSL port. As well as the simpler 'no verification'
>> example you were using, I used an exapanded example based on those at
>> http://www.rabbitmq.com/ssl.html (the Java broker doesnt currently
>> support validating client certificates so I removed those bits).
>> Could you share how you are configuring the broker, and creating your
>> certificates? I used the broker keystore and client truststore we use
>> in our tests, which are located at
>> qpid/java/test-profiles/test_resources/ssl/java_broker_keystore.jks
>> and qpid/java/test-profiles/test_resources/ssl/java_client_truststore.jks
>> in a checkout of our trunk
>> (http://svn.apache.org/repos/asf/qpid/trunk/)
>> Regards,
>> Robbie
>> On 9 November 2011 20:45, Joe Porto <Jo...@agilex.com>> wrote:
>> I don't know… only have been playing with the qpid broker….
>> From: Robbie Gemmell <ro...@gmail.com>>
>> Date: Wed, 9 Nov 2011 15:44:04 -0500
>> To: "users@qpid.apache.org<ma...@qpid.apache.org>" <us...@qpid.apache.org>>
>> Cc: Joe Porto <jo...@agilex.com>>
>> Subject: Re: SSL connection problems from rabbitMQ client
>> Interesting. This isnt a combination that I have tried before, but I
>> dont know any obvious reason it wouldnt work. I will try to take a
>> look at it, but it isnt likely to be for a few days at best. The
>> default example broker config was changed to use port 5671 because
>> that is the assigned port for AMQP + SSL, I dont know where the number
>> previously [not] used in the config came from.
>> Out of interest, do you know if the client SSL example works ok when
>> using the RabbitMQ broker?
>> Robbie
>> On 8 November 2011 20:55, Joe Porto <Jo...@agilex.com>> wrote:
>> Hi Robbie,
>> Thanks for the quick feedback. I installed the .15 version and enabled the
>> configuration to use SSL (interesting they changed the port to 5671). It
>> still fails from the client side at the same point (when it's trying to send
>> the header) , but this time it doesn't throw an error in the server log.
>> Thoughts?
>> Joe
>> From: Robbie Gemmell <ro...@gmail.com>>
>> Reply-To: "users@qpid.apache.org<ma...@qpid.apache.org>" <us...@qpid.apache.org>>
>> Date: Tue, 8 Nov 2011 15:16:04 -0500
>> To: "users@qpid.apache.org<ma...@qpid.apache.org>" <us...@qpid.apache.org>>
>> Subject: Re: SSL connection problems from rabbitMQ client
>> Put simply, SSL support in the broker wasnt functional until after
>> 0.12 was finalised. It was fixed as part of the development stream for
>> 0.14, which branched from trunk a few days ago for release in around a
>> month.
>> You will need to use a non-release version if you want to make it work
>> in the mean time. You can get a nightly release build of the current
>> trunk broker at the following URL if you want to at least try it out:
>> https://builds.apache.org/view/M-R/view/Qpid/job/Qpid-Java-Release/lastSuccessfulBuild/artifact/trunk/qpid/java/broker/release/
>> Robbie
>> On 8 November 2011 19:42, Joe Porto <Jo...@agilex.com>> wrote:
>> I am running the .12 release of a java qpid broker. I am trying to access
>> it via a rabbitmq java client. When not using SSL, this works well and I am
>> able to send and receive a msg on the client. When I enable SSL and try to
>> connect to the SSL port on the broker, I get a SocketTimeOutException on the
>> client side. Tracing through the rabbitMQ code – it looks like this occurs
>> when the client tries sending just the AMQP header. On the qpid broker,
>> this error is thrown in the log:
>> ERROR [MINANetworkDriver(Acceptor)-15] (MINANetworkDriver.java:315) -
>> Exception thrown and no ProtocolEngine to handle it
>> java.lang.NullPointerException
>> at
>> org.apache.qpid.transport.network.mina.MINANetworkDriver.messageReceived(MINANetworkDriver.java:337)
>> at
>> org.apache.mina.common.support.AbstractIoFilterChain$TailFilter.messageReceived(AbstractIoFilterChain.java:703)
>> at
>> org.apache.mina.common.support.AbstractIoFilterChain.callNextMessageReceived(AbstractIoFilterChain.java:362)
>> at
>> org.apache.mina.common.support.AbstractIoFilterChain.access$1200(AbstractIoFilterChain.java:54)
>> at
>> org.apache.mina.common.support.AbstractIoFilterChain$EntryImpl$1.messageReceived(AbstractIoFilterChain.java:800)
>> at
>> org.apache.mina.filter.executor.ExecutorFilter.processEvent(ExecutorFilter.java:243)
>> at
>> org.apache.mina.filter.executor.ExecutorFilter$ProcessEventsRunnable.run(ExecutorFilter.java:305)
>> at
>> edu.emory.mathcs.backport.java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:665)
>> at
>> edu.emory.mathcs.backport.java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:690)
>> at java.lang.Thread.run(Thread.java:680)
>> ---------------------------
>> My sample client code looks like this: (the client hangs on
>> factory.newConnection();, and eventually the socket times out)
>> ConnectionFactory factory = new ConnectionFactory();
>> factory.setHost("10.1.21.21");
>> factory.setPort(8672);
>> factory.setVirtualHost("10.1.21.21");
>> factory.useSslProtocol("TLS");
>> Connection conn = factory.newConnection();
>> Channel channel = conn.createChannel();
>> …
>> ---------------------
>> Any help would be greatly appreciated!
>> -Joe
>> ---------------------------------------------------------------------
>> Apache Qpid - AMQP Messaging Implementation
>> Project: http://qpid.apache.org
>> Use/Interact: mailto:users-subscribe@qpid.apache.org
>>
>>
>>
>>
>>
>>
>>
>
> ---------------------------------------------------------------------
> Apache Qpid - AMQP Messaging Implementation
> Project: http://qpid.apache.org
> Use/Interact: mailto:users-subscribe@qpid.apache.org
>
>
> ---------------------------------------------------------------------
> Apache Qpid - AMQP Messaging Implementation
> Project: http://qpid.apache.org
> Use/Interact: mailto:users-subscribe@qpid.apache.org
>
>
---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project: http://qpid.apache.org
Use/Interact: mailto:users-subscribe@qpid.apache.org
---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project: http://qpid.apache.org
Use/Interact: mailto:users-subscribe@qpid.apache.org
Re: SSL connection problems from rabbitMQ client
Posted by Robbie Gemmell <ro...@gmail.com>.
Hi Joe,
For the broker side I edited the etc/config.xml file as follows:
1. Enable SSL by setting connector.ssl.enabled to true.
2. Give the keystore path via connector.ssl.keyStorePath
3. Give the keystore password via connector.ssl.keyStorePassword (I
admitedly forgot to tell you that its 'password' for those keystore
files, but it complains about that if its wrong).
Giving the following (replacing /path/to as appropriate):
...
<connector>
<ssl>
<port>5671</port>
<enabled>true</enabled>
<sslOnly>false</sslOnly>
<keyStorePath>/path/to/qpid/java/test-profiles/test_resources/ssl/java_broker_keystore.jks</keyStorePath>
<keyStorePassword>password</keyStorePassword>
</ssl>
...etc
For the client side I used two examples based on those at
http://www.rabbitmq.com/ssl.html, the first of which doesnt specify a
truststore and a second which does:
RabbitExample.java
==============
import java.io.*;
import java.security.*;
import javax.net.ssl.*;
import com.rabbitmq.client.*;
public class RabbitExample
{
public static void main(String[] args) throws Exception
{
ConnectionFactory factory = new ConnectionFactory();
factory.setHost("localhost");
factory.setPort(5671);
factory.useSslProtocol("TLS"); //Using just
factory.useSslProtocol(); works equally well here.
Connection conn = factory.newConnection();
Channel channel = conn.createChannel();
channel.queueDeclare("rabbitmq-java-test", false, true, true, null);
channel.basicPublish("", "rabbitmq-java-test", null, "Hello,
World".getBytes());
GetResponse chResponse = channel.basicGet("rabbitmq-java-test", false);
if(chResponse == null) {
System.out.println("No message retrieved");
} else {
byte[] body = chResponse.getBody();
System.out.println("Recieved: " + new String(body));
}
channel.close();
conn.close();
}
}
ExpandedRabbitExample.java
=====================
import java.io.*;
import java.security.*;
import javax.net.ssl.*;
import com.rabbitmq.client.*;
public class ExpandedRabbitExample
{
private static final String TRUSTSTORE =
"/path/to/qpid/java/test-profiles/test_resources/ssl/java_client_truststore.jks";
private static final String TRUSTSTORE_PASSWORD = "password";
public static void main(String[] args) throws Exception
{
KeyStore tks = KeyStore.getInstance("JKS");
tks.load(new FileInputStream(TRUSTSTORE),
TRUSTSTORE_PASSWORD.toCharArray());
TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
tmf.init(tks);
SSLContext c = SSLContext.getInstance("TLS");
c.init(null, tmf.getTrustManagers(), null);
ConnectionFactory factory = new ConnectionFactory();
factory.setHost("localhost");
factory.setPort(5671);
factory.useSslProtocol(c);
Connection conn = factory.newConnection();
Channel channel = conn.createChannel();
channel.queueDeclare("rabbitmq-java-test", false, true, true, null);
channel.basicPublish("", "rabbitmq-java-test", null, "Hello,
World".getBytes());
GetResponse chResponse = channel.basicGet("rabbitmq-java-test", false);
if(chResponse == null) {
System.out.println("No message retrieved");
} else {
byte[] body = chResponse.getBody();
System.out.println("Recieved: " + new String(body));
}
channel.close();
conn.close();
}
}
If you cant get the above working, it would be good if you turned on
SSL debug logging to get more information by setting the
'javax.net.debug' system property to 'ssl' for both the client and
broker (for which you can export "-Djavax.net.debug=ssl" into the
JAVA_OPTS environment variable before startup to pass the value),
which will cause them to emit SSL logging to stdout.
Robbie
On 13 November 2011 00:52, Joe Porto <Jo...@agilex.com> wrote:
> Hmm I tried this again (this time with the trunk version of qpid) with the same problem (socket times out)… I put the broker_keystore path in the config file…. Did you? Can you list the steps you did to make this work? And the code you're using on the client?
>
>
> Joe
> ________________________________________
> From: Robbie Gemmell [robbie.gemmell@gmail.com]
> Sent: Friday, November 11, 2011 6:03 PM
> To: users@qpid.apache.org
> Subject: Re: SSL connection problems from rabbitMQ client
>
> On 11 November 2011 22:13, Joe Porto <Jo...@agilex.com> wrote:
>> I'm assuming you imported those files into your keystore…. When I do that, I'm getting the following error:
>>
>
> Which files? The test ones I mentioned from our repo? Those already
> are keystore files, with our test certificates/keys/cacerts imported
> as necessary, so you dont need to do anything to them to use them for
> testing.
>
> My comments about importing were directed at the guide you linked to,
> which says nothing about Java keystores because it seems to be for
> configuring an HTTPD installation and therefore the files created by
> it certainly wont work as-is.
>
>> Certificate not imported, alias <RootCA> already exists
>>
>> I've tried running: keytool -delete -alias RootCA
>>
>> But, I get an exception: keystore file does not exist….. I've been messing around with trying to tell it which keystore, but I don't know which keystore it's complaining about?
>>
>> Keystore –list returns an error saying keystore file does not exist… (and the path to follow doesn't exist…)
>>
>
> You dont appear to be telling it any keystore file location (
> -keystore <store>) in the above commands, so I imagine it is just
> looking in the default location as a result?
>
> This isnt a process we have documented since there are a wealth of
> different options to choose from, everyones needs are slightly
> different, and the various component parts of [self signed] SSL
> certificates and Java with SSL are documented to death elsewhere
> already...but perhaps we need to.
>
>> Joe
>>
>> From: Robbie Gemmell <ro...@gmail.com>>
>> Date: Thu, 10 Nov 2011 18:10:53 -0500
>> To: Joe Porto <jo...@agilex.com>>
>> Cc: "users@qpid.apache.org<ma...@qpid.apache.org>" <us...@qpid.apache.org>>
>> Subject: Re: SSL connection problems from rabbitMQ client
>>
>> Are you just using the files created from that guide directly? If so
>> that could be the problem, since you need to import the certificate /
>> key into a truststore / keystore file before using them, e.g. using
>> the keytool command bundled with the JDK.
