You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@qpid.apache.org by "ASF subversion and git services (JIRA)" <ji...@apache.org> on 2014/10/23 20:07:33 UTC

[jira] [Commented] (QPID-2374) qpidd: --require-encryption with "--auth no" will reject SSL connections as being "un-encrypted"

    [ https://issues.apache.org/jira/browse/QPID-2374?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14181670#comment-14181670 ] 

ASF subversion and git services commented on QPID-2374:
-------------------------------------------------------

Commit 1633904 from [~gsim] in branch 'qpid/trunk'
[ https://svn.apache.org/r1633904 ]

QPID-2374: Ensure --require-encryption works as expected for ssl even when sasl support libs are not available

> qpidd: --require-encryption with "--auth no" will reject SSL connections as being "un-encrypted" 
> -------------------------------------------------------------------------------------------------
>
>                 Key: QPID-2374
>                 URL: https://issues.apache.org/jira/browse/QPID-2374
>             Project: Qpid
>          Issue Type: Bug
>          Components: C++ Broker
>            Reporter: Ken Giusti
>            Assignee: Ken Giusti
>             Fix For: 0.7
>
>
> Running qpidd with "--auth no" and "--require-encryption" will reject SSL-based encrypted connections.
> Running qpidd like so:
> $ ./qpidd --auth no --require-encryption --transport ssl --no-data-dir --no-module-dir --load-module ./.libs/ssl.so  --ssl-cert-db /home/kgiusti/.test_ssl_cert_db/test_cert_db  --ssl-cert-password-file /home/kgiusti/.test_ssl_cert_db/cert.password  --ssl-cert-name localhost.localdomain
> 2010-01-28 10:11:35 notice SASL disabled: No Authentication Performed
> 2010-01-28 10:11:35 notice Listening on TCP port 5672
> 2010-01-28 10:11:35 notice Listening for SSL connections on TCP port 5671
> 5671
> 2010-01-28 10:11:35 notice Broker running
> And running perftest using SSL:
> $ export QPID_NO_MODULE_DIR=1
> $ export QPID_LOAD_MODULE=./.libs/sslconnector.so
> $ export QPID_SSL_CERT_DB=/home/kgiusti/.test_ssl_cert_db/test_cert_db
> $ export QPID_SSL_CERT_PASSWORD_FILE=/home/kgiusti/.test_ssl_cert_db/cert.password
> $ ./tests/perftest --count 1 -P ssl -b localhost.localdomain --summary --port 5671
> The connection is rejected, and the broker logs:
> 2010-01-28 10:13:18 error Rejected un-encrypted connection.
> I think the proper behavior would have the broker allow encrypted SSL connections, even if --auth no.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@qpid.apache.org
For additional commands, e-mail: dev-help@qpid.apache.org