You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@qpid.apache.org by "Hari Pyla (JIRA)" <ji...@apache.org> on 2014/05/27 15:30:03 UTC
[jira] [Created] (QPID-5788) Delay initialization of NSS library
until the creation of first SSL connection.
Hari Pyla created QPID-5788:
-------------------------------
Summary: Delay initialization of NSS library until the creation of first SSL connection.
Key: QPID-5788
URL: https://issues.apache.org/jira/browse/QPID-5788
Project: Qpid
Issue Type: Bug
Components: C++ Client
Affects Versions: 0.28
Reporter: Hari Pyla
There are two issues here:
===Issue 1===
When a qpid C++ client sets the SSL client environment variables programmatically prior(in program order) to opening a connection, qpid seems to ignore the environment variables. This issue was reported to the mailing list. Please find it at http://mail-archives.apache.org/mod_mbox/qpid-users/201405.mbox/%3C5374D926.3000501@vt.edu%3E
A simple example to reproduce this issue:
===source===
#include <qpid/messaging/Connection.h>
#include <cstdlib>
#include <iostream>
#include <stdlib.h>
using namespace qpid::messaging;
int main()
{
const char* url = "localhost:5671";
std::string connectionOptions = "{username:admin,password:admin,transport:ssl}";
setenv("QPID_SSL_CERT_NAME", "QpidCppClient", 1);
setenv("QPID_SSL_CERT_DB", "/tmp/test/client_db", 1);
setenv("QPID_SSL_CERT_PASSWORD_FILE", "/tmp/test/qpid-client-pfile", 1);
Connection connection(url, connectionOptions);
try
{
connection.open();
}
catch (const std::exception& e)
{
std::cout << e.what() << "\n";
return (-1);
}
connection.close();
return 0;
}
===compilation===
g++ -o test test.cpp -lqpidmessaging
===error message===
Unknown protocol: ssl (/builddir/build/BUILD/qpid-0.28-rc2/cpp/src/qpid/client/Connector.cpp:52)
Gordon responded to this issue at http://mail-archives.apache.org/mod_mbox/qpid-users/201405.mbox/%3C5379D276.3040609@redhat.com%3E
This method of initialization has another side-effect and leads to the following:
===Issue 2===
Due to this early initialization, the qid C++ precludes creating multiple processes which in turn can create connections to the broker. See below example.
===example===
#include <qpid/messaging/Connection.h>
#include<cstdlib>
#include<iostream>
#include<stdlib.h>
using namespace qpid::messaging;
int foo()
{
const char* url = "localhost:5672";
std::string connectionOptions =
"{username:test,password:test,transport:ssl}";
Connection connection(url, connectionOptions);
try
{
connection.open();
}
catch (const std::exception& e)
{
std::cout << e.what() << "\n";
}
connection.close();
return 0;
}
int main()
{
int retval = -1;
retval = fork();
if (retval == 0)
foo();
else
sleep(5);
return 0;
}
===error message===
On C++ qpid broker:
May 26 20:50:00 qa1 qpidd[21500]: 2014-05-26 20:50:00 [System] error
Error reading socket: Success(0)
On C++ qpid client:
2014-05-26 20:50:00 [Security] warning Connect failed: Failed: NSS error
[-8023]
(/builddir/build/BUILD/qpid-0.28-rc2/cpp/src/qpid/sys/ssl/SslSocket.cpp:156)
2014-05-26 20:50:00 [Client] warning Connection closed
This issue has been reported at http://mail-archives.apache.org/mod_mbox/qpid-users/201405.mbox/%3C5383E31E.6020506@vt.edu%3E
and Gordon's response to it is at http://mail-archives.apache.org/mod_mbox/qpid-users/201405.mbox/%3C53845426.6090400@redhat.com%3E
--
This message was sent by Atlassian JIRA
(v6.2#6252)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@qpid.apache.org
For additional commands, e-mail: dev-help@qpid.apache.org