You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@qpid.apache.org by Jeff Donner <jd...@morphodetection.com> on 2017/01/04 23:08:51 UTC
One SSL + SASL EXTERNAL queue creation works with qpidd 1.36.0 but
not 1.35.0
Hi,
Creating an 'examples' queue (for the example SSL code) works fine when running qpidd 1.36.0 (qpidd --conf qpidd-sasl-ssl.conf) with the following qpidd-sasl-ssl.conf:
(No clustering, ACL, anything - just a basic qpidd and a client.)
ssl-examples$ cat qpidd-sasl-ssl.conf
# <auth> is whether to do SASL authentication.
# https://qpid.apache.org/releases/qpid-cpp-1.36.0/cpp-broker/book/chap-Messaging_User_Guide-Security.html
auth=yes
# It wants the dir, it assumes the name 'qpidd.conf'
sasl-config=/etc/sasl2
ssl-port=5672
ssl-cert-db=pki/qpidd/qpidd-nss
ssl-cert-password-file=pki/qpidd/qpidd-nss-password
# Require SSL - same source as above
ssl-require-client-authentication=yes
ssl-cert-name=qpiddcert
ssl-sasl-no-dict=yes
ssl-use-export-policy=yes
require-encryption=yes
log-to-stdout=yes
log-to-stderr=no
log-source=yes
log-function=yes
# Security Broker Management Protocol
# System HA Messaging Store Network Test
# Client Application Model Unspecified
trace=yes
log-disable=info-:Management
####
# followed by the queue creation command:
$ qpid-config --broker amqps://dev-qpidclient@localhost:5672 \
--ssl-certificate=pki/client/certs/client-cert.pem \
--ssl-key=pki/client/private/client-keys.pem \
--sasl-mechanism=EXTERNAL \
add queue examples
####
# SASL2 config:
ssl-examples$ cat /etc/sasl2/qpidd.conf | grep -v '#' | uniq
pwcheck_method: auxprop
auxprop_plugin: sasldb
sasldb_path: /var/lib/qpidd/qpidd.sasldb
mech_list: EXTERNAL
sql_select: dummy select
####
# And the SASL db is fine - (just for drill, though as I say the same setup works with qpidd 1.36.0)
sasl2$ sudo sasldblistusers2 -f /var/lib/qpidd/qpidd.sasldb
[sudo] password for jdonner:
admin@QPID: userPassword
client@QPID: userPassword
dev-qpidclient@QPID: userPassword
sasl2$
But with qpidd 1.35.0 it fails:
(selected) qpidd 1.35.0 output
...
2017-01-04 13:24:34 [Security] debug /builddir/build/BUILD/qpid-cpp-1.35.0/src/qpid/acl/Acl.cpp:90:qpid::acl::Acl::Acl: ACL loaded empty rule set
2017-01-04 13:24:34 [Security] info /builddir/build/BUILD/qpid-cpp-1.35.0/src/qpid/acl/Acl.cpp:93:qpid::acl::Acl::Acl: ACL Plugin loaded
2017-01-04 13:24:34 [Security] trace /builddir/build/BUILD/qpid-cpp-1.35.0/src/qpid/sys/SslPlugin.cpp:114:qpid::sys::SslPlugin::initialize: Initialising SSL plugin
2017-01-04 13:24:34 [Network] debug /builddir/build/BUILD/qpid-cpp-1.35.0/src/qpid/sys/SocketTransport.cpp:147:qpid::sys::SocketAcceptor::listen: Using interface:
2017-01-04 13:24:34 [Network] info /builddir/build/BUILD/qpid-cpp-1.35.0/src/qpid/sys/SocketTransport.cpp:159:qpid::sys::SocketAcceptor::listen: Listening to: 0.0.0.0:5672
2017-01-04 13:24:34 [Network] debug /builddir/build/BUILD/qpid-cpp-1.35.0/src/qpid/sys/SocketTransport.cpp:162:qpid::sys::SocketAcceptor::listen: Listened to: 5672
2017-01-04 13:24:34 [Network] info /builddir/build/BUILD/qpid-cpp-1.35.0/src/qpid/sys/SocketTransport.cpp:159:qpid::sys::SocketAcceptor::listen: Listening to: [::]:5672
2017-01-04 13:24:34 [Network] debug /builddir/build/BUILD/qpid-cpp-1.35.0/src/qpid/sys/SocketTransport.cpp:162:qpid::sys::SocketAcceptor::listen: Listened to: 5672
2017-01-04 13:24:34 [Security] notice /builddir/build/BUILD/qpid-cpp-1.35.0/src/qpid/sys/SslPlugin.cpp:132:qpid::sys::SslPlugin::initialize: Listening for SSL or TCP connections on TCP/TCP6 port 5672
2017-01-04 13:24:34 [Broker] info /builddir/build/BUILD/qpid-cpp-1.35.0/src/qpid/broker/Broker.cpp:401:qpid::broker::Broker::Broker: Broker (pid=3962) initialized
2017-01-04 13:24:34 [Broker] info /builddir/build/BUILD/qpid-cpp-1.35.0/src/qpid/broker/Broker.cpp:518:qpid::broker::Broker::run: Broker (pid=3962) running
# The queue creation is run at this point (reminder)
qpid-config --broker amqps://dev-qpidclient@localhost:5672 \
--ssl-certificate=pki/client/certs/client-cert.pem \
--ssl-key=pki/client/private/client-keys.pem \
--sasl-mechanism=EXTERNAL \
add queue examples
2017-01-04 13:24:55 [Network] trace /builddir/build/BUILD/qpid-cpp-1.35.0/src/qpid/sys/ssl/SslSocket.cpp:340:qpid::sys::ssl::SslMuxSocket::accept: Accepting connection with optional SSL wrapper.
2017-01-04 13:24:55 [Network] trace /builddir/build/BUILD/qpid-cpp-1.35.0/src/qpid/sys/ssl/SslSocket.cpp:345:qpid::sys::ssl::SslMuxSocket::accept: Accepted Plaintext connection.
2017-01-04 13:24:55 [Network] debug /builddir/build/BUILD/qpid-cpp-1.35.0/src/qpid/sys/SocketTransport.cpp:51:qpid::sys::{anonymous}::establishedCommon: Set TCP_NODELAY on connection to [::1]:51976
2017-01-04 13:24:57 [System] debug /builddir/build/BUILD/qpid-cpp-1.35.0/src/qpid/sys/AsynchIOHandler.cpp:150:qpid::sys::AsynchIOHandler::readbuff: RECV [qpid.[::1]:5672-[::1]:51976]: INIT(1-0)
2017-01-04 13:24:57 [System] debug /builddir/build/BUILD/qpid-cpp-1.35.0/src/qpid/Exception.cpp:43:qpid::Exception::Exception: Exception constructed: SASL layer required!