>>
>> Robbie
>>
>> On 10 November 2011 22:21, Joe Porto <Jo...@agilex.com>> wrote:
>> Ah I read your response too quickly! I enabled the use SSL setting to true
>> in the config.xml…and I used the keystore and truststore that I created
>> myself following this website:
>> http://www.akadia.com/services/ssh_test_certificate.html
>> I'll give the sample ones a shot…
>>
>> Joe
>>
>> From: Robbie Gemmell <ro...@gmail.com>>
>>
>> Date: Thu, 10 Nov 2011 16:48:32 -0500
>> To: Joe Porto <jo...@agilex.com>>
>> Cc: "users@qpid.apache.org<ma...@qpid.apache.org>" <us...@qpid.apache.org>>
>> Subject: Re: SSL connection problems from rabbitMQ client
>>
>> Erm, so was I ? :)
>> Robbie
>> On 10 November 2011 21:26, Joe Porto <Jo...@agilex.com>> wrote:
>>
>> I was using a Qpid Broker…
>> Joe
>> From: Robbie Gemmell <ro...@gmail.com>>
>> Date: Thu, 10 Nov 2011 16:20:54 -0500
>> To: Joe Porto <jo...@agilex.com>>
>> Cc: "users@qpid.apache.org<ma...@qpid.apache.org>" <us...@qpid.apache.org>>
>> Subject: Re: SSL connection problems from rabbitMQ client
>> Hi Joe,
>> I just tried out connecting the RabbitMQ client using SSL to the
>> latest trunk revision of the Java broker, and it seemed to work ok
>> (well, it did make me notice that when we changed IO layers for the
>> broker and some protocols for the client recently that we missed a
>> limitation of SSLSocket that mean ConnectionClose currently generates
>> a nice stacktrace...but other than that, it works). Deliberately
>> making the client connect to the brokers 'plain' port failed as
>> expected, as did setting the client not to use SSL and connecting it
>> to the brokers SSL port. As well as the simpler 'no verification'
>> example you were using, I used an exapanded example based on those at
>> http://www.rabbitmq.com/ssl.html (the Java broker doesnt currently
>> support validating client certificates so I removed those bits).
>> Could you share how you are configuring the broker, and creating your
>> certificates? I used the broker keystore and client truststore we use
>> in our tests, which are located at
>> qpid/java/test-profiles/test_resources/ssl/java_broker_keystore.jks
>> and qpid/java/test-profiles/test_resources/ssl/java_client_truststore.jks
>> in a checkout of our trunk
>> (http://svn.apache.org/repos/asf/qpid/trunk/)
>> Regards,
>> Robbie
>> On 9 November 2011 20:45, Joe Porto <Jo...@agilex.com>> wrote:
>> I don't know… only have been playing with the qpid broker….
>> From: Robbie Gemmell <ro...@gmail.com>>
>> Date: Wed, 9 Nov 2011 15:44:04 -0500
>> To: "users@qpid.apache.org<ma...@qpid.apache.org>" <us...@qpid.apache.org>>
>> Cc: Joe Porto <jo...@agilex.com>>
>> Subject: Re: SSL connection problems from rabbitMQ client
>> Interesting. This isnt a combination that I have tried before, but I
>> dont know any obvious reason it wouldnt work. I will try to take a
>> look at it, but it isnt likely to be for a few days at best. The
>> default example broker config was changed to use port 5671 because
>> that is the assigned port for AMQP + SSL, I dont know where the number
>> previously [not] used in the config came from.
>> Out of interest, do you know if the client SSL example works ok when
>> using the RabbitMQ broker?
>> Robbie
>> On 8 November 2011 20:55, Joe Porto <Jo...@agilex.com>> wrote:
>> Hi Robbie,
>> Thanks for the quick feedback. I installed the .15 version and enabled the
>> configuration to use SSL (interesting they changed the port to 5671). It
>> still fails from the client side at the same point (when it's trying to send
>> the header) , but this time it doesn't throw an error in the server log.
>> Thoughts?
>> Joe
>> From: Robbie Gemmell <ro...@gmail.com>>
>> Reply-To: "users@qpid.apache.org<ma...@qpid.apache.org>" <us...@qpid.apache.org>>
>> Date: Tue, 8 Nov 2011 15:16:04 -0500
>> To: "users@qpid.apache.org<ma...@qpid.apache.org>" <us...@qpid.apache.org>>
>> Subject: Re: SSL connection problems from rabbitMQ client
>> Put simply, SSL support in the broker wasnt functional until after
>> 0.12 was finalised. It was fixed as part of the development stream for
>> 0.14, which branched from trunk a few days ago for release in around a
>> month.
>> You will need to use a non-release version if you want to make it work
>> in the mean time. You can get a nightly release build of the current
>> trunk broker at the following URL if you want to at least try it out:
>> https://builds.apache.org/view/M-R/view/Qpid/job/Qpid-Java-Release/lastSuccessfulBuild/artifact/trunk/qpid/java/broker/release/
>> Robbie
>> On 8 November 2011 19:42, Joe Porto <Jo...@agilex.com>> wrote:
>> I am running the .12 release of a java qpid broker. I am trying to access
>> it via a rabbitmq java client. When not using SSL, this works well and I am
>> able to send and receive a msg on the client. When I enable SSL and try to
>> connect to the SSL port on the broker, I get a SocketTimeOutException on the
>> client side. Tracing through the rabbitMQ code – it looks like this occurs
>> when the client tries sending just the AMQP header. On the qpid broker,
>> this error is thrown in the log:
>> ERROR [MINANetworkDriver(Acceptor)-15] (MINANetworkDriver.java:315) -
>> Exception thrown and no ProtocolEngine to handle it
>> java.lang.NullPointerException
>> at
>> org.apache.qpid.transport.network.mina.MINANetworkDriver.messageReceived(MINANetworkDriver.java:337)
>> at
>> org.apache.mina.common.support.AbstractIoFilterChain$TailFilter.messageReceived(AbstractIoFilterChain.java:703)
>> at
>> org.apache.mina.common.support.AbstractIoFilterChain.callNextMessageReceived(AbstractIoFilterChain.java:362)
>> at
>> org.apache.mina.common.support.AbstractIoFilterChain.access$1200(AbstractIoFilterChain.java:54)
>> at
>> org.apache.mina.common.support.AbstractIoFilterChain$EntryImpl$1.messageReceived(AbstractIoFilterChain.java:800)
>> at
>> org.apache.mina.filter.executor.ExecutorFilter.processEvent(ExecutorFilter.java:243)
>> at
>> org.apache.mina.filter.executor.ExecutorFilter$ProcessEventsRunnable.run(ExecutorFilter.java:305)
>> at
>> edu.emory.mathcs.backport.java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:665)
>> at
>> edu.emory.mathcs.backport.java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:690)
>> at java.lang.Thread.run(Thread.java:680)
>> ---------------------------
>> My sample client code looks like this: (the client hangs on
>> factory.newConnection();, and eventually the socket times out)
>> ConnectionFactory factory = new ConnectionFactory();
>> factory.setHost("10.1.21.21");
>> factory.setPort(8672);
>> factory.setVirtualHost("10.1.21.21");
>> factory.useSslProtocol("TLS");
>> Connection conn = factory.newConnection();
>> Channel channel = conn.createChannel();
>> …
>> ---------------------
>> Any help would be greatly appreciated!
>> -Joe
>> ---------------------------------------------------------------------
>> Apache Qpid - AMQP Messaging Implementation
>> Project: http://qpid.apache.org
>> Use/Interact: mailto:users-subscribe@qpid.apache.org
>>
>>
>>
>>
>>
>>
>>
>
> ---------------------------------------------------------------------
> Apache Qpid - AMQP Messaging Implementation
> Project: http://qpid.apache.org
> Use/Interact: mailto:users-subscribe@qpid.apache.org
>
>
> ---------------------------------------------------------------------
> Apache Qpid - AMQP Messaging Implementation
> Project: http://qpid.apache.org
> Use/Interact: mailto:users-subscribe@qpid.apache.org
>
>
---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project: http://qpid.apache.org
Use/Interact: mailto:users-subscribe@qpid.apache.org
RE: SSL connection problems from rabbitMQ client
Posted by Joe Porto <Jo...@agilex.com>.
Hmm I tried this again (this time with the trunk version of qpid) with the same problem (socket times out)… I put the broker_keystore path in the config file…. Did you? Can you list the steps you did to make this work? And the code you're using on the client?
Joe
________________________________________
From: Robbie Gemmell [robbie.gemmell@gmail.com]
Sent: Friday, November 11, 2011 6:03 PM
To: users@qpid.apache.org
Subject: Re: SSL connection problems from rabbitMQ client
On 11 November 2011 22:13, Joe Porto <Jo...@agilex.com> wrote:
> I'm assuming you imported those files into your keystore…. When I do that, I'm getting the following error:
>
Which files? The test ones I mentioned from our repo? Those already
are keystore files, with our test certificates/keys/cacerts imported
as necessary, so you dont need to do anything to them to use them for
testing.
My comments about importing were directed at the guide you linked to,
which says nothing about Java keystores because it seems to be for
configuring an HTTPD installation and therefore the files created by
it certainly wont work as-is.
> Certificate not imported, alias <RootCA> already exists
>
> I've tried running: keytool -delete -alias RootCA
>
> But, I get an exception: keystore file does not exist….. I've been messing around with trying to tell it which keystore, but I don't know which keystore it's complaining about?
>
> Keystore –list returns an error saying keystore file does not exist… (and the path to follow doesn't exist…)
>
You dont appear to be telling it any keystore file location (
-keystore <store>) in the above commands, so I imagine it is just
looking in the default location as a result?
This isnt a process we have documented since there are a wealth of
different options to choose from, everyones needs are slightly
different, and the various component parts of [self signed] SSL
certificates and Java with SSL are documented to death elsewhere
already...but perhaps we need to.
> Joe
>
> From: Robbie Gemmell <ro...@gmail.com>>
> Date: Thu, 10 Nov 2011 18:10:53 -0500
> To: Joe Porto <jo...@agilex.com>>
> Cc: "users@qpid.apache.org<ma...@qpid.apache.org>" <us...@qpid.apache.org>>
> Subject: Re: SSL connection problems from rabbitMQ client
>
> Are you just using the files created from that guide directly? If so
> that could be the problem, since you need to import the certificate /
> key into a truststore / keystore file before using them, e.g. using
> the keytool command bundled with the JDK.
>
> Robbie
>
> On 10 November 2011 22:21, Joe Porto <Jo...@agilex.com>> wrote:
> Ah I read your response too quickly! I enabled the use SSL setting to true
> in the config.xml…and I used the keystore and truststore that I created
> myself following this website:
> http://www.akadia.com/services/ssh_test_certificate.html
> I'll give the sample ones a shot…
>
> Joe
>
> From: Robbie Gemmell <ro...@gmail.com>>
>
> Date: Thu, 10 Nov 2011 16:48:32 -0500
> To: Joe Porto <jo...@agilex.com>>
> Cc: "users@qpid.apache.org<ma...@qpid.apache.org>" <us...@qpid.apache.org>>
> Subject: Re: SSL connection problems from rabbitMQ client
>
> Erm, so was I ? :)
> Robbie
> On 10 November 2011 21:26, Joe Porto <Jo...@agilex.com>> wrote:
>
> I was using a Qpid Broker…
> Joe
> From: Robbie Gemmell <ro...@gmail.com>>
> Date: Thu, 10 Nov 2011 16:20:54 -0500
> To: Joe Porto <jo...@agilex.com>>
> Cc: "users@qpid.apache.org<ma...@qpid.apache.org>" <us...@qpid.apache.org>>
> Subject: Re: SSL connection problems from rabbitMQ client
> Hi Joe,
> I just tried out connecting the RabbitMQ client using SSL to the
> latest trunk revision of the Java broker, and it seemed to work ok
> (well, it did make me notice that when we changed IO layers for the
> broker and some protocols for the client recently that we missed a
> limitation of SSLSocket that mean ConnectionClose currently generates
> a nice stacktrace...but other than that, it works). Deliberately
> making the client connect to the brokers 'plain' port failed as
> expected, as did setting the client not to use SSL and connecting it
> to the brokers SSL port. As well as the simpler 'no verification'
> example you were using, I used an exapanded example based on those at
> http://www.rabbitmq.com/ssl.html (the Java broker doesnt currently
> support validating client certificates so I removed those bits).
> Could you share how you are configuring the broker, and creating your
> certificates? I used the broker keystore and client truststore we use
> in our tests, which are located at
> qpid/java/test-profiles/test_resources/ssl/java_broker_keystore.jks
> and qpid/java/test-profiles/test_resources/ssl/java_client_truststore.jks
> in a checkout of our trunk
> (http://svn.apache.org/repos/asf/qpid/trunk/)
> Regards,
> Robbie
> On 9 November 2011 20:45, Joe Porto <Jo...@agilex.com>> wrote:
> I don't know… only have been playing with the qpid broker….
