You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@qpid.apache.org by Cullen Davis <cu...@commitent.com> on 2009/08/24 21:47:37 UTC
RE: SSL with C++ client returns "Unknown protocol: ssl"
I have not been able to get the SSL client connector to be loaded for the direct examples.
Per Gordon's instructions, I modified the direct/declare_queues.cpp example to add use a ConnectionSetting object when opening a Connection. I set the ConnectionSetting.protocol property to "ssl".
1) I start broker as detailed in step 1 of previous post.
2) I set and export QPID_SSL_CERT_DB
3) I set and export QPID_LOAD_MODULE (set ..../src/.libs/sslconnector.so - I used a fully qualified path)
4) I Execute the c++ example from the direct use cases:
$ examples/declare_queues 127.0.0.1 5671 ssl
The program errors with "Unknown protocol: ssl (qpid/client/Connector.cpp:66)"
Obviously I am not getting the client to run with the SSL connector . I thought setting the QPID_LOAD_MODULE would make that happen. Any thoughts as to why I am not getting the sslconnector.so library to load? I am running all tests on a straight install of Fedora 10 with the latest (807298) trunk code.
Cullen J. Davis
CommIT
________________________________________
From: Gordon Sim [gsim@redhat.com]
Sent: Friday, August 14, 2009 12:05 PM
To: users@qpid.apache.org
Subject: Re: Question about C++ broker, C++ client, and SSL encryption
Cullen Davis wrote:
> I followed your lead and modified the tests to pass a protocol into the Connection::open. When the ConnectionImpl object was instantiated, the ProtocolRegistry().find(proto) failed with an "Unknown Protocol" error. I was using "ssl" as the target protocol.
>
> Any additional thoughts?
You need to have QPID_LOAD_MODULE=./src/.libs/sslconnector.so (or have
the ssl client plugin in the standard location for clients).
>
> Cullen J. Davis
> CommIT Enterprises, Inc.
>
> ________________________________________
> From: Gordon Sim [gsim@redhat.com]
> Sent: Friday, August 14, 2009 3:34 AM
> To: users@qpid.apache.org
> Subject: Re: Question about C++ broker, C++ client, and SSL encryption
>
> Cullen Davis wrote:
>> I have two questions regarding SSL and the C++ broker / C++ client running qpidd (qpidc) version 0.5 from a trunk build.
>>
>> 1) Start c++ qpid broker as follows
>> qpidd --log-enable debug:ssl --log-source yes \
>> --log-function yes \
>> --auth no \
>> --load-module src/.libs/ssl.so \
>> --ssl-cert-db /etc/pki/tls/qpid/test_cert_db
>> --ssl-cert-password-file /etc/pki/tls/private/qpid_ssl.pass \
>> --ssl-cert-name commit.CjD \
>> --ssl-require-client-authentication \
>> --require-encryption
>>
>> 2) Run the c++ direct example on port 5672
>> ./examples/direct/declare_queues localhost 5672
>> ./examples/direct/direct_producer localhost 5672
>> ./examples/direct/listener localhost 5672
>> The queue is created, populated, and read with no problems.
>>
>> 3) Run the c++ direct example on port 5671 (first set-up env variables)
>> QPID_LOAD_MODULE=./src/.libs/sslconnector.so
>> QPID_SSL_CERT_DB=/etc/pki/tls/qpid/test_cert_db
>> ./examples/direct/declare_queues localhost 5671
>>
>> At this point, the declare_queues example hangs until CTRL C is pressed. When declare_queues terminates, the broker outputs:
>> debug qpid/sys/ssl/SslHandler.cpp:143:void qpid::sys::ssl::SslHandler::eof(qpid::sys::ssl::SslIO&): DISCONNECTED [127.0.0.1:57801]
>>
>>
>> Question 1 - Why did the examples on port 5672 (#2) succeed? I thought --load-module src/.libs/ssl.so and --require-encryption would cause the connection to be rejected.
>
> That is because the of the auth=no option, this is a known issue and
> should be fixed in the next release.