2017-01-04 13:24:57 [System] error /builddir/build/BUILD/qpid-cpp-1.35.0/src/qpid/sys/AsynchIOHandler.cpp:164:qpid::sys::AsynchIOHandler::readbuff: SASL layer required!
For the record, here is the 1.36.0 qpidd log: (with added debugging messages)...
2017-01-04 14:49:00 [Security] info /space/software/qpid-cpp-1.36.0/src/qpid/broker/SaslAuthenticator.cpp:173:qpid::broker::SaslAuthenticator::init: SASL: config path set to /etc/sasl2
2017-01-04 14:49:00 [Broker] info /space/software/qpid-cpp-1.36.0/src/qpid/broker/Broker.cpp:367:qpid::broker::Broker::Broker: SASL enabled
2017-01-04 14:49:00 [Network] debug /space/software/qpid-cpp-1.36.0/src/qpid/broker/posix/SocketFDPlugin.cpp:87:qpid::sys::SocketFDPlugin::initialize: No Socket fd specified
2017-01-04 14:49:00 [Model] trace /space/software/mkqpid-cpp-1.36/src/qmf/org/apache/qpid/acl/Acl.cpp:74:qmf::org::apache::qpid::acl::Acl::Acl: Mgmt create acl. id:org.apache.qpid.broker:broker:amqp-broker
2017-01-04 14:49:00 [Security] debug /space/software/qpid-cpp-1.36.0/src/qpid/acl/Acl.cpp:90:qpid::acl::Acl::Acl: ACL loaded empty rule set
2017-01-04 14:49:00 [Security] info /space/software/qpid-cpp-1.36.0/src/qpid/acl/Acl.cpp:93:qpid::acl::Acl::Acl: ACL Plugin loaded
2017-01-04 14:49:00 [Security] trace /space/software/qpid-cpp-1.36.0/src/qpid/sys/SslPlugin.cpp:114:qpid::sys::SslPlugin::initialize: Initialising SSL plugin
2017-01-04 14:49:00 [Network] debug /space/software/qpid-cpp-1.36.0/src/qpid/sys/SocketTransport.cpp:147:qpid::sys::SocketAcceptor::listen: Using interface:
2017-01-04 14:49:00 [Network] info /space/software/qpid-cpp-1.36.0/src/qpid/sys/SocketTransport.cpp:159:qpid::sys::SocketAcceptor::listen: Listening to: 0.0.0.0:5672
2017-01-04 14:49:00 [Network] trace /space/software/qpid-cpp-1.36.0/src/qpid/sys/ssl/SslSocket.cpp:244:qpid::sys::ssl::SslSocket::listen: >SSL:listen
2017-01-04 14:49:00 [Network] trace /space/software/qpid-cpp-1.36.0/src/qpid/sys/ssl/SslSocket.cpp:254:qpid::sys::ssl::SslSocket::listen: SSL:listen have set up some certs, now listening.
2017-01-04 14:49:00 [Network] debug /space/software/qpid-cpp-1.36.0/src/qpid/sys/SocketTransport.cpp:162:qpid::sys::SocketAcceptor::listen: Listened to: 5672
2017-01-04 14:49:00 [Network] info /space/software/qpid-cpp-1.36.0/src/qpid/sys/SocketTransport.cpp:159:qpid::sys::SocketAcceptor::listen: Listening to: [::]:5672
2017-01-04 14:49:00 [Network] trace /space/software/qpid-cpp-1.36.0/src/qpid/sys/ssl/SslSocket.cpp:244:qpid::sys::ssl::SslSocket::listen: >SSL:listen
2017-01-04 14:49:00 [Network] trace /space/software/qpid-cpp-1.36.0/src/qpid/sys/ssl/SslSocket.cpp:254:qpid::sys::ssl::SslSocket::listen: SSL:listen have set up some certs, now listening.
2017-01-04 14:49:00 [Network] debug /space/software/qpid-cpp-1.36.0/src/qpid/sys/SocketTransport.cpp:162:qpid::sys::SocketAcceptor::listen: Listened to: 5672
2017-01-04 14:49:00 [Security] notice /space/software/qpid-cpp-1.36.0/src/qpid/sys/SslPlugin.cpp:132:qpid::sys::SslPlugin::initialize: Listening for SSL or TCP connections on TCP/TCP6 port 5672
2017-01-04 14:49:00 [Broker] info /space/software/qpid-cpp-1.36.0/src/qpid/broker/Broker.cpp:401:qpid::broker::Broker::Broker: Broker (pid=4565) initialized
2017-01-04 14:49:00 [Broker] info /space/software/qpid-cpp-1.36.0/src/qpid/broker/Broker.cpp:518:qpid::broker::Broker::run: Broker (pid=4565) running
# The same command, the (same) 1.35.0 version of qpid-config:
qpid-config --broker amqps://dev-qpidclient@localhost:5672 \
--ssl-certificate=pki/client/certs/client-cert.pem \
--ssl-key=pki/client/private/client-keys.pem \
--sasl-mechanism=EXTERNAL \
add queue examples
2017-01-04 14:50:49 [Network] trace /space/software/qpid-cpp-1.36.0/src/qpid/sys/ssl/SslSocket.cpp:371:qpid::sys::ssl::SslMuxSocket::accept: Accepting connection with optional SSL wrapper.
2017-01-04 14:50:49 [Network] trace /space/software/qpid-cpp-1.36.0/src/qpid/sys/ssl/SslSocket.cpp:278:qpid::sys::ssl::isSslStream: >isSslStream
2017-01-04 14:50:49 [Network] trace /space/software/qpid-cpp-1.36.0/src/qpid/sys/ssl/SslSocket.cpp:282:qpid::sys::ssl::isSslStream: >isSslStream
2017-01-04 14:50:49 [Network] trace /space/software/qpid-cpp-1.36.0/src/qpid/sys/ssl/SslSocket.cpp:285:qpid::sys::ssl::isSslStream: retries...:>2<
2017-01-04 14:50:51 [Network] trace /space/software/qpid-cpp-1.36.0/src/qpid/sys/ssl/SslSocket.cpp:358:qpid::sys::ssl::isSslStream: <isSslStream -- properhandshake? >1<
2017-01-04 14:50:51 [Network] trace /space/software/qpid-cpp-1.36.0/src/qpid/sys/ssl/SslSocket.cpp:373:qpid::sys::ssl::SslMuxSocket::accept: Accepted SSL connection.
