You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@qpid.apache.org by kg...@apache.org on 2010/01/29 00:01:12 UTC
svn commit: r904293 - in /qpid/trunk/qpid/cpp/src: qpid/broker/SaslAuthenticator.cpp tests/ssl_test

Author: kgiusti
Date: Thu Jan 28 23:01:12 2010
New Revision: 904293

URL: http://svn.apache.org/viewvc?rev=904293&view=rev
Log:
QPID-2374: Null authenticator now checks for SSL if --encryption-required specified

Modified:
    qpid/trunk/qpid/cpp/src/qpid/broker/SaslAuthenticator.cpp
    qpid/trunk/qpid/cpp/src/tests/ssl_test

Modified: qpid/trunk/qpid/cpp/src/qpid/broker/SaslAuthenticator.cpp
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/cpp/src/qpid/broker/SaslAuthenticator.cpp?rev=904293&r1=904292&r2=904293&view=diff
==============================================================================
--- qpid/trunk/qpid/cpp/src/qpid/broker/SaslAuthenticator.cpp (original)
+++ qpid/trunk/qpid/cpp/src/qpid/broker/SaslAuthenticator.cpp Thu Jan 28 23:01:12 2010
@@ -148,8 +148,13 @@
 void NullAuthenticator::start(const string& mechanism, const string& response)
 {
     if (encrypt) {
-        QPID_LOG(error, "Rejected un-encrypted connection.");
-        throw ConnectionForcedException("Connection must be encrypted.");
+        // encryption required - check to see if we are running over an
+        // encrypted SSL connection.
+        sasl_ssf_t external_ssf = (sasl_ssf_t) connection.getSSF();
+        if (external_ssf < 1) {   // < 1 == unencrypted
+            QPID_LOG(error, "Rejected un-encrypted connection.");
+            throw ConnectionForcedException("Connection must be encrypted.");
+        }
     }
     if (mechanism == "PLAIN") { // Old behavior
         if (response.size() > 0) {

Modified: qpid/trunk/qpid/cpp/src/tests/ssl_test
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/cpp/src/tests/ssl_test?rev=904293&r1=904292&r2=904293&view=diff
==============================================================================
--- qpid/trunk/qpid/cpp/src/tests/ssl_test (original)
+++ qpid/trunk/qpid/cpp/src/tests/ssl_test Thu Jan 28 23:01:12 2010
@@ -46,7 +46,7 @@
 }
 
 start_broker() {
-    PORT=`../qpidd --daemon --transport ssl --port 0 --ssl-port 0 --no-data-dir --no-module-dir --auth no --config $CONFIG --load-module $SSL_LIB --ssl-cert-db $CERT_DIR --ssl-cert-password-file $CERT_PW_FILE --ssl-cert-name $TEST_HOSTNAME`
+    PORT=`../qpidd --daemon --transport ssl --port 0 --ssl-port 0 --no-data-dir --no-module-dir --auth no --config $CONFIG --load-module $SSL_LIB --ssl-cert-db $CERT_DIR --ssl-cert-password-file $CERT_PW_FILE --ssl-cert-name $TEST_HOSTNAME --require-encryption`
 }
 
 stop_broker() {



---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project:      http://qpid.apache.org
Use/Interact: mailto:commits-subscribe@qpid.apache.org