> From: Robbie Gemmell <ro...@gmail.com>>
> Date: Wed, 9 Nov 2011 15:44:04 -0500
> To: "users@qpid.apache.org<ma...@qpid.apache.org>" <us...@qpid.apache.org>>
> Cc: Joe Porto <jo...@agilex.com>>
> Subject: Re: SSL connection problems from rabbitMQ client
> Interesting. This isnt a combination that I have tried before, but I
> dont know any obvious reason it wouldnt work. I will try to take a
> look at it, but it isnt likely to be for a few days at best. The
> default example broker config was changed to use port 5671 because
> that is the assigned port for AMQP + SSL, I dont know where the number
> previously [not] used in the config came from.
> Out of interest, do you know if the client SSL example works ok when
> using the RabbitMQ broker?
> Robbie
> On 8 November 2011 20:55, Joe Porto <Jo...@agilex.com>> wrote:
> Hi Robbie,
> Thanks for the quick feedback. I installed the .15 version and enabled the
> configuration to use SSL (interesting they changed the port to 5671). It
> still fails from the client side at the same point (when it's trying to send
> the header) , but this time it doesn't throw an error in the server log.
> Thoughts?
> Joe
> From: Robbie Gemmell <ro...@gmail.com>>
> Reply-To: "users@qpid.apache.org<ma...@qpid.apache.org>" <us...@qpid.apache.org>>
> Date: Tue, 8 Nov 2011 15:16:04 -0500
> To: "users@qpid.apache.org<ma...@qpid.apache.org>" <us...@qpid.apache.org>>
> Subject: Re: SSL connection problems from rabbitMQ client
> Put simply, SSL support in the broker wasnt functional until after
> 0.12 was finalised. It was fixed as part of the development stream for
> 0.14, which branched from trunk a few days ago for release in around a
> month.
> You will need to use a non-release version if you want to make it work
> in the mean time. You can get a nightly release build of the current
> trunk broker at the following URL if you want to at least try it out:
> https://builds.apache.org/view/M-R/view/Qpid/job/Qpid-Java-Release/lastSuccessfulBuild/artifact/trunk/qpid/java/broker/release/
> Robbie
> On 8 November 2011 19:42, Joe Porto <Jo...@agilex.com>> wrote:
> I am running the .12 release of a java qpid broker. I am trying to access
> it via a rabbitmq java client. When not using SSL, this works well and I am
> able to send and receive a msg on the client. When I enable SSL and try to
> connect to the SSL port on the broker, I get a SocketTimeOutException on the
> client side. Tracing through the rabbitMQ code – it looks like this occurs
> when the client tries sending just the AMQP header. On the qpid broker,
> this error is thrown in the log:
> ERROR [MINANetworkDriver(Acceptor)-15] (MINANetworkDriver.java:315) -
> Exception thrown and no ProtocolEngine to handle it
> java.lang.NullPointerException
> at
> org.apache.qpid.transport.network.mina.MINANetworkDriver.messageReceived(MINANetworkDriver.java:337)
> at
> org.apache.mina.common.support.AbstractIoFilterChain$TailFilter.messageReceived(AbstractIoFilterChain.java:703)
> at
> org.apache.mina.common.support.AbstractIoFilterChain.callNextMessageReceived(AbstractIoFilterChain.java:362)
> at
> org.apache.mina.common.support.AbstractIoFilterChain.access$1200(AbstractIoFilterChain.java:54)
> at
> org.apache.mina.common.support.AbstractIoFilterChain$EntryImpl$1.messageReceived(AbstractIoFilterChain.java:800)
> at
> org.apache.mina.filter.executor.ExecutorFilter.processEvent(ExecutorFilter.java:243)
> at
> org.apache.mina.filter.executor.ExecutorFilter$ProcessEventsRunnable.run(ExecutorFilter.java:305)
> at
> edu.emory.mathcs.backport.java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:665)
> at
> edu.emory.mathcs.backport.java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:690)
> at java.lang.Thread.run(Thread.java:680)
> ---------------------------
> My sample client code looks like this: (the client hangs on
> factory.newConnection();, and eventually the socket times out)
> ConnectionFactory factory = new ConnectionFactory();
> factory.setHost("10.1.21.21");
> factory.setPort(8672);
> factory.setVirtualHost("10.1.21.21");
> factory.useSslProtocol("TLS");
> Connection conn = factory.newConnection();
> Channel channel = conn.createChannel();
> …
> ---------------------
> Any help would be greatly appreciated!
> -Joe
> ---------------------------------------------------------------------
> Apache Qpid - AMQP Messaging Implementation
> Project: http://qpid.apache.org
> Use/Interact: mailto:users-subscribe@qpid.apache.org
>
>
>
>
>
>
>
---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project: http://qpid.apache.org
Use/Interact: mailto:users-subscribe@qpid.apache.org
---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project: http://qpid.apache.org
Use/Interact: mailto:users-subscribe@qpid.apache.org
Re: SSL connection problems from rabbitMQ client
Posted by Robbie Gemmell <ro...@gmail.com>.
On 11 November 2011 22:13, Joe Porto <Jo...@agilex.com> wrote:
> I'm assuming you imported those files into your keystore…. When I do that, I'm getting the following error:
>
Which files? The test ones I mentioned from our repo? Those already
are keystore files, with our test certificates/keys/cacerts imported
as necessary, so you dont need to do anything to them to use them for
testing.
My comments about importing were directed at the guide you linked to,
which says nothing about Java keystores because it seems to be for
configuring an HTTPD installation and therefore the files created by
it certainly wont work as-is.
> Certificate not imported, alias <RootCA> already exists
>
> I've tried running: keytool -delete -alias RootCA
>
> But, I get an exception: keystore file does not exist….. I've been messing around with trying to tell it which keystore, but I don't know which keystore it's complaining about?
>
> Keystore –list returns an error saying keystore file does not exist… (and the path to follow doesn't exist…)
>
You dont appear to be telling it any keystore file location (
-keystore <store>) in the above commands, so I imagine it is just
looking in the default location as a result?
This isnt a process we have documented since there are a wealth of
different options to choose from, everyones needs are slightly
different, and the various component parts of [self signed] SSL
certificates and Java with SSL are documented to death elsewhere
already...but perhaps we need to.
> Joe
>
> From: Robbie Gemmell <ro...@gmail.com>>
> Date: Thu, 10 Nov 2011 18:10:53 -0500
> To: Joe Porto <jo...@agilex.com>>
> Cc: "users@qpid.apache.org<ma...@qpid.apache.org>" <us...@qpid.apache.org>>
> Subject: Re: SSL connection problems from rabbitMQ client
>
> Are you just using the files created from that guide directly? If so
> that could be the problem, since you need to import the certificate /
> key into a truststore / keystore file before using them, e.g. using
> the keytool command bundled with the JDK.
>
> Robbie
>
> On 10 November 2011 22:21, Joe Porto <Jo...@agilex.com>> wrote:
> Ah I read your response too quickly! I enabled the use SSL setting to true
> in the config.xml…and I used the keystore and truststore that I created
> myself following this website:
> http://www.akadia.com/services/ssh_test_certificate.html
> I'll give the sample ones a shot…
>
> Joe
>
> From: Robbie Gemmell <ro...@gmail.com>>
>
> Date: Thu, 10 Nov 2011 16:48:32 -0500
> To: Joe Porto <jo...@agilex.com>>
> Cc: "users@qpid.apache.org<ma...@qpid.apache.org>" <us...@qpid.apache.org>>
> Subject: Re: SSL connection problems from rabbitMQ client
>
> Erm, so was I ? :)
> Robbie
> On 10 November 2011 21:26, Joe Porto <Jo...@agilex.com>> wrote:
>
> I was using a Qpid Broker…
> Joe
> From: Robbie Gemmell <ro...@gmail.com>>
> Date: Thu, 10 Nov 2011 16:20:54 -0500
> To: Joe Porto <jo...@agilex.com>>
> Cc: "users@qpid.apache.org<ma...@qpid.apache.org>" <us...@qpid.apache.org>>
> Subject: Re: SSL connection problems from rabbitMQ client
> Hi Joe,
> I just tried out connecting the RabbitMQ client using SSL to the
> latest trunk revision of the Java broker, and it seemed to work ok
> (well, it did make me notice that when we changed IO layers for the
> broker and some protocols for the client recently that we missed a
> limitation of SSLSocket that mean ConnectionClose currently generates
> a nice stacktrace...but other than that, it works). Deliberately
> making the client connect to the brokers 'plain' port failed as
> expected, as did setting the client not to use SSL and connecting it
> to the brokers SSL port. As well as the simpler 'no verification'
> example you were using, I used an exapanded example based on those at
> http://www.rabbitmq.com/ssl.html (the Java broker doesnt currently
> support validating client certificates so I removed those bits).
> Could you share how you are configuring the broker, and creating your
> certificates? I used the broker keystore and client truststore we use
> in our tests, which are located at
> qpid/java/test-profiles/test_resources/ssl/java_broker_keystore.jks
> and qpid/java/test-profiles/test_resources/ssl/java_client_truststore.jks
> in a checkout of our trunk
> (http://svn.apache.org/repos/asf/qpid/trunk/)
> Regards,
> Robbie
> On 9 November 2011 20:45, Joe Porto <Jo...@agilex.com>> wrote:
> I don't know… only have been playing with the qpid broker….
> From: Robbie Gemmell <ro...@gmail.com>>
> Date: Wed, 9 Nov 2011 15:44:04 -0500
> To: "users@qpid.apache.org<ma...@qpid.apache.org>" <us...@qpid.apache.org>>
> Cc: Joe Porto <jo...@agilex.com>>
> Subject: Re: SSL connection problems from rabbitMQ client
> Interesting. This isnt a combination that I have tried before, but I
> dont know any obvious reason it wouldnt work. I will try to take a
> look at it, but it isnt likely to be for a few days at best. The
> default example broker config was changed to use port 5671 because
> that is the assigned port for AMQP + SSL, I dont know where the number
> previously [not] used in the config came from.
> Out of interest, do you know if the client SSL example works ok when
> using the RabbitMQ broker?
> Robbie
> On 8 November 2011 20:55, Joe Porto <Jo...@agilex.com>> wrote:
> Hi Robbie,
> Thanks for the quick feedback. I installed the .15 version and enabled the
> configuration to use SSL (interesting they changed the port to 5671). It
> still fails from the client side at the same point (when it's trying to send
> the header) , but this time it doesn't throw an error in the server log.
> Thoughts?
> Joe
> From: Robbie Gemmell <ro...@gmail.com>>
> Reply-To: "users@qpid.apache.org<ma...@qpid.apache.org>" <us...@qpid.apache.org>>
> Date: Tue, 8 Nov 2011 15:16:04 -0500
> To: "users@qpid.apache.org<ma...@qpid.apache.org>" <us...@qpid.apache.org>>
> Subject: Re: SSL connection problems from rabbitMQ client
> Put simply, SSL support in the broker wasnt functional until after
> 0.12 was finalised. It was fixed as part of the development stream for
> 0.14, which branched from trunk a few days ago for release in around a
> month.
> You will need to use a non-release version if you want to make it work
> in the mean time. You can get a nightly release build of the current
> trunk broker at the following URL if you want to at least try it out:
> https://builds.apache.org/view/M-R/view/Qpid/job/Qpid-Java-Release/lastSuccessfulBuild/artifact/trunk/qpid/java/broker/release/
> Robbie
> On 8 November 2011 19:42, Joe Porto <Jo...@agilex.com>> wrote:
> I am running the .12 release of a java qpid broker. I am trying to access
> it via a rabbitmq java client. When not using SSL, this works well and I am
> able to send and receive a msg on the client. When I enable SSL and try to
> connect to the SSL port on the broker, I get a SocketTimeOutException on the
> client side. Tracing through the rabbitMQ code – it looks like this occurs
> when the client tries sending just the AMQP header. On the qpid broker,
> this error is thrown in the log:
> ERROR [MINANetworkDriver(Acceptor)-15] (MINANetworkDriver.java:315) -
> Exception thrown and no ProtocolEngine to handle it
> java.lang.NullPointerException
> at
> org.apache.qpid.transport.network.mina.MINANetworkDriver.messageReceived(MINANetworkDriver.java:337)
> at
> org.apache.mina.common.support.AbstractIoFilterChain$TailFilter.messageReceived(AbstractIoFilterChain.java:703)
> at
> org.apache.mina.common.support.AbstractIoFilterChain.callNextMessageReceived(AbstractIoFilterChain.java:362)
> at
> org.apache.mina.common.support.AbstractIoFilterChain.access$1200(AbstractIoFilterChain.java:54)
> at
> org.apache.mina.common.support.AbstractIoFilterChain$EntryImpl$1.messageReceived(AbstractIoFilterChain.java:800)
> at
> org.apache.mina.filter.executor.ExecutorFilter.processEvent(ExecutorFilter.java:243)
> at
> org.apache.mina.filter.executor.ExecutorFilter$ProcessEventsRunnable.run(ExecutorFilter.java:305)
> at
> edu.emory.mathcs.backport.java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:665)
> at
> edu.emory.mathcs.backport.java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:690)
> at java.lang.Thread.run(Thread.java:680)
> ---------------------------
> My sample client code looks like this: (the client hangs on
> factory.newConnection();, and eventually the socket times out)
> ConnectionFactory factory = new ConnectionFactory();
> factory.setHost("10.1.21.21");
> factory.setPort(8672);
> factory.setVirtualHost("10.1.21.21");
> factory.useSslProtocol("TLS");
> Connection conn = factory.newConnection();
> Channel channel = conn.createChannel();
> …
> ---------------------
> Any help would be greatly appreciated!