2017-01-04 14:50:51 [Network] debug /space/software/qpid-cpp-1.36.0/src/qpid/sys/SocketTransport.cpp:51:qpid::sys::{anonymous}::establishedCommon: Set TCP_NODELAY on connection to [::1]:52470
2017-01-04 14:50:51 [Network] trace /space/software/qpid-cpp-1.36.0/src/qpid/sys/ssl/SslSocket.cpp:380:qpid::sys::ssl::SslMuxSocket::accept: accept interrupted - not fatal...
2017-01-04 14:50:51 [System] debug /space/software/qpid-cpp-1.36.0/src/qpid/sys/AsynchIOHandler.cpp:150:qpid::sys::AsynchIOHandler::readbuff: RECV [qpid.[::1]:5672-[::1]:52470]: INIT(0-10)
2017-01-04 14:50:51 [Network] trace /space/software/qpid-cpp-1.36.0/src/qpid/sys/ssl/SslSocket.cpp:416:qpid::sys::ssl::SslSocket::getKeyLen: >getKeyLen
2017-01-04 14:50:51 [Network] trace /space/software/qpid-cpp-1.36.0/src/qpid/sys/ssl/SslSocket.cpp:428:qpid::sys::ssl::SslSocket::getKeyLen: getKeyLen -- good
2017-01-04 14:50:51 [Network] trace /space/software/qpid-cpp-1.36.0/src/qpid/sys/ssl/SslSocket.cpp:102:qpid::sys::ssl::{anonymous}::PeerCertificateGetter::operator: get peer cert: (0 is bad)>0x7fe24c0144b0<
2017-01-04 14:50:51 [Security] debug /space/software/qpid-cpp-1.36.0/src/qpid/broker/SaslAuthenticator.cpp:339:qpid::broker::CyrusAuthenticator::init: External ssf=128 and auth=dev-qpidclient
2017-01-04 14:50:51 [Security] debug /space/software/qpid-cpp-1.36.0/src/qpid/broker/SaslAuthenticator.cpp:357:qpid::broker::CyrusAuthenticator::init: min_ssf: 0, max_ssf: 0, external_ssf: 128
2017-01-04 14:50:51 [Security] debug /space/software/qpid-cpp-1.36.0/src/qpid/broker/SaslAuthenticator.cpp:366:qpid::broker::CyrusAuthenticator::init: external auth detected and set to dev-qpidclient
2017-01-04 14:50:51 [Security] info /space/software/qpid-cpp-1.36.0/src/qpid/broker/SaslAuthenticator.cpp:438:qpid::broker::CyrusAuthenticator::getMechanisms: SASL: num mechanisms: 8
2017-01-04 14:50:51 [Security] info /space/software/qpid-cpp-1.36.0/src/qpid/broker/SaslAuthenticator.cpp:439:qpid::broker::CyrusAuthenticator::getMechanisms: SASL: Mechanism list: >EXTERNAL<
2017-01-04 14:50:51 [Broker] debug /space/software/qpid-cpp-1.36.0/src/qpid/broker/LinkRegistry.cpp:310:qpid::broker::LinkRegistry::notifyConnection: LinkRegistry::notifyConnection(); key=qpid.[::1]:5672-[::1]:52470
2017-01-04 14:50:51 [Security] trace /space/software/qpid-cpp-1.36.0/src/qpid/acl/AclConnectionCounter.cpp:153:qpid::acl::ConnectionCounter::connection: ACL ConnectionCounter new connection: qpid.[::1]:5672-[::1]:52470
2017-01-04 14:50:51 [Model] trace /space/software/mkqpid-cpp-1.36/src/qmf/org/apache/qpid/broker/Connection.cpp:79:qmf::org::apache::qpid::broker::Connection::Connection: Mgmt create connection. id:qpid.[::1]:5672-[::1]:52470
2017-01-04 14:50:51 [Protocol] trace /space/software/qpid-cpp-1.36.0/src/qpid/amqp_0_10/Connection.cpp:90:qpid::amqp_0_10::Connection::encode: SENT [qpid.[::1]:5672-[::1]:52470]: INIT(0-10)
2017-01-04 14:50:51 [Protocol] trace /space/software/qpid-cpp-1.36.0/src/qpid/amqp_0_10/Connection.cpp:96:qpid::amqp_0_10::Connection::encode: SENT [qpid.[::1]:5672-[::1]:52470]: Frame[BEbe; channel=0; {ConnectionStartBody: server-properties={host:V2:7:str16(sidecar),platform:V2:5:str16(Linux),product:V2:8:str16(qpid-cpp),qpid.federation_tag:V2:36:str16(f390a428-3c91-4255-a327-55b4a3fb7570),version:V2:6:str16(1.36.0)}; mechanisms=str16{V2:8:str16(EXTERNAL)}; locales=str16{V2:5:str16(en_US)}; }]
2017-01-04 14:50:51 [Protocol] trace /space/software/qpid-cpp-1.36.0/src/qpid/amqp_0_10/Connection.cpp:58:qpid::amqp_0_10::Connection::decode: RECV [qpid.[::1]:5672-[::1]:52470]: Frame[BEbe; channel=0; {ConnectionStartOkBody: client-properties={platform:V2:5:str16(posix),product:V2:18:str16(qpid python client),qpid.client_pid:F8:int64(4580),qpid.client_ppid:F8:int64(4579),qpid.client_process:V2:11:str16(qpid-config),qpid.client_version:V2:6:str16(1.35.0)}; mechanism=EXTERNAL; response=xxxxxx; }]
2017-01-04 14:50:51 [Security] info /space/software/qpid-cpp-1.36.0/src/qpid/broker/SaslAuthenticator.cpp:462:qpid::broker::CyrusAuthenticator::start: SASL: Starting authentication with mechanism: EXTERNAL