>
> https://issues.apache.org/jira/browse/QPID-1899
>
>> Question 2 - What is the declare_queue code from #3 blocking on?
>
> To use ssl in the client you have to select 'ssl' as the protocol. The
> examples don't currently allow you to do that at present. However if you
> make the following modifications then you can specify 'ssl' after host
> and port and it should work:
>
> Index: examples/direct/declare_queues.cpp
> ===================================================================
> --- examples/direct/declare_queues.cpp (revision 797423)
> +++ examples/direct/declare_queues.cpp (working copy)
> @@ -53,12 +53,14 @@
>
>
> int main(int argc, char** argv) {
> - const char* host = argc>1 ? argv[1] : "127.0.0.1";
> - int port = argc>2 ? atoi(argv[2]) : 5672;
> + ConnectionSettings settings;
> + if (argc>1) settings.host = argv[1];
> + if (argc>2) settings.port = atoi(argv[2]);
> + if (argc>3) settings.protocol = argv[3];
> Connection connection;
>
> try {
> - connection.open(host, port);
> + connection.open(settings);
> Session session = connection.newSession();
>
> The same change would be required on the other example programs. We
> should get this changed for the next release also. I've raised a Jira to
> track it:
>
> https://issues.apache.org/jira/browse/QPID-2049
>
>
>
>
> ---------------------------------------------------------------------
> Apache Qpid - AMQP Messaging Implementation
> Project: http://qpid.apache.org
> Use/Interact: mailto:users-subscribe@qpid.apache.org
>
>
> ---------------------------------------------------------------------
> Apache Qpid - AMQP Messaging Implementation
> Project: http://qpid.apache.org
> Use/Interact: mailto:users-subscribe@qpid.apache.org
>
---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project: http://qpid.apache.org
Use/Interact: mailto:users-subscribe@qpid.apache.org
---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project: http://qpid.apache.org
Use/Interact: mailto:users-subscribe@qpid.apache.org
Re: SSL with C++ client returns "Unknown protocol: ssl"
Posted by Gordon Sim <gs...@redhat.com>.
Cullen Davis wrote:
> Gordon
>
> 1) The make is now running to completion ( if QPID_LOAD_MODULE is defined as a relative path, the cpp/docs/man build fails when the "qpidd --help"invocation does not find the ./src/.libs/sslconnector.so plugin)
> 2) Thank you for the clarification, I now understand what you meant by "standard location"
> 3) My comment about pertest was inaccurate.
>
> The good news is that when I follow the steps in the ssl_test script, I do get the ssl plugin to load. I am going to use that as a basis for getting my client off the ground.
Great; can't think what was different, but as long as you are up and
running!
> Thanks again for your help and patience!
Thanks for your patience also!
---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project: http://qpid.apache.org
Use/Interact: mailto:users-subscribe@qpid.apache.org
RE: SSL with C++ client returns "Unknown protocol: ssl"
Posted by Cullen Davis <cu...@commitent.com>.
Gordon
1) The make is now running to completion ( if QPID_LOAD_MODULE is defined as a relative path, the cpp/docs/man build fails when the "qpidd --help"invocation does not find the ./src/.libs/sslconnector.so plugin)
2) Thank you for the clarification, I now understand what you meant by "standard location"
3) My comment about pertest was inaccurate.
The good news is that when I follow the steps in the ssl_test script, I do get the ssl plugin to load. I am going to use that as a basis for getting my client off the ground.
Thanks again for your help and patience!
Cullen J. Davis
CommIT Enterprises, Inc.
________________________________________
From: Gordon Sim [gsim@redhat.com]
Sent: Tuesday, August 25, 2009 11:13 AM
To: users@qpid.apache.org
Subject: Re: SSL with C++ client returns "Unknown protocol: ssl"
Cullen Davis wrote:
> Gordon,
>
> I do not have the qpidc package installed. I set and exported QPID_NO_MODULE_DIR=true. (I also tried QPID_NO_MODULE_DIR=1) I still get the "Unknown protocol: ssl (qpid/client/Connector.cpp:66)" error.