> -Joe
> ---------------------------------------------------------------------
> Apache Qpid - AMQP Messaging Implementation
> Project: http://qpid.apache.org
> Use/Interact: mailto:users-subscribe@qpid.apache.org
>
>
>
>
>
>
>
---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project: http://qpid.apache.org
Use/Interact: mailto:users-subscribe@qpid.apache.org
Re: SSL connection problems from rabbitMQ client
Posted by Joe Porto <Jo...@agilex.com>.
I'm assuming you imported those files into your keystore…. When I do that, I'm getting the following error:
Certificate not imported, alias <RootCA> already exists
I've tried running: keytool -delete -alias RootCA
But, I get an exception: keystore file does not exist….. I've been messing around with trying to tell it which keystore, but I don't know which keystore it's complaining about?
Keystore –list returns an error saying keystore file does not exist… (and the path to follow doesn't exist…)
Joe
From: Robbie Gemmell <ro...@gmail.com>>
Date: Thu, 10 Nov 2011 18:10:53 -0500
To: Joe Porto <jo...@agilex.com>>
Cc: "users@qpid.apache.org<ma...@qpid.apache.org>" <us...@qpid.apache.org>>
Subject: Re: SSL connection problems from rabbitMQ client
Are you just using the files created from that guide directly? If so
that could be the problem, since you need to import the certificate /
key into a truststore / keystore file before using them, e.g. using
the keytool command bundled with the JDK.
Robbie
On 10 November 2011 22:21, Joe Porto <Jo...@agilex.com>> wrote:
Ah I read your response too quickly! I enabled the use SSL setting to true
in the config.xml…and I used the keystore and truststore that I created
myself following this website:
http://www.akadia.com/services/ssh_test_certificate.html
I'll give the sample ones a shot…
Joe
From: Robbie Gemmell <ro...@gmail.com>>
Date: Thu, 10 Nov 2011 16:48:32 -0500
To: Joe Porto <jo...@agilex.com>>
Cc: "users@qpid.apache.org<ma...@qpid.apache.org>" <us...@qpid.apache.org>>
Subject: Re: SSL connection problems from rabbitMQ client
Erm, so was I ? :)
Robbie
On 10 November 2011 21:26, Joe Porto <Jo...@agilex.com>> wrote:
I was using a Qpid Broker…
Joe
From: Robbie Gemmell <ro...@gmail.com>>
Date: Thu, 10 Nov 2011 16:20:54 -0500
To: Joe Porto <jo...@agilex.com>>
Cc: "users@qpid.apache.org<ma...@qpid.apache.org>" <us...@qpid.apache.org>>
Subject: Re: SSL connection problems from rabbitMQ client
Hi Joe,
I just tried out connecting the RabbitMQ client using SSL to the
latest trunk revision of the Java broker, and it seemed to work ok
(well, it did make me notice that when we changed IO layers for the
broker and some protocols for the client recently that we missed a
limitation of SSLSocket that mean ConnectionClose currently generates
a nice stacktrace...but other than that, it works). Deliberately
making the client connect to the brokers 'plain' port failed as
expected, as did setting the client not to use SSL and connecting it
to the brokers SSL port. As well as the simpler 'no verification'
example you were using, I used an exapanded example based on those at
http://www.rabbitmq.com/ssl.html (the Java broker doesnt currently
support validating client certificates so I removed those bits).
Could you share how you are configuring the broker, and creating your
certificates? I used the broker keystore and client truststore we use
in our tests, which are located at
qpid/java/test-profiles/test_resources/ssl/java_broker_keystore.jks
and qpid/java/test-profiles/test_resources/ssl/java_client_truststore.jks
in a checkout of our trunk
(http://svn.apache.org/repos/asf/qpid/trunk/)
Regards,
Robbie
On 9 November 2011 20:45, Joe Porto <Jo...@agilex.com>> wrote:
I don't know… only have been playing with the qpid broker….
From: Robbie Gemmell <ro...@gmail.com>>
Date: Wed, 9 Nov 2011 15:44:04 -0500
To: "users@qpid.apache.org<ma...@qpid.apache.org>" <us...@qpid.apache.org>>
Cc: Joe Porto <jo...@agilex.com>>
Subject: Re: SSL connection problems from rabbitMQ client
Interesting. This isnt a combination that I have tried before, but I
dont know any obvious reason it wouldnt work. I will try to take a
look at it, but it isnt likely to be for a few days at best. The
default example broker config was changed to use port 5671 because
that is the assigned port for AMQP + SSL, I dont know where the number
previously [not] used in the config came from.
Out of interest, do you know if the client SSL example works ok when
using the RabbitMQ broker?
Robbie
On 8 November 2011 20:55, Joe Porto <Jo...@agilex.com>> wrote:
Hi Robbie,
Thanks for the quick feedback. I installed the .15 version and enabled the
configuration to use SSL (interesting they changed the port to 5671). It
still fails from the client side at the same point (when it's trying to send
the header) , but this time it doesn't throw an error in the server log.
Thoughts?
Joe
From: Robbie Gemmell <ro...@gmail.com>>
Reply-To: "users@qpid.apache.org<ma...@qpid.apache.org>" <us...@qpid.apache.org>>
Date: Tue, 8 Nov 2011 15:16:04 -0500
To: "users@qpid.apache.org<ma...@qpid.apache.org>" <us...@qpid.apache.org>>
Subject: Re: SSL connection problems from rabbitMQ client
Put simply, SSL support in the broker wasnt functional until after
0.12 was finalised. It was fixed as part of the development stream for
0.14, which branched from trunk a few days ago for release in around a
month.
You will need to use a non-release version if you want to make it work
in the mean time. You can get a nightly release build of the current
trunk broker at the following URL if you want to at least try it out:
https://builds.apache.org/view/M-R/view/Qpid/job/Qpid-Java-Release/lastSuccessfulBuild/artifact/trunk/qpid/java/broker/release/
Robbie
On 8 November 2011 19:42, Joe Porto <Jo...@agilex.com>> wrote:
I am running the .12 release of a java qpid broker. I am trying to access
it via a rabbitmq java client. When not using SSL, this works well and I am
able to send and receive a msg on the client. When I enable SSL and try to
connect to the SSL port on the broker, I get a SocketTimeOutException on the
client side. Tracing through the rabbitMQ code – it looks like this occurs
when the client tries sending just the AMQP header. On the qpid broker,
this error is thrown in the log:
ERROR [MINANetworkDriver(Acceptor)-15] (MINANetworkDriver.java:315) -
Exception thrown and no ProtocolEngine to handle it
java.lang.NullPointerException
at
org.apache.qpid.transport.network.mina.MINANetworkDriver.messageReceived(MINANetworkDriver.java:337)
at
org.apache.mina.common.support.AbstractIoFilterChain$TailFilter.messageReceived(AbstractIoFilterChain.java:703)
at
org.apache.mina.common.support.AbstractIoFilterChain.callNextMessageReceived(AbstractIoFilterChain.java:362)
at
org.apache.mina.common.support.AbstractIoFilterChain.access$1200(AbstractIoFilterChain.java:54)
at
org.apache.mina.common.support.AbstractIoFilterChain$EntryImpl$1.messageReceived(AbstractIoFilterChain.java:800)
at
org.apache.mina.filter.executor.ExecutorFilter.processEvent(ExecutorFilter.java:243)
at
org.apache.mina.filter.executor.ExecutorFilter$ProcessEventsRunnable.run(ExecutorFilter.java:305)
at
edu.emory.mathcs.backport.java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:665)
at
edu.emory.mathcs.backport.java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:690)
at java.lang.Thread.run(Thread.java:680)
---------------------------
My sample client code looks like this: (the client hangs on
factory.newConnection();, and eventually the socket times out)
ConnectionFactory factory = new ConnectionFactory();
factory.setHost("10.1.21.21");
factory.setPort(8672);
factory.setVirtualHost("10.1.21.21");
factory.useSslProtocol("TLS");
Connection conn = factory.newConnection();
Channel channel = conn.createChannel();
…
---------------------
Any help would be greatly appreciated!
-Joe
---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project: http://qpid.apache.org
Use/Interact: mailto:users-subscribe@qpid.apache.org
Re: SSL connection problems from rabbitMQ client
Posted by Robbie Gemmell <ro...@gmail.com>.
Are you just using the files created from that guide directly? If so
that could be the problem, since you need to import the certificate /
key into a truststore / keystore file before using them, e.g. using
the keytool command bundled with the JDK.
Robbie
On 10 November 2011 22:21, Joe Porto <Jo...@agilex.com> wrote:
> Ah I read your response too quickly! I enabled the use SSL setting to true
> in the config.xml…and I used the keystore and truststore that I created
> myself following this website:
> http://www.akadia.com/services/ssh_test_certificate.html
> I'll give the sample ones a shot…
>
> Joe
>
> From: Robbie Gemmell <ro...@gmail.com>
>
> Date: Thu, 10 Nov 2011 16:48:32 -0500
> To: Joe Porto <jo...@agilex.com>
> Cc: "users@qpid.apache.org" <us...@qpid.apache.org>
> Subject: Re: SSL connection problems from rabbitMQ client
>
> Erm, so was I ? :)
> Robbie
> On 10 November 2011 21:26, Joe Porto <Jo...@agilex.com> wrote:
>
> I was using a Qpid Broker…
> Joe
> From: Robbie Gemmell <ro...@gmail.com>
> Date: Thu, 10 Nov 2011 16:20:54 -0500
> To: Joe Porto <jo...@agilex.com>
> Cc: "users@qpid.apache.org" <us...@qpid.apache.org>
> Subject: Re: SSL connection problems from rabbitMQ client
> Hi Joe,
> I just tried out connecting the RabbitMQ client using SSL to the
> latest trunk revision of the Java broker, and it seemed to work ok
> (well, it did make me notice that when we changed IO layers for the
> broker and some protocols for the client recently that we missed a
> limitation of SSLSocket that mean ConnectionClose currently generates
> a nice stacktrace...but other than that, it works). Deliberately
> making the client connect to the brokers 'plain' port failed as
> expected, as did setting the client not to use SSL and connecting it
> to the brokers SSL port. As well as the simpler 'no verification'
> example you were using, I used an exapanded example based on those at
> http://www.rabbitmq.com/ssl.html (the Java broker doesnt currently
> support validating client certificates so I removed those bits).
> Could you share how you are configuring the broker, and creating your
> certificates? I used the broker keystore and client truststore we use
> in our tests, which are located at
> qpid/java/test-profiles/test_resources/ssl/java_broker_keystore.jks
> and qpid/java/test-profiles/test_resources/ssl/java_client_truststore.jks
> in a checkout of our trunk
> (http://svn.apache.org/repos/asf/qpid/trunk/)
> Regards,
> Robbie
> On 9 November 2011 20:45, Joe Porto <Jo...@agilex.com> wrote:
> I don't know… only have been playing with the qpid broker….
> From: Robbie Gemmell <ro...@gmail.com>
> Date: Wed, 9 Nov 2011 15:44:04 -0500
> To: "users@qpid.apache.org" <us...@qpid.apache.org>
> Cc: Joe Porto <jo...@agilex.com>
> Subject: Re: SSL connection problems from rabbitMQ client
> Interesting. This isnt a combination that I have tried before, but I
> dont know any obvious reason it wouldnt work. I will try to take a
> look at it, but it isnt likely to be for a few days at best. The
> default example broker config was changed to use port 5671 because
> that is the assigned port for AMQP + SSL, I dont know where the number
> previously [not] used in the config came from.
> Out of interest, do you know if the client SSL example works ok when
> using the RabbitMQ broker?