2017-01-04 14:50:51 [Model] debug /space/software/qpid-cpp-1.36.0/src/qpid/broker/amqp_0_10/Connection.cpp:329:qpid::broker::amqp_0_10::Connection::raiseConnectEvent: Create connection. user:dev-qpidclient@QPID rhost:qpid.[::1]:5672-[::1]:52470
2017-01-04 14:50:51 [Security] trace /space/software/qpid-cpp-1.36.0/src/qpid/acl/AclData.cpp:605:qpid::acl::AclData::getConnQuotaForUser: ACL: Connection quota for user dev-qpidclient@QPID unavailable; quota settings are not specified. Return value : 0
2017-01-04 14:50:51 [Security] trace /space/software/qpid-cpp-1.36.0/src/qpid/acl/AclConnectionCounter.cpp:237:qpid::acl::ConnectionCounter::approveConnection: ACL: ConnectionApprover host list default connection policy allows connection for host ::1, user dev-qpidclient@QPID (/space/software/qpid-cpp-1.36.0/src/qpid/acl/AclData.cpp:726)
2017-01-04 14:50:51 [Security] trace /space/software/qpid-cpp-1.36.0/src/qpid/acl/AclConnectionCounter.cpp:247:qpid::acl::ConnectionCounter::approveConnection: ACL ConnectionApprover totalLimit=500 curValue=1 result=allow
2017-01-04 14:50:51 [Security] trace /space/software/qpid-cpp-1.36.0/src/qpid/acl/AclConnectionCounter.cpp:116:qpid::acl::ConnectionCounter::countConnectionLH: ACL ConnectionApprover user=dev-qpidclient@QPID limit=0 curValue=1 result=allow
2017-01-04 14:50:51 [Security] info /space/software/qpid-cpp-1.36.0/src/qpid/broker/SaslAuthenticator.cpp:504:qpid::broker::CyrusAuthenticator::processAuthenticationStep: qpid.[::1]:5672-[::1]:52470 SASL: Authentication succeeded for: dev-qpidclient@QPID
2017-01-04 14:50:51 [Protocol] trace /space/software/qpid-cpp-1.36.0/src/qpid/amqp_0_10/Connection.cpp:96:qpid::amqp_0_10::Connection::encode: SENT [qpid.[::1]:5672-[::1]:52470]: Frame[BEbe; channel=0; {ConnectionTuneBody: channel-max=65534; max-frame-size=65535; heartbeat-min=0; heartbeat-max=120; }]
2017-01-04 14:50:51 [Protocol] trace /space/software/qpid-cpp-1.36.0/src/qpid/amqp_0_10/Connection.cpp:58:qpid::amqp_0_10::Connection::decode: RECV [qpid.[::1]:5672-[::1]:52470]: Frame[BEbe; channel=0; {ConnectionTuneOkBody: channel-max=65534; }]
2017-01-04 14:50:51 [Protocol] trace /space/software/qpid-cpp-1.36.0/src/qpid/amqp_0_10/Connection.cpp:58:qpid::amqp_0_10::Connection::decode: RECV [qpid.[::1]:5672-[::1]:52470]: Frame[BEbe; channel=0; {ConnectionOpenBody: }]
2017-01-04 14:50:51 [Protocol] trace /space/software/qpid-cpp-1.36.0/src/qpid/amqp_0_10/Connection.cpp:96:qpid::amqp_0_10::Connection::encode: SENT [qpid.[::1]:5672-[::1]:52470]: Frame[BEbe; channel=0; {ConnectionOpenOkBody: known-hosts=str16{}; }]
2017-01-04 14:50:51 [Protocol] trace /space/software/qpid-cpp-1.36.0/src/qpid/amqp_0_10/Connection.cpp:58:qpid::amqp_0_10::Connection::decode: RECV [qpid.[::1]:5672-[::1]:52470]: Frame[BEbe; channel=0; {SessionAttachBody: name=2f1ab97a-791d-4c89-b770-49cb26bcac2a:0; }]
2017-01-04 14:50:51 [Broker] debug /space/software/qpid-cpp-1.36.0/src/qpid/SessionState.cpp:248:qpid::SessionState::SessionState: SessionState::SessionState dev-qpidclient@QPID.2f1ab97a-791d-4c89-b770-49cb26bcac2a:0: 0x7fe24c0300c0
2017-01-04 14:50:51 [Model] trace /space/software/mkqpid-cpp-1.36/src/qmf/org/apache/qpid/broker/Session.cpp:76:qmf::org::apache::qpid::broker::Session::Session: Mgmt create session. id:dev-qpidclient@QPID.2f1ab97a-791d-4c89-b770-49cb26bcac2a:0
2017-01-04 14:50:51 [Broker] debug /space/software/qpid-cpp-1.36.0/src/qpid/broker/SessionState.cpp:147:qpid::broker::SessionState::attach: dev-qpidclient@QPID.2f1ab97a-791d-4c89-b770-49cb26bcac2a:0: attached on broker.
2017-01-04 14:50:51 [Protocol] debug /space/software/qpid-cpp-1.36.0/src/qpid/amqp_0_10/SessionHandler.cpp:157:qpid::amqp_0_10::SessionHandler::attach: Attached channel 0 to dev-qpidclient@QPID.2f1ab97a-791d-4c89-b770-49cb26bcac2a:0
2017-01-04 14:50:51 [Broker] debug /space/software/qpid-cpp-1.36.0/src/qpid/broker/SessionState.cpp:340:qpid::broker::SessionState::readyToSend: dev-qpidclient@QPID.2f1ab97a-791d-4c89-b770-49cb26bcac2a:0: ready to send, activating output.
