You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@qpid.apache.org by kg...@apache.org on 2010/01/29 00:01:12 UTC
svn commit: r904293 - in /qpid/trunk/qpid/cpp/src:
qpid/broker/SaslAuthenticator.cpp tests/ssl_test
Author: kgiusti
Date: Thu Jan 28 23:01:12 2010
New Revision: 904293
URL: http://svn.apache.org/viewvc?rev=904293&view=rev
Log:
QPID-2374: Null authenticator now checks for SSL if --encryption-required specified
Modified:
qpid/trunk/qpid/cpp/src/qpid/broker/SaslAuthenticator.cpp
qpid/trunk/qpid/cpp/src/tests/ssl_test
Modified: qpid/trunk/qpid/cpp/src/qpid/broker/SaslAuthenticator.cpp
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/cpp/src/qpid/broker/SaslAuthenticator.cpp?rev=904293&r1=904292&r2=904293&view=diff
==============================================================================
--- qpid/trunk/qpid/cpp/src/qpid/broker/SaslAuthenticator.cpp (original)
+++ qpid/trunk/qpid/cpp/src/qpid/broker/SaslAuthenticator.cpp Thu Jan 28 23:01:12 2010
@@ -148,8 +148,13 @@
void NullAuthenticator::start(const string& mechanism, const string& response)
{
if (encrypt) {
- QPID_LOG(error, "Rejected un-encrypted connection.");
- throw ConnectionForcedException("Connection must be encrypted.");
+ // encryption required - check to see if we are running over an
+ // encrypted SSL connection.
+ sasl_ssf_t external_ssf = (sasl_ssf_t) connection.getSSF();
+ if (external_ssf < 1) { // < 1 == unencrypted
+ QPID_LOG(error, "Rejected un-encrypted connection.");
+ throw ConnectionForcedException("Connection must be encrypted.");
+ }
}
if (mechanism == "PLAIN") { // Old behavior
if (response.size() > 0) {
Modified: qpid/trunk/qpid/cpp/src/tests/ssl_test
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/cpp/src/tests/ssl_test?rev=904293&r1=904292&r2=904293&view=diff
==============================================================================
--- qpid/trunk/qpid/cpp/src/tests/ssl_test (original)
+++ qpid/trunk/qpid/cpp/src/tests/ssl_test Thu Jan 28 23:01:12 2010
@@ -46,7 +46,7 @@
}
start_broker() {
- PORT=`../qpidd --daemon --transport ssl --port 0 --ssl-port 0 --no-data-dir --no-module-dir --auth no --config $CONFIG --load-module $SSL_LIB --ssl-cert-db $CERT_DIR --ssl-cert-password-file $CERT_PW_FILE --ssl-cert-name $TEST_HOSTNAME`
+ PORT=`../qpidd --daemon --transport ssl --port 0 --ssl-port 0 --no-data-dir --no-module-dir --auth no --config $CONFIG --load-module $SSL_LIB --ssl-cert-db $CERT_DIR --ssl-cert-password-file $CERT_PW_FILE --ssl-cert-name $TEST_HOSTNAME --require-encryption`
}
stop_broker() {
---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project: http://qpid.apache.org
Use/Interact: mailto:commits-subscribe@qpid.apache.org