> Robbie
> On 8 November 2011 20:55, Joe Porto <Jo...@agilex.com> wrote:
> Hi Robbie,
> Thanks for the quick feedback. I installed the .15 version and enabled the
> configuration to use SSL (interesting they changed the port to 5671). It
> still fails from the client side at the same point (when it's trying to send
> the header) , but this time it doesn't throw an error in the server log.
> Thoughts?
> Joe
> From: Robbie Gemmell <ro...@gmail.com>
> Reply-To: "users@qpid.apache.org" <us...@qpid.apache.org>
> Date: Tue, 8 Nov 2011 15:16:04 -0500
> To: "users@qpid.apache.org" <us...@qpid.apache.org>
> Subject: Re: SSL connection problems from rabbitMQ client
> Put simply, SSL support in the broker wasnt functional until after
> 0.12 was finalised. It was fixed as part of the development stream for
> 0.14, which branched from trunk a few days ago for release in around a
> month.
> You will need to use a non-release version if you want to make it work
> in the mean time. You can get a nightly release build of the current
> trunk broker at the following URL if you want to at least try it out:
> https://builds.apache.org/view/M-R/view/Qpid/job/Qpid-Java-Release/lastSuccessfulBuild/artifact/trunk/qpid/java/broker/release/
> Robbie
> On 8 November 2011 19:42, Joe Porto <Jo...@agilex.com> wrote:
> I am running the .12 release of a java qpid broker. I am trying to access
> it via a rabbitmq java client. When not using SSL, this works well and I am
> able to send and receive a msg on the client. When I enable SSL and try to
> connect to the SSL port on the broker, I get a SocketTimeOutException on the
> client side. Tracing through the rabbitMQ code – it looks like this occurs
> when the client tries sending just the AMQP header. On the qpid broker,
> this error is thrown in the log:
> ERROR [MINANetworkDriver(Acceptor)-15] (MINANetworkDriver.java:315) -
> Exception thrown and no ProtocolEngine to handle it
> java.lang.NullPointerException
> at
> org.apache.qpid.transport.network.mina.MINANetworkDriver.messageReceived(MINANetworkDriver.java:337)
> at
> org.apache.mina.common.support.AbstractIoFilterChain$TailFilter.messageReceived(AbstractIoFilterChain.java:703)
> at
> org.apache.mina.common.support.AbstractIoFilterChain.callNextMessageReceived(AbstractIoFilterChain.java:362)
> at
> org.apache.mina.common.support.AbstractIoFilterChain.access$1200(AbstractIoFilterChain.java:54)
> at
> org.apache.mina.common.support.AbstractIoFilterChain$EntryImpl$1.messageReceived(AbstractIoFilterChain.java:800)
> at
> org.apache.mina.filter.executor.ExecutorFilter.processEvent(ExecutorFilter.java:243)
> at
> org.apache.mina.filter.executor.ExecutorFilter$ProcessEventsRunnable.run(ExecutorFilter.java:305)
> at
> edu.emory.mathcs.backport.java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:665)
> at
> edu.emory.mathcs.backport.java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:690)
> at java.lang.Thread.run(Thread.java:680)
> ---------------------------
> My sample client code looks like this: (the client hangs on
> factory.newConnection();, and eventually the socket times out)
> ConnectionFactory factory = new ConnectionFactory();
> factory.setHost("10.1.21.21");
> factory.setPort(8672);
> factory.setVirtualHost("10.1.21.21");
> factory.useSslProtocol("TLS");
> Connection conn = factory.newConnection();
> Channel channel = conn.createChannel();
> …
> ---------------------
> Any help would be greatly appreciated!
> -Joe
> ---------------------------------------------------------------------
> Apache Qpid - AMQP Messaging Implementation
> Project: http://qpid.apache.org
> Use/Interact: mailto:users-subscribe@qpid.apache.org
>
>
>
>
>
---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project: http://qpid.apache.org
Use/Interact: mailto:users-subscribe@qpid.apache.org
Re: SSL connection problems from rabbitMQ client
Posted by Joe Porto <Jo...@agilex.com>.
Ah I read your response too quickly! I enabled the use SSL setting to true in the config.xml…and I used the keystore and truststore that I created myself following this website: http://www.akadia.com/services/ssh_test_certificate.html
I'll give the sample ones a shot…
Joe
From: Robbie Gemmell <ro...@gmail.com>>
Date: Thu, 10 Nov 2011 16:48:32 -0500
To: Joe Porto <jo...@agilex.com>>
Cc: "users@qpid.apache.org<ma...@qpid.apache.org>" <us...@qpid.apache.org>>
Subject: Re: SSL connection problems from rabbitMQ client
Erm, so was I ? :)
Robbie
On 10 November 2011 21:26, Joe Porto <Jo...@agilex.com>> wrote:
I was using a Qpid Broker…
Joe
From: Robbie Gemmell <ro...@gmail.com>>
Date: Thu, 10 Nov 2011 16:20:54 -0500
To: Joe Porto <jo...@agilex.com>>
Cc: "users@qpid.apache.org<ma...@qpid.apache.org>" <us...@qpid.apache.org>>
Subject: Re: SSL connection problems from rabbitMQ client
Hi Joe,
I just tried out connecting the RabbitMQ client using SSL to the
latest trunk revision of the Java broker, and it seemed to work ok
(well, it did make me notice that when we changed IO layers for the
broker and some protocols for the client recently that we missed a
limitation of SSLSocket that mean ConnectionClose currently generates
a nice stacktrace...but other than that, it works). Deliberately
making the client connect to the brokers 'plain' port failed as
expected, as did setting the client not to use SSL and connecting it
to the brokers SSL port. As well as the simpler 'no verification'
example you were using, I used an exapanded example based on those at
http://www.rabbitmq.com/ssl.html (the Java broker doesnt currently
support validating client certificates so I removed those bits).
Could you share how you are configuring the broker, and creating your
certificates? I used the broker keystore and client truststore we use
in our tests, which are located at
qpid/java/test-profiles/test_resources/ssl/java_broker_keystore.jks
and qpid/java/test-profiles/test_resources/ssl/java_client_truststore.jks
in a checkout of our trunk
(http://svn.apache.org/repos/asf/qpid/trunk/)
Regards,
Robbie
On 9 November 2011 20:45, Joe Porto <Jo...@agilex.com>> wrote:
I don't know… only have been playing with the qpid broker….
From: Robbie Gemmell <ro...@gmail.com>>
Date: Wed, 9 Nov 2011 15:44:04 -0500
To: "users@qpid.apache.org<ma...@qpid.apache.org>" <us...@qpid.apache.org>>
Cc: Joe Porto <jo...@agilex.com>>
Subject: Re: SSL connection problems from rabbitMQ client
Interesting. This isnt a combination that I have tried before, but I
dont know any obvious reason it wouldnt work. I will try to take a
look at it, but it isnt likely to be for a few days at best. The
default example broker config was changed to use port 5671 because
that is the assigned port for AMQP + SSL, I dont know where the number
previously [not] used in the config came from.
Out of interest, do you know if the client SSL example works ok when
using the RabbitMQ broker?
Robbie
On 8 November 2011 20:55, Joe Porto <Jo...@agilex.com>> wrote:
Hi Robbie,
Thanks for the quick feedback. I installed the .15 version and enabled the
configuration to use SSL (interesting they changed the port to 5671). It
still fails from the client side at the same point (when it's trying to send
the header) , but this time it doesn't throw an error in the server log.
Thoughts?
Joe
From: Robbie Gemmell <ro...@gmail.com>>
Reply-To: "users@qpid.apache.org<ma...@qpid.apache.org>" <us...@qpid.apache.org>>
Date: Tue, 8 Nov 2011 15:16:04 -0500
To: "users@qpid.apache.org<ma...@qpid.apache.org>" <us...@qpid.apache.org>>
Subject: Re: SSL connection problems from rabbitMQ client
Put simply, SSL support in the broker wasnt functional until after
0.12 was finalised. It was fixed as part of the development stream for
0.14, which branched from trunk a few days ago for release in around a
month.
You will need to use a non-release version if you want to make it work
in the mean time. You can get a nightly release build of the current
trunk broker at the following URL if you want to at least try it out:
https://builds.apache.org/view/M-R/view/Qpid/job/Qpid-Java-Release/lastSuccessfulBuild/artifact/trunk/qpid/java/broker/release/
Robbie
On 8 November 2011 19:42, Joe Porto <Jo...@agilex.com>> wrote:
I am running the .12 release of a java qpid broker. I am trying to access
it via a rabbitmq java client. When not using SSL, this works well and I am
able to send and receive a msg on the client. When I enable SSL and try to
connect to the SSL port on the broker, I get a SocketTimeOutException on the
client side. Tracing through the rabbitMQ code – it looks like this occurs
when the client tries sending just the AMQP header. On the qpid broker,
this error is thrown in the log:
ERROR [MINANetworkDriver(Acceptor)-15] (MINANetworkDriver.java:315) -
Exception thrown and no ProtocolEngine to handle it
java.lang.NullPointerException
at
org.apache.qpid.transport.network.mina.MINANetworkDriver.messageReceived(MINANetworkDriver.java:337)
at
org.apache.mina.common.support.AbstractIoFilterChain$TailFilter.messageReceived(AbstractIoFilterChain.java:703)
at
org.apache.mina.common.support.AbstractIoFilterChain.callNextMessageReceived(AbstractIoFilterChain.java:362)
at
org.apache.mina.common.support.AbstractIoFilterChain.access$1200(AbstractIoFilterChain.java:54)
at
org.apache.mina.common.support.AbstractIoFilterChain$EntryImpl$1.messageReceived(AbstractIoFilterChain.java:800)
at
org.apache.mina.filter.executor.ExecutorFilter.processEvent(ExecutorFilter.java:243)
at
org.apache.mina.filter.executor.ExecutorFilter$ProcessEventsRunnable.run(ExecutorFilter.java:305)
at
edu.emory.mathcs.backport.java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:665)
at
edu.emory.mathcs.backport.java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:690)
at java.lang.Thread.run(Thread.java:680)
---------------------------
My sample client code looks like this: (the client hangs on
factory.newConnection();, and eventually the socket times out)
ConnectionFactory factory = new ConnectionFactory();
factory.setHost("10.1.21.21");
factory.setPort(8672);
factory.setVirtualHost("10.1.21.21");
factory.useSslProtocol("TLS");
Connection conn = factory.newConnection();
Channel channel = conn.createChannel();
…
---------------------
Any help would be greatly appreciated!
-Joe
---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project: http://qpid.apache.org
Use/Interact: mailto:users-subscribe@qpid.apache.org
Re: SSL connection problems from rabbitMQ client
Posted by Robbie Gemmell <ro...@gmail.com>.
Erm, so was I ? :)
Robbie
On 10 November 2011 21:26, Joe Porto <Jo...@agilex.com> wrote:
> I was using a Qpid Broker…
>
> Joe
>
> From: Robbie Gemmell <ro...@gmail.com>
> Date: Thu, 10 Nov 2011 16:20:54 -0500
> To: Joe Porto <jo...@agilex.com>
> Cc: "users@qpid.apache.org" <us...@qpid.apache.org>
> Subject: Re: SSL connection problems from rabbitMQ client
>
> Hi Joe,
> I just tried out connecting the RabbitMQ client using SSL to the
> latest trunk revision of the Java broker, and it seemed to work ok
> (well, it did make me notice that when we changed IO layers for the
> broker and some protocols for the client recently that we missed a
> limitation of SSLSocket that mean ConnectionClose currently generates
> a nice stacktrace...but other than that, it works). Deliberately
> making the client connect to the brokers 'plain' port failed as
> expected, as did setting the client not to use SSL and connecting it
> to the brokers SSL port. As well as the simpler 'no verification'
> example you were using, I used an exapanded example based on those at
> http://www.rabbitmq.com/ssl.html (the Java broker doesnt currently
> support validating client certificates so I removed those bits).
> Could you share how you are configuring the broker, and creating your
> certificates? I used the broker keystore and client truststore we use
> in our tests, which are located at
> qpid/java/test-profiles/test_resources/ssl/java_broker_keystore.jks
> and qpid/java/test-profiles/test_resources/ssl/java_client_truststore.jks
> in a checkout of our trunk
> (http://svn.apache.org/repos/asf/qpid/trunk/)
> Regards,
> Robbie
> On 9 November 2011 20:45, Joe Porto <Jo...@agilex.com> wrote:
>
> I don't know… only have been playing with the qpid broker….