Does make check pass? In particular does the ssl_test run and does it fail?
> In an earlier post, you stated that the sslconnector.so plugin should be specified in the QPID_LOAD_MODULE variable "...or have the ssl client plugin in the standard location for clients". Can you elaborate on the standard location comment (in particular for a Fedora 10 installation)?
The default is /usr/local/lib/qpid/client/ (though it can be changed at
compile time). A make install should put the library there.
> I thought that perftest could be used to test my SSL implementation, but that code seems to be out of the build. Thank you for your assistance.
Yes, perftest can test ssl (with the --protocol option). When you say
its out of the build you mean its not in the 0.5 distribution?
>
> Cullen J. Davis
> CommIT Enterprises, Inc.
>
---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project: http://qpid.apache.org
Use/Interact: mailto:users-subscribe@qpid.apache.org
Re: SSL with C++ client returns "Unknown protocol: ssl"
Posted by Gordon Sim <gs...@redhat.com>.
Cullen Davis wrote:
> Gordon,
>
> I do not have the qpidc package installed. I set and exported QPID_NO_MODULE_DIR=true. (I also tried QPID_NO_MODULE_DIR=1) I still get the "Unknown protocol: ssl (qpid/client/Connector.cpp:66)" error.
Does make check pass? In particular does the ssl_test run and does it fail?
> In an earlier post, you stated that the sslconnector.so plugin should be specified in the QPID_LOAD_MODULE variable "...or have the ssl client plugin in the standard location for clients". Can you elaborate on the standard location comment (in particular for a Fedora 10 installation)?
The default is /usr/local/lib/qpid/client/ (though it can be changed at
compile time). A make install should put the library there.
> I thought that perftest could be used to test my SSL implementation, but that code seems to be out of the build. Thank you for your assistance.
Yes, perftest can test ssl (with the --protocol option). When you say
its out of the build you mean its not in the 0.5 distribution?
>
> Cullen J. Davis
> CommIT Enterprises, Inc.
>
> ________________________________________
> From: Gordon Sim [gsim@redhat.com]
> Sent: Tuesday, August 25, 2009 3:47 AM
> To: users@qpid.apache.org
> Subject: Re: SSL with C++ client returns "Unknown protocol: ssl"
>
> Cullen Davis wrote:
>> I have not been able to get the SSL client connector to be loaded for the direct examples.
>>
>> Per Gordon's instructions, I modified the direct/declare_queues.cpp example to add use a ConnectionSetting object when opening a Connection. I set the ConnectionSetting.protocol property to "ssl".
>>
>> 1) I start broker as detailed in step 1 of previous post.
>> 2) I set and export QPID_SSL_CERT_DB
>> 3) I set and export QPID_LOAD_MODULE (set ..../src/.libs/sslconnector.so - I used a fully qualified path)
>> 4) I Execute the c++ example from the direct use cases:
>> $ examples/declare_queues 127.0.0.1 5671 ssl
>> The program errors with "Unknown protocol: ssl (qpid/client/Connector.cpp:66)"
>>
>> Obviously I am not getting the client to run with the SSL connector . I thought setting the QPID_LOAD_MODULE would make that happen. Any thoughts as to why I am not getting the sslconnector.so library to load? I am running all tests on a straight install of Fedora 10 with the latest (807298) trunk code.
>
> Do you have the qpidc rpm installed as well (rpm -qv qpidc)? If so
> perhaps exporting QPID_NO_MODULE_DIR=true might help(?).
>
> ---------------------------------------------------------------------
> Apache Qpid - AMQP Messaging Implementation
> Project: http://qpid.apache.org
> Use/Interact: mailto:users-subscribe@qpid.apache.org
>
>
> ---------------------------------------------------------------------
> Apache Qpid - AMQP Messaging Implementation
> Project: http://qpid.apache.org
> Use/Interact: mailto:users-subscribe@qpid.apache.org
>
---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project: http://qpid.apache.org
Use/Interact: mailto:users-subscribe@qpid.apache.org
RE: SSL with C++ client returns "Unknown protocol: ssl"
Posted by Cullen Davis <cu...@commitent.com>.