2017-01-04 14:50:51 [Protocol] trace /space/software/qpid-cpp-1.36.0/src/qpid/amqp_0_10/Connection.cpp:58:qpid::amqp_0_10::Connection::decode: RECV [qpid.[::1]:5672-[::1]:52470]: Frame[BEbe; channel=0; {SessionCommandPointBody: command-id=0; command-offset=0; }]
2017-01-04 14:50:51 [Broker] debug /space/software/qpid-cpp-1.36.0/src/qpid/SessionState.cpp:183:qpid::SessionState::receiverSetCommandPoint: dev-qpidclient@QPID.2f1ab97a-791d-4c89-b770-49cb26bcac2a:0: receiver command-point set to: (0+0)
2017-01-04 14:50:51 [Protocol] trace /space/software/qpid-cpp-1.36.0/src/qpid/amqp_0_10/Connection.cpp:58:qpid::amqp_0_10::Connection::decode: RECV [qpid.[::1]:5672-[::1]:52470]: Frame[BEbe; channel=0; {ExchangeQueryBody: name=qmf.default.topic; }]
2017-01-04 14:50:51 [Broker] trace /space/software/qpid-cpp-1.36.0/src/qpid/SessionState.cpp:200:qpid::SessionState::receiverRecord: dev-qpidclient@QPID.2f1ab97a-791d-4c89-b770-49cb26bcac2a:0: recv cmd 0: {ExchangeQueryBody: name=qmf.default.topic; }
2017-01-04 14:50:51 [Security] debug /space/software/qpid-cpp-1.36.0/src/qpid/acl/AclData.cpp:379:qpid::acl::AclData::lookup: ACL: Lookup for id:dev-qpidclient@QPID action:access objectType:exchange name:qmf.default.topic with params { }
2017-01-04 14:50:51 [Security] debug /space/software/qpid-cpp-1.36.0/src/qpid/acl/AclData.cpp:418:qpid::acl::AclData::lookup: ACL: No successful match, defaulting to the decision mode allow
2017-01-04 14:50:51 [Broker] debug /space/software/qpid-cpp-1.36.0/src/qpid/SessionState.cpp:214:qpid::SessionState::receiverCompleted: dev-qpidclient@QPID.2f1ab97a-791d-4c89-b770-49cb26bcac2a:0: receiver marked completed: 0 incomplete: { } unknown-completed: { [0,0] }
2017-01-04 14:50:51 [Broker] trace /space/software/qpid-cpp-1.36.0/src/qpid/SessionState.cpp:119:qpid::SessionState::senderRecord: dev-qpidclient@QPID.2f1ab97a-791d-4c89-b770-49cb26bcac2a:0: sent cmd 0: {ExecutionResultBody: command-id=0; value=\x07\x01 \x00\x10management-topic\x00\x00\x00\x1A\x00\x00\x00\x01\x0Eqpid.replicate\x95\x00\x04none; }
2017-01-04 14:50:51 [Protocol] trace /space/software/qpid-cpp-1.36.0/src/qpid/amqp_0_10/Connection.cpp:96:qpid::amqp_0_10::Connection::encode: SENT [qpid.[::1]:5672-[::1]:52470]: Frame[BEbe; channel=0; {SessionAttachedBody: name=2f1ab97a-791d-4c89-b770-49cb26bcac2a:0; }]
2017-01-04 14:50:51 [Protocol] trace /space/software/qpid-cpp-1.36.0/src/qpid/amqp_0_10/Connection.cpp:96:qpid::amqp_0_10::Connection::encode: SENT [qpid.[::1]:5672-[::1]:52470]: Frame[BEbe; channel=0; {SessionCommandPointBody: command-id=0; command-offset=0; }]
2017-01-04 14:50:51 [Protocol] trace /space/software/qpid-cpp-1.36.0/src/qpid/amqp_0_10/Connection.cpp:96:qpid::amqp_0_10::Connection::encode: SENT [qpid.[::1]:5672-[::1]:52470]: Frame[BEbe; channel=0; {ExecutionResultBody: command-id=0; value=\x07\x01 \x00\x10management-topic\x00\x00\x00\x1A\x00\x00\x00\x01\x0Eqpid.replicate\x95\x00\x04none; }]
2017-01-04 14:50:51 [Protocol] trace /space/software/qpid-cpp-1.36.0/src/qpid/amqp_0_10/Connection.cpp:96:qpid::amqp_0_10::Connection::encode: SENT [qpid.[::1]:5672-[::1]:52470]: Frame[BEbe; channel=0; {SessionCompletedBody: commands={ [0,0] }; }]
2017-01-04 14:50:51 [Protocol] trace /space/software/qpid-cpp-1.36.0/src/qpid/amqp_0_10/Connection.cpp:58:qpid::amqp_0_10::Connection::decode: RECV [qpid.[::1]:5672-[::1]:52470]: Frame[BEbe; channel=0; {QueueDeclareBody: queue=2f1ab97a-791d-4c89-b770-49cb26bcac2a:0.0; exclusive=1; auto-delete=1; }]
2017-01-04 14:50:51 [Broker] trace /space/software/qpid-cpp-1.36.0/src/qpid/SessionState.cpp:200:qpid::SessionState::receiverRecord: dev-qpidclient@QPID.2f1ab97a-791d-4c89-b770-49cb26bcac2a:0: recv cmd 1: {QueueDeclareBody: queue=2f1ab97a-791d-4c89-b770-49cb26bcac2a:0.0; exclusive=1; auto-delete=1; }
2017-01-04 14:50:51 [Security] debug /space/software/qpid-cpp-1.36.0/src/qpid/acl/AclData.cpp:379:qpid::acl::AclData::lookup: ACL: Lookup for id:dev-qpidclient@QPID action:create objectType:queue name:2f1ab97a-791d-4c89-b770-49cb26bcac2a:0.0 with params { durable=false autodelete=true exclusive=true alternate= policytype=reject paging=false maxqueuesize=104857600 }
2017-01-04 14:50:51 [Security] debug /space/software/qpid-cpp-1.36.0/src/qpid/acl/AclData.cpp:418:qpid::acl::AclData::lookup: ACL: No successful match, defaulting to the decision mode allow
2017-01-04 14:50:51 [Security] trace /space/software/qpid-cpp-1.36.0/src/qpid/acl/AclData.cpp:659:qpid::acl::AclData::getQueueQuotaForUser: ACL: Queue quota for user dev-qpidclient@QPID unavailable; quota settings are not specified. Return value : 0
2017-01-04 14:50:51 [Security] trace /space/software/qpid-cpp-1.36.0/src/qpid/acl/AclResourceCounter.cpp:92:qpid::acl::ResourceCounter::limitApproveLH: ACL QueueApprover user=dev-qpidclient@QPID limit=0 curValue=1 result=allow
2017-01-04 14:50:51 [Security] trace /space/software/qpid-cpp-1.36.0/src/qpid/acl/AclResourceCounter.cpp:142:qpid::acl::ResourceCounter::approveCreateQueue: ACL create queue approved for user 'dev-qpidclient@QPID' queue '2f1ab97a-791d-4c89-b770-49cb26bcac2a:0.0'
2017-01-04 14:50:51 [Broker] debug /space/software/qpid-cpp-1.36.0/src/qpid/broker/QueueFlowLimit.cpp:79:qpid::broker::QueueFlowLimit::QueueFlowLimit: Queue "2f1ab97a-791d-4c89-b770-49cb26bcac2a:0.0": Flow limit created: flowStopCount=0, flowResumeCount=0, flowStopSize=83886080, flowResumeSize=73400320