> From: Robbie Gemmell <ro...@gmail.com>
> Date: Wed, 9 Nov 2011 15:44:04 -0500
> To: "users@qpid.apache.org" <us...@qpid.apache.org>
> Cc: Joe Porto <jo...@agilex.com>
> Subject: Re: SSL connection problems from rabbitMQ client
> Interesting. This isnt a combination that I have tried before, but I
> dont know any obvious reason it wouldnt work. I will try to take a
> look at it, but it isnt likely to be for a few days at best. The
> default example broker config was changed to use port 5671 because
> that is the assigned port for AMQP + SSL, I dont know where the number
> previously [not] used in the config came from.
> Out of interest, do you know if the client SSL example works ok when
> using the RabbitMQ broker?
> Robbie
> On 8 November 2011 20:55, Joe Porto <Jo...@agilex.com> wrote:
> Hi Robbie,
> Thanks for the quick feedback. I installed the .15 version and enabled the
> configuration to use SSL (interesting they changed the port to 5671). It
> still fails from the client side at the same point (when it's trying to send
> the header) , but this time it doesn't throw an error in the server log.
> Thoughts?
> Joe
> From: Robbie Gemmell <ro...@gmail.com>
> Reply-To: "users@qpid.apache.org" <us...@qpid.apache.org>
> Date: Tue, 8 Nov 2011 15:16:04 -0500
> To: "users@qpid.apache.org" <us...@qpid.apache.org>
> Subject: Re: SSL connection problems from rabbitMQ client
> Put simply, SSL support in the broker wasnt functional until after
> 0.12 was finalised. It was fixed as part of the development stream for
> 0.14, which branched from trunk a few days ago for release in around a
> month.
> You will need to use a non-release version if you want to make it work
> in the mean time. You can get a nightly release build of the current
> trunk broker at the following URL if you want to at least try it out:
> https://builds.apache.org/view/M-R/view/Qpid/job/Qpid-Java-Release/lastSuccessfulBuild/artifact/trunk/qpid/java/broker/release/
> Robbie
> On 8 November 2011 19:42, Joe Porto <Jo...@agilex.com> wrote:
> I am running the .12 release of a java qpid broker. I am trying to access
> it via a rabbitmq java client. When not using SSL, this works well and I am
> able to send and receive a msg on the client. When I enable SSL and try to
> connect to the SSL port on the broker, I get a SocketTimeOutException on the
> client side. Tracing through the rabbitMQ code – it looks like this occurs
> when the client tries sending just the AMQP header. On the qpid broker,
> this error is thrown in the log:
> ERROR [MINANetworkDriver(Acceptor)-15] (MINANetworkDriver.java:315) -
> Exception thrown and no ProtocolEngine to handle it
> java.lang.NullPointerException
> at
> org.apache.qpid.transport.network.mina.MINANetworkDriver.messageReceived(MINANetworkDriver.java:337)
> at
> org.apache.mina.common.support.AbstractIoFilterChain$TailFilter.messageReceived(AbstractIoFilterChain.java:703)
> at
> org.apache.mina.common.support.AbstractIoFilterChain.callNextMessageReceived(AbstractIoFilterChain.java:362)
> at
> org.apache.mina.common.support.AbstractIoFilterChain.access$1200(AbstractIoFilterChain.java:54)
> at
> org.apache.mina.common.support.AbstractIoFilterChain$EntryImpl$1.messageReceived(AbstractIoFilterChain.java:800)
> at
> org.apache.mina.filter.executor.ExecutorFilter.processEvent(ExecutorFilter.java:243)
> at
> org.apache.mina.filter.executor.ExecutorFilter$ProcessEventsRunnable.run(ExecutorFilter.java:305)
> at
> edu.emory.mathcs.backport.java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:665)
> at
> edu.emory.mathcs.backport.java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:690)
> at java.lang.Thread.run(Thread.java:680)
> ---------------------------
> My sample client code looks like this: (the client hangs on
> factory.newConnection();, and eventually the socket times out)
>
> ConnectionFactory factory = new ConnectionFactory();
> factory.setHost("10.1.21.21");
> factory.setPort(8672);
> factory.setVirtualHost("10.1.21.21");
> factory.useSslProtocol("TLS");
> Connection conn = factory.newConnection();
> Channel channel = conn.createChannel();
> …
> ---------------------
> Any help would be greatly appreciated!
> -Joe
> ---------------------------------------------------------------------
> Apache Qpid - AMQP Messaging Implementation
> Project: http://qpid.apache.org
> Use/Interact: mailto:users-subscribe@qpid.apache.org
>
>
>
>
---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project: http://qpid.apache.org
Use/Interact: mailto:users-subscribe@qpid.apache.org
Re: SSL connection problems from rabbitMQ client
Posted by Robbie Gemmell <ro...@gmail.com>.
On 11 November 2011 16:47, Robbie Gemmell <ro...@gmail.com> wrote:
> On 10 November 2011 21:20, Robbie Gemmell <ro...@gmail.com> wrote:
> <snip>
>> it did make me notice that when we changed IO layers for the
>> broker and some protocols for the client recently that we missed a
>> limitation of SSLSocket that mean ConnectionClose currently generates
>> a nice stacktrace...but other than that, it works
> </snip>
>
> This should now be fixed on trunk. I have requested its inclusion in
> 0.14 also, but that isnt up to me.
>
Fix now included in 0.14 too.
---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project: http://qpid.apache.org
Use/Interact: mailto:users-subscribe@qpid.apache.org
Re: SSL connection problems from rabbitMQ client
Posted by Robbie Gemmell <ro...@gmail.com>.
On 10 November 2011 21:20, Robbie Gemmell <ro...@gmail.com> wrote:
<snip>
> it did make me notice that when we changed IO layers for the
> broker and some protocols for the client recently that we missed a
> limitation of SSLSocket that mean ConnectionClose currently generates
> a nice stacktrace...but other than that, it works
</snip>
This should now be fixed on trunk. I have requested its inclusion in
0.14 also, but that isnt up to me.
---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project: http://qpid.apache.org
Use/Interact: mailto:users-subscribe@qpid.apache.org
Re: SSL connection problems from rabbitMQ client
Posted by Joe Porto <Jo...@agilex.com>.
I was using a Qpid Broker…
Joe
From: Robbie Gemmell <ro...@gmail.com>>
Date: Thu, 10 Nov 2011 16:20:54 -0500
To: Joe Porto <jo...@agilex.com>>
Cc: "users@qpid.apache.org<ma...@qpid.apache.org>" <us...@qpid.apache.org>>
Subject: Re: SSL connection problems from rabbitMQ client
Hi Joe,
I just tried out connecting the RabbitMQ client using SSL to the
latest trunk revision of the Java broker, and it seemed to work ok
(well, it did make me notice that when we changed IO layers for the
broker and some protocols for the client recently that we missed a
limitation of SSLSocket that mean ConnectionClose currently generates
a nice stacktrace...but other than that, it works). Deliberately
making the client connect to the brokers 'plain' port failed as
expected, as did setting the client not to use SSL and connecting it
to the brokers SSL port. As well as the simpler 'no verification'
example you were using, I used an exapanded example based on those at
http://www.rabbitmq.com/ssl.html (the Java broker doesnt currently
support validating client certificates so I removed those bits).
Could you share how you are configuring the broker, and creating your
certificates? I used the broker keystore and client truststore we use
in our tests, which are located at
qpid/java/test-profiles/test_resources/ssl/java_broker_keystore.jks
and qpid/java/test-profiles/test_resources/ssl/java_client_truststore.jks
in a checkout of our trunk
(http://svn.apache.org/repos/asf/qpid/trunk/)
Regards,
Robbie
On 9 November 2011 20:45, Joe Porto <Jo...@agilex.com>> wrote:
I don't know… only have been playing with the qpid broker….
From: Robbie Gemmell <ro...@gmail.com>>
Date: Wed, 9 Nov 2011 15:44:04 -0500
To: "users@qpid.apache.org<ma...@qpid.apache.org>" <us...@qpid.apache.org>>
Cc: Joe Porto <jo...@agilex.com>>
Subject: Re: SSL connection problems from rabbitMQ client
Interesting. This isnt a combination that I have tried before, but I
dont know any obvious reason it wouldnt work. I will try to take a
look at it, but it isnt likely to be for a few days at best. The
default example broker config was changed to use port 5671 because
that is the assigned port for AMQP + SSL, I dont know where the number
previously [not] used in the config came from.
Out of interest, do you know if the client SSL example works ok when
using the RabbitMQ broker?
Robbie
On 8 November 2011 20:55, Joe Porto <Jo...@agilex.com>> wrote:
Hi Robbie,
Thanks for the quick feedback. I installed the .15 version and enabled the
configuration to use SSL (interesting they changed the port to 5671). It
still fails from the client side at the same point (when it's trying to send
the header) , but this time it doesn't throw an error in the server log.
Thoughts?
Joe
From: Robbie Gemmell <ro...@gmail.com>>
Reply-To: "users@qpid.apache.org<ma...@qpid.apache.org>" <us...@qpid.apache.org>>
Date: Tue, 8 Nov 2011 15:16:04 -0500
To: "users@qpid.apache.org<ma...@qpid.apache.org>" <us...@qpid.apache.org>>
Subject: Re: SSL connection problems from rabbitMQ client
Put simply, SSL support in the broker wasnt functional until after
0.12 was finalised. It was fixed as part of the development stream for
0.14, which branched from trunk a few days ago for release in around a
month.
You will need to use a non-release version if you want to make it work
in the mean time. You can get a nightly release build of the current
trunk broker at the following URL if you want to at least try it out:
https://builds.apache.org/view/M-R/view/Qpid/job/Qpid-Java-Release/lastSuccessfulBuild/artifact/trunk/qpid/java/broker/release/
Robbie
On 8 November 2011 19:42, Joe Porto <Jo...@agilex.com>> wrote:
I am running the .12 release of a java qpid broker. I am trying to access
it via a rabbitmq java client. When not using SSL, this works well and I am
able to send and receive a msg on the client. When I enable SSL and try to
connect to the SSL port on the broker, I get a SocketTimeOutException on the
client side. Tracing through the rabbitMQ code – it looks like this occurs
when the client tries sending just the AMQP header. On the qpid broker,
this error is thrown in the log:
ERROR [MINANetworkDriver(Acceptor)-15] (MINANetworkDriver.java:315) -
Exception thrown and no ProtocolEngine to handle it
java.lang.NullPointerException
at
org.apache.qpid.transport.network.mina.MINANetworkDriver.messageReceived(MINANetworkDriver.java:337)
at
org.apache.mina.common.support.AbstractIoFilterChain$TailFilter.messageReceived(AbstractIoFilterChain.java:703)
at
org.apache.mina.common.support.AbstractIoFilterChain.callNextMessageReceived(AbstractIoFilterChain.java:362)
at
org.apache.mina.common.support.AbstractIoFilterChain.access$1200(AbstractIoFilterChain.java:54)
at
org.apache.mina.common.support.AbstractIoFilterChain$EntryImpl$1.messageReceived(AbstractIoFilterChain.java:800)
at
org.apache.mina.filter.executor.ExecutorFilter.processEvent(ExecutorFilter.java:243)
at
org.apache.mina.filter.executor.ExecutorFilter$ProcessEventsRunnable.run(ExecutorFilter.java:305)
at
edu.emory.mathcs.backport.java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:665)
at
edu.emory.mathcs.backport.java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:690)
at java.lang.Thread.run(Thread.java:680)
---------------------------
My sample client code looks like this: (the client hangs on
factory.newConnection();, and eventually the socket times out)
ConnectionFactory factory = new ConnectionFactory();
factory.setHost("10.1.21.21");
factory.setPort(8672);
factory.setVirtualHost("10.1.21.21");
factory.useSslProtocol("TLS");
Connection conn = factory.newConnection();
Channel channel = conn.createChannel();
…
---------------------
Any help would be greatly appreciated!
-Joe
---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project: http://qpid.apache.org
Use/Interact: mailto:users-subscribe@qpid.apache.org
Re: SSL connection problems from rabbitMQ client
Posted by Robbie Gemmell <ro...@gmail.com>.
Hi Joe,
I just tried out connecting the RabbitMQ client using SSL to the
latest trunk revision of the Java broker, and it seemed to work ok
(well, it did make me notice that when we changed IO layers for the
broker and some protocols for the client recently that we missed a
limitation of SSLSocket that mean ConnectionClose currently generates
a nice stacktrace...but other than that, it works). Deliberately
making the client connect to the brokers 'plain' port failed as
expected, as did setting the client not to use SSL and connecting it
to the brokers SSL port. As well as the simpler 'no verification'
example you were using, I used an exapanded example based on those at
http://www.rabbitmq.com/ssl.html (the Java broker doesnt currently
support validating client certificates so I removed those bits).
