You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@qpid.apache.org by "Gordon Sim (JIRA)" <ji...@apache.org> on 2014/06/04 15:17:02 UTC
[jira] [Resolved] (QPID-5788) Delay initialization of NSS library
until the creation of first SSL connection.
[ https://issues.apache.org/jira/browse/QPID-5788?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Gordon Sim resolved QPID-5788.
------------------------------
Resolution: Fixed
Fix Version/s: 0.29
> Delay initialization of NSS library until the creation of first SSL connection.
> -------------------------------------------------------------------------------
>
> Key: QPID-5788
> URL: https://issues.apache.org/jira/browse/QPID-5788
> Project: Qpid
> Issue Type: Bug
> Components: C++ Client
> Affects Versions: 0.28
> Reporter: Hari Pyla
> Assignee: Gordon Sim
> Fix For: 0.29
>
>
> There are two issues here:
> ===Issue 1===
> When a qpid C++ client sets the SSL client environment variables programmatically prior(in program order) to opening a connection, qpid seems to ignore the environment variables. This issue was reported to the mailing list. Please find it at http://mail-archives.apache.org/mod_mbox/qpid-users/201405.mbox/%3C5374D926.3000501@vt.edu%3E
> A simple example to reproduce this issue:
> ===source===
> #include <qpid/messaging/Connection.h>
> #include <cstdlib>
> #include <iostream>
> #include <stdlib.h>
> using namespace qpid::messaging;
> int main()
> {
> const char* url = "localhost:5671";
> std::string connectionOptions = "{username:admin,password:admin,transport:ssl}";
> setenv("QPID_SSL_CERT_NAME", "QpidCppClient", 1);
> setenv("QPID_SSL_CERT_DB", "/tmp/test/client_db", 1);
> setenv("QPID_SSL_CERT_PASSWORD_FILE", "/tmp/test/qpid-client-pfile", 1);
> Connection connection(url, connectionOptions);
> try
> {
> connection.open();
> }
> catch (const std::exception& e)
> {
> std::cout << e.what() << "\n";
> return (-1);
> }
> connection.close();
> return 0;
> }
> ===compilation===
> g++ -o test test.cpp -lqpidmessaging
> ===error message===
> Unknown protocol: ssl (/builddir/build/BUILD/qpid-0.28-rc2/cpp/src/qpid/client/Connector.cpp:52)
> Gordon responded to this issue at http://mail-archives.apache.org/mod_mbox/qpid-users/201405.mbox/%3C5379D276.3040609@redhat.com%3E
> This method of initialization has another side-effect and leads to the following:
> ===Issue 2===
> Due to this early initialization, the qid C++ precludes creating multiple processes which in turn can create connections to the broker. See below example.
> ===example===
> #include <qpid/messaging/Connection.h>
> #include<cstdlib>
> #include<iostream>
> #include<stdlib.h>
> using namespace qpid::messaging;
> int foo()
> {
> const char* url = "localhost:5672";
> std::string connectionOptions =
> "{username:test,password:test,transport:ssl}";
> Connection connection(url, connectionOptions);
> try
> {
> connection.open();
> }
> catch (const std::exception& e)
> {
> std::cout << e.what() << "\n";
> }
> connection.close();
> return 0;
> }
> int main()
> {
> int retval = -1;
> retval = fork();
> if (retval == 0)
> foo();
> else
> sleep(5);
> return 0;
> }
> ===error message===
> On C++ qpid broker:
> May 26 20:50:00 qa1 qpidd[21500]: 2014-05-26 20:50:00 [System] error
> Error reading socket: Success(0)
> On C++ qpid client:
> 2014-05-26 20:50:00 [Security] warning Connect failed: Failed: NSS error
> [-8023]
> (/builddir/build/BUILD/qpid-0.28-rc2/cpp/src/qpid/sys/ssl/SslSocket.cpp:156)
> 2014-05-26 20:50:00 [Client] warning Connection closed
> This issue has been reported at http://mail-archives.apache.org/mod_mbox/qpid-users/201405.mbox/%3C5383E31E.6020506@vt.edu%3E
> and Gordon's response to it is at http://mail-archives.apache.org/mod_mbox/qpid-users/201405.mbox/%3C53845426.6090400@redhat.com%3E
--
This message was sent by Atlassian JIRA
(v6.2#6252)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@qpid.apache.org
For additional commands, e-mail: dev-help@qpid.apache.org