2017-01-04 14:50:51 [Model] trace /space/software/mkqpid-cpp-1.36/src/qmf/org/apache/qpid/broker/Queue.cpp:86:qmf::org::apache::qpid::broker::Queue::Queue: Mgmt create queue. id:2f1ab97a-791d-4c89-b770-49cb26bcac2a:0.0
2017-01-04 14:50:51 [Broker] debug /space/software/qpid-cpp-1.36.0/src/qpid/broker/DirectExchange.cpp:78:qpid::broker::DirectExchange::bind: Bind key [2f1ab97a-791d-4c89-b770-49cb26bcac2a:0.0] to queue 2f1ab97a-791d-4c89-b770-49cb26bcac2a:0.0 (origin=)
2017-01-04 14:50:51 [Model] trace /space/software/mkqpid-cpp-1.36/src/qmf/org/apache/qpid/broker/Binding.cpp:69:qmf::org::apache::qpid::broker::Binding::Binding: Mgmt create binding. id:org.apache.qpid.broker:exchange:,org.apache.qpid.broker:queue:2f1ab97a-791d-4c89-b770-49cb26bcac2a:0.0,2f1ab97a-791d-4c89-b770-49cb26bcac2a:0.0
2017-01-04 14:50:51 [Model] debug /space/software/qpid-cpp-1.36.0/src/qpid/broker/Broker.cpp:1464:qpid::broker::Broker::createQueue: Create queue. name:2f1ab97a-791d-4c89-b770-49cb26bcac2a:0.0 user:dev-qpidclient@QPID rhost:qpid.[::1]:5672-[::1]:52470 durable:F owner:0x7fe24c030258 autodelete:T alternateExchange:
2017-01-04 14:50:51 [Broker] debug /space/software/qpid-cpp-1.36.0/src/qpid/SessionState.cpp:214:qpid::SessionState::receiverCompleted: dev-qpidclient@QPID.2f1ab97a-791d-4c89-b770-49cb26bcac2a:0: receiver marked completed: 1 incomplete: { } unknown-completed: { [0,1] }
2017-01-04 14:50:51 [Protocol] trace /space/software/qpid-cpp-1.36.0/src/qpid/amqp_0_10/Connection.cpp:58:qpid::amqp_0_10::Connection::decode: RECV [qpid.[::1]:5672-[::1]:52470]: Frame[BEbe; channel=0; {ExchangeBindBody: queue=2f1ab97a-791d-4c89-b770-49cb26bcac2a:0.0; exchange=qmf.default.topic; binding-key=direct.ec136a58-cbe0-45ae-8c0e-65e842ef0020; }]
2017-01-04 14:50:51 [Broker] trace /space/software/qpid-cpp-1.36.0/src/qpid/SessionState.cpp:200:qpid::SessionState::receiverRecord: dev-qpidclient@QPID.2f1ab97a-791d-4c89-b770-49cb26bcac2a:0: recv cmd 2: {ExchangeBindBody: queue=2f1ab97a-791d-4c89-b770-49cb26bcac2a:0.0; exchange=qmf.default.topic; binding-key=direct.ec136a58-cbe0-45ae-8c0e-65e842ef0020; }
2017-01-04 14:50:51 [Security] debug /space/software/qpid-cpp-1.36.0/src/qpid/acl/AclData.cpp:379:qpid::acl::AclData::lookup: ACL: Lookup for id:dev-qpidclient@QPID action:bind objectType:exchange name:qmf.default.topic with params { routingkey=direct.ec136a58-cbe0-45ae-8c0e-65e842ef0020 queuename=2f1ab97a-791d-4c89-b770-49cb26bcac2a:0.0 }
2017-01-04 14:50:51 [Security] debug /space/software/qpid-cpp-1.36.0/src/qpid/acl/AclData.cpp:418:qpid::acl::AclData::lookup: ACL: No successful match, defaulting to the decision mode allow
2017-01-04 14:50:51 [Model] trace /space/software/mkqpid-cpp-1.36/src/qmf/org/apache/qpid/broker/Binding.cpp:69:qmf::org::apache::qpid::broker::Binding::Binding: Mgmt create binding. id:org.apache.qpid.broker:exchange:qmf.default.topic,org.apache.qpid.broker:queue:2f1ab97a-791d-4c89-b770-49cb26bcac2a:0.0,direct.ec136a58-cbe0-45ae-8c0e-65e842ef0020
2017-01-04 14:50:51 [Broker] debug /space/software/qpid-cpp-1.36.0/src/qpid/broker/TopicExchange.cpp:191:qpid::broker::TopicExchange::bind: Binding key [direct.ec136a58-cbe0-45ae-8c0e-65e842ef0020] to queue 2f1ab97a-791d-4c89-b770-49cb26bcac2a:0.0 on exchange qmf.default.topic (origin=)
2017-01-04 14:50:51 [Model] debug /space/software/qpid-cpp-1.36.0/src/qpid/broker/Broker.cpp:1618:qpid::broker::Broker::bind: Create binding. exchange:qmf.default.topic queue:2f1ab97a-791d-4c89-b770-49cb26bcac2a:0.0 key:direct.ec136a58-cbe0-45ae-8c0e-65e842ef0020 arguments:{} user:dev-qpidclient@QPID rhost:qpid.[::1]:5672-[::1]:52470
2017-01-04 14:50:51 [Broker] debug /space/software/qpid-cpp-1.36.0/src/qpid/broker/SemanticState.cpp:844:qpid::broker::SemanticState::addBinding: SemanticState::addBinding [queue=2f1ab97a-791d-4c89-b770-49cb26bcac2a:0.0, exchange=qmf.default.topic, key=direct.ec136a58-cbe0-45ae-8c0e-65e842ef0020, args={}]
2017-01-04 14:50:51 [Broker] debug /space/software/qpid-cpp-1.36.0/src/qpid/SessionState.cpp:214:qpid::SessionState::receiverCompleted: dev-qpidclient@QPID.2f1ab97a-791d-4c89-b770-49cb26bcac2a:0: receiver marked completed: 2 incomplete: { } unknown-completed: { [0,2] }
2017-01-04 14:50:51 [Protocol] trace /space/software/qpid-cpp-1.36.0/src/qpid/amqp_0_10/Connection.cpp:58:qpid::amqp_0_10::Connection::decode: RECV [qpid.[::1]:5672-[::1]:52470]: Frame[BEbe; channel=0; {MessageSubscribeBody: queue=2f1ab97a-791d-4c89-b770-49cb26bcac2a:0.0; destination=0; accept-mode=1; acquire-mode=0; }]
2017-01-04 14:50:51 [Broker] trace /space/software/qpid-cpp-1.36.0/src/qpid/SessionState.cpp:200:qpid::SessionState::receiverRecord: dev-qpidclient@QPID.2f1ab97a-791d-4c89-b770-49cb26bcac2a:0: recv cmd 3: {MessageSubscribeBody: queue=2f1ab97a-791d-4c89-b770-49cb26bcac2a:0.0; destination=0; accept-mode=1; acquire-mode=0; }
2017-01-04 14:50:51 [Security] debug /space/software/qpid-cpp-1.36.0/src/qpid/acl/AclData.cpp:379:qpid::acl::AclData::lookup: ACL: Lookup for id:dev-qpidclient@QPID action:consume objectType:queue name:2f1ab97a-791d-4c89-b770-49cb26bcac2a:0.0 with params { }
2017-01-04 14:50:51 [Security] debug /space/software/qpid-cpp-1.36.0/src/qpid/acl/AclData.cpp:418:qpid::acl::AclData::lookup: ACL: No successful match, defaulting to the decision mode allow
...