Could you share how you are configuring the broker, and creating your
certificates? I used the broker keystore and client truststore we use
in our tests, which are located at
qpid/java/test-profiles/test_resources/ssl/java_broker_keystore.jks
and qpid/java/test-profiles/test_resources/ssl/java_client_truststore.jks
in a checkout of our trunk
(http://svn.apache.org/repos/asf/qpid/trunk/)
Regards,
Robbie
On 9 November 2011 20:45, Joe Porto <Jo...@agilex.com> wrote:
> I don't know… only have been playing with the qpid broker….
>
> From: Robbie Gemmell <ro...@gmail.com>
> Date: Wed, 9 Nov 2011 15:44:04 -0500
> To: "users@qpid.apache.org" <us...@qpid.apache.org>
> Cc: Joe Porto <jo...@agilex.com>
> Subject: Re: SSL connection problems from rabbitMQ client
>
> Interesting. This isnt a combination that I have tried before, but I
> dont know any obvious reason it wouldnt work. I will try to take a
> look at it, but it isnt likely to be for a few days at best. The
> default example broker config was changed to use port 5671 because
> that is the assigned port for AMQP + SSL, I dont know where the number
> previously [not] used in the config came from.
> Out of interest, do you know if the client SSL example works ok when
> using the RabbitMQ broker?
> Robbie
> On 8 November 2011 20:55, Joe Porto <Jo...@agilex.com> wrote:
>
> Hi Robbie,
> Thanks for the quick feedback. I installed the .15 version and enabled the
> configuration to use SSL (interesting they changed the port to 5671). It
> still fails from the client side at the same point (when it's trying to send
> the header) , but this time it doesn't throw an error in the server log.
> Thoughts?
> Joe
> From: Robbie Gemmell <ro...@gmail.com>
> Reply-To: "users@qpid.apache.org" <us...@qpid.apache.org>
> Date: Tue, 8 Nov 2011 15:16:04 -0500
> To: "users@qpid.apache.org" <us...@qpid.apache.org>
> Subject: Re: SSL connection problems from rabbitMQ client
> Put simply, SSL support in the broker wasnt functional until after
> 0.12 was finalised. It was fixed as part of the development stream for
> 0.14, which branched from trunk a few days ago for release in around a
> month.
> You will need to use a non-release version if you want to make it work
> in the mean time. You can get a nightly release build of the current
> trunk broker at the following URL if you want to at least try it out:
> https://builds.apache.org/view/M-R/view/Qpid/job/Qpid-Java-Release/lastSuccessfulBuild/artifact/trunk/qpid/java/broker/release/
> Robbie
> On 8 November 2011 19:42, Joe Porto <Jo...@agilex.com> wrote:
> I am running the .12 release of a java qpid broker. I am trying to access
> it via a rabbitmq java client. When not using SSL, this works well and I am
> able to send and receive a msg on the client. When I enable SSL and try to
> connect to the SSL port on the broker, I get a SocketTimeOutException on the
> client side. Tracing through the rabbitMQ code – it looks like this occurs
> when the client tries sending just the AMQP header. On the qpid broker,
> this error is thrown in the log:
> ERROR [MINANetworkDriver(Acceptor)-15] (MINANetworkDriver.java:315) -
> Exception thrown and no ProtocolEngine to handle it
> java.lang.NullPointerException
> at
> org.apache.qpid.transport.network.mina.MINANetworkDriver.messageReceived(MINANetworkDriver.java:337)
> at
> org.apache.mina.common.support.AbstractIoFilterChain$TailFilter.messageReceived(AbstractIoFilterChain.java:703)
> at
> org.apache.mina.common.support.AbstractIoFilterChain.callNextMessageReceived(AbstractIoFilterChain.java:362)
> at
> org.apache.mina.common.support.AbstractIoFilterChain.access$1200(AbstractIoFilterChain.java:54)
> at
> org.apache.mina.common.support.AbstractIoFilterChain$EntryImpl$1.messageReceived(AbstractIoFilterChain.java:800)
> at
> org.apache.mina.filter.executor.ExecutorFilter.processEvent(ExecutorFilter.java:243)
> at
> org.apache.mina.filter.executor.ExecutorFilter$ProcessEventsRunnable.run(ExecutorFilter.java:305)
> at
> edu.emory.mathcs.backport.java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:665)
> at
> edu.emory.mathcs.backport.java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:690)
> at java.lang.Thread.run(Thread.java:680)
> ---------------------------
> My sample client code looks like this: (the client hangs on
> factory.newConnection();, and eventually the socket times out)
>
>
> ConnectionFactory factory = new ConnectionFactory();
> factory.setHost("10.1.21.21");
> factory.setPort(8672);
> factory.setVirtualHost("10.1.21.21");
> factory.useSslProtocol("TLS");
> Connection conn = factory.newConnection();
> Channel channel = conn.createChannel();
> …
> ---------------------
> Any help would be greatly appreciated!
> -Joe
> ---------------------------------------------------------------------
> Apache Qpid - AMQP Messaging Implementation
> Project: http://qpid.apache.org
> Use/Interact: mailto:users-subscribe@qpid.apache.org
>
>
>
---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project: http://qpid.apache.org
Use/Interact: mailto:users-subscribe@qpid.apache.org
Re: SSL connection problems from rabbitMQ client
Posted by Joe Porto <Jo...@agilex.com>.
I don't know… only have been playing with the qpid broker….
From: Robbie Gemmell <ro...@gmail.com>>
Date: Wed, 9 Nov 2011 15:44:04 -0500
To: "users@qpid.apache.org<ma...@qpid.apache.org>" <us...@qpid.apache.org>>
Cc: Joe Porto <jo...@agilex.com>>
Subject: Re: SSL connection problems from rabbitMQ client
Interesting. This isnt a combination that I have tried before, but I
dont know any obvious reason it wouldnt work. I will try to take a
look at it, but it isnt likely to be for a few days at best. The
default example broker config was changed to use port 5671 because
that is the assigned port for AMQP + SSL, I dont know where the number
previously [not] used in the config came from.
Out of interest, do you know if the client SSL example works ok when
using the RabbitMQ broker?
Robbie
On 8 November 2011 20:55, Joe Porto <Jo...@agilex.com>> wrote:
Hi Robbie,
Thanks for the quick feedback. I installed the .15 version and enabled the
configuration to use SSL (interesting they changed the port to 5671). It
still fails from the client side at the same point (when it's trying to send
the header) , but this time it doesn't throw an error in the server log.
Thoughts?
Joe
From: Robbie Gemmell <ro...@gmail.com>>
Reply-To: "users@qpid.apache.org<ma...@qpid.apache.org>" <us...@qpid.apache.org>>
Date: Tue, 8 Nov 2011 15:16:04 -0500
To: "users@qpid.apache.org<ma...@qpid.apache.org>" <us...@qpid.apache.org>>
Subject: Re: SSL connection problems from rabbitMQ client
Put simply, SSL support in the broker wasnt functional until after
0.12 was finalised. It was fixed as part of the development stream for
0.14, which branched from trunk a few days ago for release in around a
month.
You will need to use a non-release version if you want to make it work
in the mean time. You can get a nightly release build of the current
trunk broker at the following URL if you want to at least try it out:
https://builds.apache.org/view/M-R/view/Qpid/job/Qpid-Java-Release/lastSuccessfulBuild/artifact/trunk/qpid/java/broker/release/
Robbie
On 8 November 2011 19:42, Joe Porto <Jo...@agilex.com>> wrote:
I am running the .12 release of a java qpid broker. I am trying to access
it via a rabbitmq java client. When not using SSL, this works well and I am
able to send and receive a msg on the client. When I enable SSL and try to
connect to the SSL port on the broker, I get a SocketTimeOutException on the
client side. Tracing through the rabbitMQ code – it looks like this occurs
when the client tries sending just the AMQP header. On the qpid broker,
this error is thrown in the log:
ERROR [MINANetworkDriver(Acceptor)-15] (MINANetworkDriver.java:315) -
Exception thrown and no ProtocolEngine to handle it
java.lang.NullPointerException
at
org.apache.qpid.transport.network.mina.MINANetworkDriver.messageReceived(MINANetworkDriver.java:337)
at
org.apache.mina.common.support.AbstractIoFilterChain$TailFilter.messageReceived(AbstractIoFilterChain.java:703)
at
org.apache.mina.common.support.AbstractIoFilterChain.callNextMessageReceived(AbstractIoFilterChain.java:362)
at
org.apache.mina.common.support.AbstractIoFilterChain.access$1200(AbstractIoFilterChain.java:54)
at
org.apache.mina.common.support.AbstractIoFilterChain$EntryImpl$1.messageReceived(AbstractIoFilterChain.java:800)
at
org.apache.mina.filter.executor.ExecutorFilter.processEvent(ExecutorFilter.java:243)
at
org.apache.mina.filter.executor.ExecutorFilter$ProcessEventsRunnable.run(ExecutorFilter.java:305)
at
edu.emory.mathcs.backport.java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:665)
at
edu.emory.mathcs.backport.java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:690)
at java.lang.Thread.run(Thread.java:680)
---------------------------
My sample client code looks like this: (the client hangs on
factory.newConnection();, and eventually the socket times out)
ConnectionFactory factory = new ConnectionFactory();
factory.setHost("10.1.21.21");
factory.setPort(8672);
factory.setVirtualHost("10.1.21.21");
factory.useSslProtocol("TLS");
Connection conn = factory.newConnection();
Channel channel = conn.createChannel();
…
---------------------
Any help would be greatly appreciated!
-Joe
---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project: http://qpid.apache.org
Use/Interact: mailto:users-subscribe@qpid.apache.org
Re: SSL connection problems from rabbitMQ client
Posted by Robbie Gemmell <ro...@gmail.com>.
Interesting. This isnt a combination that I have tried before, but I
dont know any obvious reason it wouldnt work. I will try to take a
look at it, but it isnt likely to be for a few days at best. The
default example broker config was changed to use port 5671 because
that is the assigned port for AMQP + SSL, I dont know where the number
previously [not] used in the config came from.
Out of interest, do you know if the client SSL example works ok when
using the RabbitMQ broker?
Robbie
On 8 November 2011 20:55, Joe Porto <Jo...@agilex.com> wrote:
> Hi Robbie,
> Thanks for the quick feedback. I installed the .15 version and enabled the
> configuration to use SSL (interesting they changed the port to 5671). It
> still fails from the client side at the same point (when it's trying to send
> the header) , but this time it doesn't throw an error in the server log.
> Thoughts?
> Joe
> From: Robbie Gemmell <ro...@gmail.com>
> Reply-To: "users@qpid.apache.org" <us...@qpid.apache.org>
> Date: Tue, 8 Nov 2011 15:16:04 -0500
> To: "users@qpid.apache.org" <us...@qpid.apache.org>
> Subject: Re: SSL connection problems from rabbitMQ client
>
> Put simply, SSL support in the broker wasnt functional until after
> 0.12 was finalised. It was fixed as part of the development stream for
> 0.14, which branched from trunk a few days ago for release in around a
> month.
> You will need to use a non-release version if you want to make it work
> in the mean time. You can get a nightly release build of the current
> trunk broker at the following URL if you want to at least try it out:
> https://builds.apache.org/view/M-R/view/Qpid/job/Qpid-Java-Release/lastSuccessfulBuild/artifact/trunk/qpid/java/broker/release/
> Robbie
> On 8 November 2011 19:42, Joe Porto <Jo...@agilex.com> wrote:
>
> I am running the .12 release of a java qpid broker. I am trying to access
> it via a rabbitmq java client. When not using SSL, this works well and I am
> able to send and receive a msg on the client. When I enable SSL and try to
> connect to the SSL port on the broker, I get a SocketTimeOutException on the
> client side. Tracing through the rabbitMQ code – it looks like this occurs
> when the client tries sending just the AMQP header. On the qpid broker,
> this error is thrown in the log:
> ERROR [MINANetworkDriver(Acceptor)-15] (MINANetworkDriver.java:315) -
> Exception thrown and no ProtocolEngine to handle it
> java.lang.NullPointerException
> at
> org.apache.qpid.transport.network.mina.MINANetworkDriver.messageReceived(MINANetworkDriver.java:337)
> at
> org.apache.mina.common.support.AbstractIoFilterChain$TailFilter.messageReceived(AbstractIoFilterChain.java:703)
> at
> org.apache.mina.common.support.AbstractIoFilterChain.callNextMessageReceived(AbstractIoFilterChain.java:362)
> at
> org.apache.mina.common.support.AbstractIoFilterChain.access$1200(AbstractIoFilterChain.java:54)
> at
> org.apache.mina.common.support.AbstractIoFilterChain$EntryImpl$1.messageReceived(AbstractIoFilterChain.java:800)
> at
> org.apache.mina.filter.executor.ExecutorFilter.processEvent(ExecutorFilter.java:243)
> at
> org.apache.mina.filter.executor.ExecutorFilter$ProcessEventsRunnable.run(ExecutorFilter.java:305)
> at
> edu.emory.mathcs.backport.java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:665)
> at
> edu.emory.mathcs.backport.java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:690)
> at java.lang.Thread.run(Thread.java:680)
> ---------------------------
> My sample client code looks like this: (the client hangs on
> factory.newConnection();, and eventually the socket times out)
>
>
>
> ConnectionFactory factory = new ConnectionFactory();
> factory.setHost("10.1.21.21");
> factory.setPort(8672);
> factory.setVirtualHost("10.1.21.21");
> factory.useSslProtocol("TLS");
> Connection conn = factory.newConnection();
> Channel channel = conn.createChannel();
>
> …
> ---------------------
>
> Any help would be greatly appreciated!