Gordon,
I do not have the qpidc package installed. I set and exported QPID_NO_MODULE_DIR=true. (I also tried QPID_NO_MODULE_DIR=1) I still get the "Unknown protocol: ssl (qpid/client/Connector.cpp:66)" error.
In an earlier post, you stated that the sslconnector.so plugin should be specified in the QPID_LOAD_MODULE variable "...or have the ssl client plugin in the standard location for clients". Can you elaborate on the standard location comment (in particular for a Fedora 10 installation)?
I thought that perftest could be used to test my SSL implementation, but that code seems to be out of the build. Thank you for your assistance.
Cullen J. Davis
CommIT Enterprises, Inc.
________________________________________
From: Gordon Sim [gsim@redhat.com]
Sent: Tuesday, August 25, 2009 3:47 AM
To: users@qpid.apache.org
Subject: Re: SSL with C++ client returns "Unknown protocol: ssl"
Cullen Davis wrote:
> I have not been able to get the SSL client connector to be loaded for the direct examples.
>
> Per Gordon's instructions, I modified the direct/declare_queues.cpp example to add use a ConnectionSetting object when opening a Connection. I set the ConnectionSetting.protocol property to "ssl".
>
> 1) I start broker as detailed in step 1 of previous post.
> 2) I set and export QPID_SSL_CERT_DB
> 3) I set and export QPID_LOAD_MODULE (set ..../src/.libs/sslconnector.so - I used a fully qualified path)
> 4) I Execute the c++ example from the direct use cases:
> $ examples/declare_queues 127.0.0.1 5671 ssl
> The program errors with "Unknown protocol: ssl (qpid/client/Connector.cpp:66)"
>
> Obviously I am not getting the client to run with the SSL connector . I thought setting the QPID_LOAD_MODULE would make that happen. Any thoughts as to why I am not getting the sslconnector.so library to load? I am running all tests on a straight install of Fedora 10 with the latest (807298) trunk code.
Do you have the qpidc rpm installed as well (rpm -qv qpidc)? If so
perhaps exporting QPID_NO_MODULE_DIR=true might help(?).
---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project: http://qpid.apache.org
Use/Interact: mailto:users-subscribe@qpid.apache.org
---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project: http://qpid.apache.org
Use/Interact: mailto:users-subscribe@qpid.apache.org
Re: SSL with C++ client returns "Unknown protocol: ssl"
Posted by Gordon Sim <gs...@redhat.com>.
Cullen Davis wrote:
> I have not been able to get the SSL client connector to be loaded for the direct examples.
>
> Per Gordon's instructions, I modified the direct/declare_queues.cpp example to add use a ConnectionSetting object when opening a Connection. I set the ConnectionSetting.protocol property to "ssl".
>
> 1) I start broker as detailed in step 1 of previous post.
> 2) I set and export QPID_SSL_CERT_DB
> 3) I set and export QPID_LOAD_MODULE (set ..../src/.libs/sslconnector.so - I used a fully qualified path)
> 4) I Execute the c++ example from the direct use cases:
> $ examples/declare_queues 127.0.0.1 5671 ssl
> The program errors with "Unknown protocol: ssl (qpid/client/Connector.cpp:66)"
>
> Obviously I am not getting the client to run with the SSL connector . I thought setting the QPID_LOAD_MODULE would make that happen. Any thoughts as to why I am not getting the sslconnector.so library to load? I am running all tests on a straight install of Fedora 10 with the latest (807298) trunk code.
Do you have the qpidc rpm installed as well (rpm -qv qpidc)? If so
perhaps exporting QPID_NO_MODULE_DIR=true might help(?).
---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project: http://qpid.apache.org
Use/Interact: mailto:users-subscribe@qpid.apache.org