And it (1.36.0) goes on to work:
ssl-examples$ ./show-examples-queue.sh
+ qpid-stat -q --broker amqps://dev-qpidclient@localhost:5672 --ssl-certificate=pki/client/certs/client-cert.pem --ssl-key=pki/client/private/client-keys.pem --sasl-mechanism=EXTERNAL
Enter PEM pass phrase:
Queues
queue dur autoDel excl msg msgIn msgOut bytes bytesIn bytesOut cons bind
=========================================================================================================================
019c5f5e-0330-4ea7-a38c-1a7022659310:0.0 Y Y 0 0 0 0 0 0 1 2
examples 0 0 0 0 0 0 0 1
I don't see any release notes or JIRA issues for 1.36.0 that point out problems or quirks in 1.35.0 for this - any ideas?
This is Fedora 23 Linux.
Thanks,
Jeff
Re: One SSL + SASL EXTERNAL queue creation works with qpidd 1.36.0
but not 1.35.0
Posted by Gordon Sim <gs...@redhat.com>.
On 04/01/17 23:08, Jeff Donner wrote:
> # The queue creation is run at this point (reminder)
> qpid-config --broker amqps://dev-qpidclient@localhost:5672 \
> --ssl-certificate=pki/client/certs/client-cert.pem \
> --ssl-key=pki/client/private/client-keys.pem \
> --sasl-mechanism=EXTERNAL \
> add queue examples
>
>
> 2017-01-04 13:24:55 [Network] trace /builddir/build/BUILD/qpid-cpp-1.35.0/src/qpid/sys/ssl/SslSocket.cpp:340:qpid::sys::ssl::SslMuxSocket::accept: Accepting connection with optional SSL wrapper.
> 2017-01-04 13:24:55 [Network] trace /builddir/build/BUILD/qpid-cpp-1.35.0/src/qpid/sys/ssl/SslSocket.cpp:345:qpid::sys::ssl::SslMuxSocket::accept: Accepted Plaintext connection.
The first thing that seems odd is that the log above suggests SSL is not
actually used whereas the later 1.36 trace shows an SSL connection being
accepted. The SslSocket.cpp code is identical between 1.35 and 1,36
however so not sure how the same client and command would result in
different behaviours (I'm assuming both are running on the same machine,
with the same nss cert dbs etc).
> 2017-01-04 13:24:55 [Network] debug /builddir/build/BUILD/qpid-cpp-1.35.0/src/qpid/sys/SocketTransport.cpp:51:qpid::sys::{anonymous}::establishedCommon: Set TCP_NODELAY on connection to [::1]:51976
> 2017-01-04 13:24:57 [System] debug /builddir/build/BUILD/qpid-cpp-1.35.0/src/qpid/sys/AsynchIOHandler.cpp:150:qpid::sys::AsynchIOHandler::readbuff: RECV [qpid.[::1]:5672-[::1]:51976]: INIT(1-0)
> 2017-01-04 13:24:57 [System] debug /builddir/build/BUILD/qpid-cpp-1.35.0/src/qpid/Exception.cpp:43:qpid::Exception::Exception: Exception constructed: SASL layer required!
> 2017-01-04 13:24:57 [System] error /builddir/build/BUILD/qpid-cpp-1.35.0/src/qpid/sys/AsynchIOHandler.cpp:164:qpid::sys::AsynchIOHandler::readbuff: SASL layer required!
This error suggests that the broker did not get the AMQP-SASL protocol
header frame that it expected. Again, not clear to me why that would be.
Are both brokers built against the same version of proton?
[...]
> I don't see any release notes or JIRA issues for 1.36.0 that point out problems or quirks in 1.35.0 for this - any ideas?
>
> This is Fedora 23 Linux.
Have you tried with the rpms?
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@qpid.apache.org
For additional commands, e-mail: users-help@qpid.apache.org
RE: One SSL + SASL EXTERNAL queue creation works with qpidd 1.36.0
but not 1.35.0
Posted by Jeff Donner <jd...@morphodetection.com>.
Doh. I'd modified qpidd 1.36 's
#define SSL_STREAM_MAX_WAIT_ms 20000 in SslSocket.cpp
to give me time to enter the encrypted PEM key's password when asked. (normally I think this is 25ms or so), and forgotten to do the same for 1.35. SSL timing out causes qpidd to fall back to plain text. With that change all is well.
I don't see a way to pass a filename /containing/ the key's password to qpid-config and qpid-stat - do I read that right? Should I submit a patch for this?
Thanks,
Jeff
________________________________________
From: Jeff Donner [jdonner@morphodetection.com]
Sent: Thursday, January 05, 2017 12:32 PM
To: users@qpid.apache.org
Subject: RE: One SSL + SASL EXTERNAL queue creation works with qpidd 1.36.0 but not 1.35.0
Yeah I noticed that 1.35 was doing plaintext. I'll look into why it does that and why it's going to 1.0, as you point out.
Thanks!
Jeff
________________________________________
From: Gordon Sim [gsim@redhat.com]
Sent: Thursday, January 05, 2017 12:17 PM
To: users@qpid.apache.org
Subject: Re: One SSL + SASL EXTERNAL queue creation works with qpidd 1.36.0 but not 1.35.0
On 04/01/17 23:08, Jeff Donner wrote:
> # The queue creation is run at this point (reminder)
> qpid-config --broker amqps://dev-qpidclient@localhost:5672 \
> --ssl-certificate=pki/client/certs/client-cert.pem \
> --ssl-key=pki/client/private/client-keys.pem \
> --sasl-mechanism=EXTERNAL \
> add queue examples
>
>
> 2017-01-04 13:24:55 [Network] trace /builddir/build/BUILD/qpid-cpp-1.35.0/src/qpid/sys/ssl/SslSocket.cpp:340:qpid::sys::ssl::SslMuxSocket::accept: Accepting connection with optional SSL wrapper.
> 2017-01-04 13:24:55 [Network] trace /builddir/build/BUILD/qpid-cpp-1.35.0/src/qpid/sys/ssl/SslSocket.cpp:345:qpid::sys::ssl::SslMuxSocket::accept: Accepted Plaintext connection.
> 2017-01-04 13:24:55 [Network] debug /builddir/build/BUILD/qpid-cpp-1.35.0/src/qpid/sys/SocketTransport.cpp:51:qpid::sys::{anonymous}::establishedCommon: Set TCP_NODELAY on connection to [::1]:51976
> 2017-01-04 13:24:57 [System] debug /builddir/build/BUILD/qpid-cpp-1.35.0/src/qpid/sys/AsynchIOHandler.cpp:150:qpid::sys::AsynchIOHandler::readbuff: RECV [qpid.[::1]:5672-[::1]:51976]: INIT(1-0)
> 2017-01-04 13:24:57 [System] debug /builddir/build/BUILD/qpid-cpp-1.35.0/src/qpid/Exception.cpp:43:qpid::Exception::Exception: Exception constructed: SASL layer required!