>
> -Joe
>
> ---------------------------------------------------------------------
> Apache Qpid - AMQP Messaging Implementation
> Project: http://qpid.apache.org
> Use/Interact: mailto:users-subscribe@qpid.apache.org
>
>
---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project: http://qpid.apache.org
Use/Interact: mailto:users-subscribe@qpid.apache.org
Re: SSL connection problems from rabbitMQ client
Posted by Joe Porto <Jo...@agilex.com>.
With client stack trace:
Exception in thread "main" java.net.SocketTimeoutException: Read timed out
at java.net.SocketInputStream.socketRead0(Native Method)
at java.net.SocketInputStream.read(SocketInputStream.java:129)
at com.sun.net.ssl.internal.ssl.InputRecord.readFully(InputRecord.java:293)
at com.sun.net.ssl.internal.ssl.InputRecord.read(InputRecord.java:331)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:798)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1138)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:632)
at com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:59)
at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65)
at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123)
at java.io.DataOutputStream.flush(DataOutputStream.java:106)
at com.rabbitmq.client.impl.SocketFrameHandler.sendHeader(SocketFrameHandler.java:116)
at com.rabbitmq.client.impl.SocketFrameHandler.sendHeader(SocketFrameHandler.java:129)
at com.rabbitmq.client.impl.AMQConnection.start(AMQConnection.java:239)
at com.rabbitmq.client.ConnectionFactory.newConnection(ConnectionFactory.java:403)
at com.rabbitmq.client.ConnectionFactory.newConnection(ConnectionFactory.java:423)
at SSLExample.main(SSLExample.java:25)
From: Joe Porto <jo...@agilex.com>>
Date: Tue, 8 Nov 2011 15:55:43 -0500
To: "users@qpid.apache.org<ma...@qpid.apache.org>" <us...@qpid.apache.org>>
Cc: Robbie Gemmell <ro...@gmail.com>>
Subject: Re: SSL connection problems from rabbitMQ client
Hi Robbie,
Thanks for the quick feedback. I installed the .15 version and enabled the configuration to use SSL (interesting they changed the port to 5671). It still fails from the client side at the same point (when it's trying to send the header) , but this time it doesn't throw an error in the server log.
Thoughts?
Joe
From: Robbie Gemmell <ro...@gmail.com>>
Reply-To: "users@qpid.apache.org<ma...@qpid.apache.org>" <us...@qpid.apache.org>>
Date: Tue, 8 Nov 2011 15:16:04 -0500
To: "users@qpid.apache.org<ma...@qpid.apache.org>" <us...@qpid.apache.org>>
Subject: Re: SSL connection problems from rabbitMQ client
Put simply, SSL support in the broker wasnt functional until after
0.12 was finalised. It was fixed as part of the development stream for
0.14, which branched from trunk a few days ago for release in around a
month.
You will need to use a non-release version if you want to make it work
in the mean time. You can get a nightly release build of the current
trunk broker at the following URL if you want to at least try it out:
https://builds.apache.org/view/M-R/view/Qpid/job/Qpid-Java-Release/lastSuccessfulBuild/artifact/trunk/qpid/java/broker/release/
Robbie
On 8 November 2011 19:42, Joe Porto <Jo...@agilex.com>> wrote:
I am running the .12 release of a java qpid broker. I am trying to access it via a rabbitmq java client. When not using SSL, this works well and I am able to send and receive a msg on the client. When I enable SSL and try to connect to the SSL port on the broker, I get a SocketTimeOutException on the client side. Tracing through the rabbitMQ code – it looks like this occurs when the client tries sending just the AMQP header. On the qpid broker, this error is thrown in the log:
ERROR [MINANetworkDriver(Acceptor)-15] (MINANetworkDriver.java:315) - Exception thrown and no ProtocolEngine to handle it
java.lang.NullPointerException
at org.apache.qpid.transport.network.mina.MINANetworkDriver.messageReceived(MINANetworkDriver.java:337)
at org.apache.mina.common.support.AbstractIoFilterChain$TailFilter.messageReceived(AbstractIoFilterChain.java:703)
at org.apache.mina.common.support.AbstractIoFilterChain.callNextMessageReceived(AbstractIoFilterChain.java:362)
at org.apache.mina.common.support.AbstractIoFilterChain.access$1200(AbstractIoFilterChain.java:54)
at org.apache.mina.common.support.AbstractIoFilterChain$EntryImpl$1.messageReceived(AbstractIoFilterChain.java:800)
at org.apache.mina.filter.executor.ExecutorFilter.processEvent(ExecutorFilter.java:243)
at org.apache.mina.filter.executor.ExecutorFilter$ProcessEventsRunnable.run(ExecutorFilter.java:305)
at edu.emory.mathcs.backport.java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:665)
at edu.emory.mathcs.backport.java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:690)
at java.lang.Thread.run(Thread.java:680)
---------------------------
My sample client code looks like this: (the client hangs on factory.newConnection();, and eventually the socket times out)
ConnectionFactory factory = new ConnectionFactory();
factory.setHost("10.1.21.21");
factory.setPort(8672);
factory.setVirtualHost("10.1.21.21");
factory.useSslProtocol("TLS");
Connection conn = factory.newConnection();
Channel channel = conn.createChannel();
…
---------------------
Any help would be greatly appreciated!
-Joe
---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project: http://qpid.apache.org
Use/Interact: mailto:users-subscribe@qpid.apache.org
Re: SSL connection problems from rabbitMQ client
Posted by Joe Porto <Jo...@agilex.com>.
Hi Robbie,
Thanks for the quick feedback. I installed the .15 version and enabled the configuration to use SSL (interesting they changed the port to 5671). It still fails from the client side at the same point (when it's trying to send the header) , but this time it doesn't throw an error in the server log.
Thoughts?
Joe
From: Robbie Gemmell <ro...@gmail.com>>
Reply-To: "users@qpid.apache.org<ma...@qpid.apache.org>" <us...@qpid.apache.org>>
Date: Tue, 8 Nov 2011 15:16:04 -0500
To: "users@qpid.apache.org<ma...@qpid.apache.org>" <us...@qpid.apache.org>>
Subject: Re: SSL connection problems from rabbitMQ client
Put simply, SSL support in the broker wasnt functional until after
0.12 was finalised. It was fixed as part of the development stream for
0.14, which branched from trunk a few days ago for release in around a
month.
You will need to use a non-release version if you want to make it work
in the mean time. You can get a nightly release build of the current
trunk broker at the following URL if you want to at least try it out:
https://builds.apache.org/view/M-R/view/Qpid/job/Qpid-Java-Release/lastSuccessfulBuild/artifact/trunk/qpid/java/broker/release/
Robbie
On 8 November 2011 19:42, Joe Porto <Jo...@agilex.com>> wrote:
I am running the .12 release of a java qpid broker. I am trying to access it via a rabbitmq java client. When not using SSL, this works well and I am able to send and receive a msg on the client. When I enable SSL and try to connect to the SSL port on the broker, I get a SocketTimeOutException on the client side. Tracing through the rabbitMQ code – it looks like this occurs when the client tries sending just the AMQP header. On the qpid broker, this error is thrown in the log:
ERROR [MINANetworkDriver(Acceptor)-15] (MINANetworkDriver.java:315) - Exception thrown and no ProtocolEngine to handle it
java.lang.NullPointerException
at org.apache.qpid.transport.network.mina.MINANetworkDriver.messageReceived(MINANetworkDriver.java:337)
at org.apache.mina.common.support.AbstractIoFilterChain$TailFilter.messageReceived(AbstractIoFilterChain.java:703)
at org.apache.mina.common.support.AbstractIoFilterChain.callNextMessageReceived(AbstractIoFilterChain.java:362)
at org.apache.mina.common.support.AbstractIoFilterChain.access$1200(AbstractIoFilterChain.java:54)
at org.apache.mina.common.support.AbstractIoFilterChain$EntryImpl$1.messageReceived(AbstractIoFilterChain.java:800)
at org.apache.mina.filter.executor.ExecutorFilter.processEvent(ExecutorFilter.java:243)
at org.apache.mina.filter.executor.ExecutorFilter$ProcessEventsRunnable.run(ExecutorFilter.java:305)
at edu.emory.mathcs.backport.java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:665)
at edu.emory.mathcs.backport.java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:690)
at java.lang.Thread.run(Thread.java:680)
---------------------------
My sample client code looks like this: (the client hangs on factory.newConnection();, and eventually the socket times out)
ConnectionFactory factory = new ConnectionFactory();
factory.setHost("10.1.21.21");
factory.setPort(8672);
factory.setVirtualHost("10.1.21.21");
factory.useSslProtocol("TLS");
Connection conn = factory.newConnection();
Channel channel = conn.createChannel();
…
---------------------
Any help would be greatly appreciated!
-Joe
---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project: http://qpid.apache.org
Use/Interact: mailto:users-subscribe@qpid.apache.org
Re: SSL connection problems from rabbitMQ client
Posted by Robbie Gemmell <ro...@gmail.com>.
Put simply, SSL support in the broker wasnt functional until after
0.12 was finalised. It was fixed as part of the development stream for
0.14, which branched from trunk a few days ago for release in around a
month.
You will need to use a non-release version if you want to make it work
in the mean time. You can get a nightly release build of the current
trunk broker at the following URL if you want to at least try it out:
https://builds.apache.org/view/M-R/view/Qpid/job/Qpid-Java-Release/lastSuccessfulBuild/artifact/trunk/qpid/java/broker/release/
Robbie
On 8 November 2011 19:42, Joe Porto <Jo...@agilex.com> wrote:
> I am running the .12 release of a java qpid broker. I am trying to access it via a rabbitmq java client. When not using SSL, this works well and I am able to send and receive a msg on the client. When I enable SSL and try to connect to the SSL port on the broker, I get a SocketTimeOutException on the client side. Tracing through the rabbitMQ code – it looks like this occurs when the client tries sending just the AMQP header. On the qpid broker, this error is thrown in the log:
>
> ERROR [MINANetworkDriver(Acceptor)-15] (MINANetworkDriver.java:315) - Exception thrown and no ProtocolEngine to handle it
> java.lang.NullPointerException
> at org.apache.qpid.transport.network.mina.MINANetworkDriver.messageReceived(MINANetworkDriver.java:337)
> at org.apache.mina.common.support.AbstractIoFilterChain$TailFilter.messageReceived(AbstractIoFilterChain.java:703)
> at org.apache.mina.common.support.AbstractIoFilterChain.callNextMessageReceived(AbstractIoFilterChain.java:362)
> at org.apache.mina.common.support.AbstractIoFilterChain.access$1200(AbstractIoFilterChain.java:54)
> at org.apache.mina.common.support.AbstractIoFilterChain$EntryImpl$1.messageReceived(AbstractIoFilterChain.java:800)
> at org.apache.mina.filter.executor.ExecutorFilter.processEvent(ExecutorFilter.java:243)
> at org.apache.mina.filter.executor.ExecutorFilter$ProcessEventsRunnable.run(ExecutorFilter.java:305)
> at edu.emory.mathcs.backport.java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:665)
> at edu.emory.mathcs.backport.java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:690)
> at java.lang.Thread.run(Thread.java:680)
>
> ---------------------------
>
> My sample client code looks like this: (the client hangs on factory.newConnection();, and eventually the socket times out)
>
>
>
>
> ConnectionFactory factory = new ConnectionFactory();
>
> factory.setHost("10.1.21.21");
>
> factory.setPort(8672);
>
> factory.setVirtualHost("10.1.21.21");
>
> factory.useSslProtocol("TLS");
>
> Connection conn = factory.newConnection();
>
> Channel channel = conn.createChannel();
>
>
> …
>
> ---------------------
>
>
> Any help would be greatly appreciated!
>
>
> -Joe
>
---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project: http://qpid.apache.org
Use/Interact: mailto:users-subscribe@qpid.apache.org