> 2017-01-04 13:24:57 [System] error /builddir/build/BUILD/qpid-cpp-1.35.0/src/qpid/sys/AsynchIOHandler.cpp:164:qpid::sys::AsynchIOHandler::readbuff: SASL layer required!
Another odd thing..., the protocol header in the trace is for 1.0 (not
0-10 like in the 1.36 trace) and indeed I believe the error thrown would
only be thrown on the 1.0 codepath.
I don't think this trace can correspond to the qpid-config connection,
since the client that tool is based on speaks 0-10 only.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@qpid.apache.org
For additional commands, e-mail: users-help@qpid.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@qpid.apache.org
For additional commands, e-mail: users-help@qpid.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@qpid.apache.org
For additional commands, e-mail: users-help@qpid.apache.org
RE: One SSL + SASL EXTERNAL queue creation works with qpidd 1.36.0
but not 1.35.0
Posted by Jeff Donner <jd...@morphodetection.com>.
Yeah I noticed that 1.35 was doing plaintext. I'll look into why it does that and why it's going to 1.0, as you point out.
Thanks!
Jeff
________________________________________
From: Gordon Sim [gsim@redhat.com]
Sent: Thursday, January 05, 2017 12:17 PM
To: users@qpid.apache.org
Subject: Re: One SSL + SASL EXTERNAL queue creation works with qpidd 1.36.0 but not 1.35.0
On 04/01/17 23:08, Jeff Donner wrote:
> # The queue creation is run at this point (reminder)
> qpid-config --broker amqps://dev-qpidclient@localhost:5672 \
> --ssl-certificate=pki/client/certs/client-cert.pem \
> --ssl-key=pki/client/private/client-keys.pem \
> --sasl-mechanism=EXTERNAL \
> add queue examples
>
>
> 2017-01-04 13:24:55 [Network] trace /builddir/build/BUILD/qpid-cpp-1.35.0/src/qpid/sys/ssl/SslSocket.cpp:340:qpid::sys::ssl::SslMuxSocket::accept: Accepting connection with optional SSL wrapper.
> 2017-01-04 13:24:55 [Network] trace /builddir/build/BUILD/qpid-cpp-1.35.0/src/qpid/sys/ssl/SslSocket.cpp:345:qpid::sys::ssl::SslMuxSocket::accept: Accepted Plaintext connection.
> 2017-01-04 13:24:55 [Network] debug /builddir/build/BUILD/qpid-cpp-1.35.0/src/qpid/sys/SocketTransport.cpp:51:qpid::sys::{anonymous}::establishedCommon: Set TCP_NODELAY on connection to [::1]:51976
> 2017-01-04 13:24:57 [System] debug /builddir/build/BUILD/qpid-cpp-1.35.0/src/qpid/sys/AsynchIOHandler.cpp:150:qpid::sys::AsynchIOHandler::readbuff: RECV [qpid.[::1]:5672-[::1]:51976]: INIT(1-0)
> 2017-01-04 13:24:57 [System] debug /builddir/build/BUILD/qpid-cpp-1.35.0/src/qpid/Exception.cpp:43:qpid::Exception::Exception: Exception constructed: SASL layer required!
> 2017-01-04 13:24:57 [System] error /builddir/build/BUILD/qpid-cpp-1.35.0/src/qpid/sys/AsynchIOHandler.cpp:164:qpid::sys::AsynchIOHandler::readbuff: SASL layer required!
Another odd thing..., the protocol header in the trace is for 1.0 (not
0-10 like in the 1.36 trace) and indeed I believe the error thrown would
only be thrown on the 1.0 codepath.
I don't think this trace can correspond to the qpid-config connection,
since the client that tool is based on speaks 0-10 only.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@qpid.apache.org
For additional commands, e-mail: users-help@qpid.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@qpid.apache.org
For additional commands, e-mail: users-help@qpid.apache.org
Re: One SSL + SASL EXTERNAL queue creation works with qpidd 1.36.0
but not 1.35.0
Posted by Gordon Sim <gs...@redhat.com>.
On 04/01/17 23:08, Jeff Donner wrote:
> # The queue creation is run at this point (reminder)
> qpid-config --broker amqps://dev-qpidclient@localhost:5672 \
> --ssl-certificate=pki/client/certs/client-cert.pem \
> --ssl-key=pki/client/private/client-keys.pem \
> --sasl-mechanism=EXTERNAL \
> add queue examples
>
>
> 2017-01-04 13:24:55 [Network] trace /builddir/build/BUILD/qpid-cpp-1.35.0/src/qpid/sys/ssl/SslSocket.cpp:340:qpid::sys::ssl::SslMuxSocket::accept: Accepting connection with optional SSL wrapper.
> 2017-01-04 13:24:55 [Network] trace /builddir/build/BUILD/qpid-cpp-1.35.0/src/qpid/sys/ssl/SslSocket.cpp:345:qpid::sys::ssl::SslMuxSocket::accept: Accepted Plaintext connection.
> 2017-01-04 13:24:55 [Network] debug /builddir/build/BUILD/qpid-cpp-1.35.0/src/qpid/sys/SocketTransport.cpp:51:qpid::sys::{anonymous}::establishedCommon: Set TCP_NODELAY on connection to [::1]:51976
> 2017-01-04 13:24:57 [System] debug /builddir/build/BUILD/qpid-cpp-1.35.0/src/qpid/sys/AsynchIOHandler.cpp:150:qpid::sys::AsynchIOHandler::readbuff: RECV [qpid.[::1]:5672-[::1]:51976]: INIT(1-0)
> 2017-01-04 13:24:57 [System] debug /builddir/build/BUILD/qpid-cpp-1.35.0/src/qpid/Exception.cpp:43:qpid::Exception::Exception: Exception constructed: SASL layer required!
> 2017-01-04 13:24:57 [System] error /builddir/build/BUILD/qpid-cpp-1.35.0/src/qpid/sys/AsynchIOHandler.cpp:164:qpid::sys::AsynchIOHandler::readbuff: SASL layer required!
Another odd thing..., the protocol header in the trace is for 1.0 (not
0-10 like in the 1.36 trace) and indeed I believe the error thrown would
only be thrown on the 1.0 codepath.
I don't think this trace can correspond to the qpid-config connection,
since the client that tool is based on speaks 0-10 only.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@qpid.apache.org
For additional commands, e-mail: users-help@qpid.apache.org