ActiveMQ C++ Client
  1. ActiveMQ C++ Client
  2. AMQCPP-505

For SSL connections ensure the SNI field is set.

    Details

    • Type: Bug Bug
    • Status: Resolved
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: 3.7.0
    • Fix Version/s: 3.8.0
    • Component/s: Transports
    • Labels:
      None

      Description

      Provide a way in the Decaf OpenSSL implementation to set the SNI field and then ensure it gets set in the SSL transport layer.

        Activity

        Hide
        Timothy Bish added a comment -

        Uses the SSL_set_tlsext_host_name() method we now propagate the host value from the URI down to the SSL socket to configure the SNI field.

        Show
        Timothy Bish added a comment - Uses the SSL_set_tlsext_host_name() method we now propagate the host value from the URI down to the SSL socket to configure the SNI field.
        Hide
        Hongyu Xiong added a comment -

        Hi Timothy, when I compile ActiveMQ-cpp, it shows the error message."OpenSSLSocket.cpp:367: error: 'SSL_set_tlsext_host_name' was not declared in this scope"

        In this environment, openssl-1.0.1e is installed, and I find the macro "SSL_set_tlsext_host_name" is declared in file /usr/include/openssl/tls1.h

        Is the tls1.h should be included to OpenSSLSocket.cpp?
        =====================================
        /bin/sh ../../libtool --tag=CXX --mode=compile g++ -DHAVE_CONFIG_H -I. -I../.. -ansi -pedantic -DLINUX -D_REENTRANT -D_GNU_SOURCE -I/usr/local/apr/include/apr-1 -I/usr/kerberos/include -W -Wall -Wextra -Wconversion -fPIC -fstrict-aliasing -Wstrict-aliasing=2 -Wno-long-long -g -O2 -pthread -MT decaf/internal/net/ssl/openssl/libactivemq_cpp_la-OpenSSLSocket.lo -MD -MP -MF decaf/internal/net/ssl/openssl/.deps/libactivemq_cpp_la-OpenSSLSocket.Tpo -c -o decaf/internal/net/ssl/openssl/libactivemq_cpp_la-OpenSSLSocket.lo `test -f 'decaf/internal/net/ssl/openssl/OpenSSLSocket.cpp' || echo './'`decaf/internal/net/ssl/openssl/OpenSSLSocket.cpp
        libtool: compile: g++ -DHAVE_CONFIG_H -I. -I../.. -ansi -pedantic -DLINUX -D_REENTRANT -D_GNU_SOURCE -I/usr/local/apr/include/apr-1 -I/usr/kerberos/include -W -Wall -Wextra -Wconversion -fPIC -fstrict-aliasing -Wstrict-aliasing=2 -Wno-long-long -g -O2 -pthread -MT decaf/internal/net/ssl/openssl/libactivemq_cpp_la-OpenSSLSocket.lo -MD -MP -MF decaf/internal/net/ssl/openssl/.deps/libactivemq_cpp_la-OpenSSLSocket.Tpo -c decaf/internal/net/ssl/openssl/OpenSSLSocket.cpp -fPIC -DPIC -o decaf/internal/net/ssl/openssl/.libs/libactivemq_cpp_la-OpenSSLSocket.o
        decaf/internal/net/ssl/openssl/OpenSSLSocket.cpp: In member function 'virtual void decaf::internal::net::ssl::openssl::OpenSSLSocket::startHandshake()':
        decaf/internal/net/ssl/openssl/OpenSSLSocket.cpp:367: error: 'SSL_set_tlsext_host_name' was not declared in this scope
        make: *** [decaf/internal/net/ssl/openssl/libactivemq_cpp_la-OpenSSLSocket.lo] Error 1
        =========================

        Show
        Hongyu Xiong added a comment - Hi Timothy, when I compile ActiveMQ-cpp, it shows the error message."OpenSSLSocket.cpp:367: error: 'SSL_set_tlsext_host_name' was not declared in this scope" In this environment, openssl-1.0.1e is installed, and I find the macro "SSL_set_tlsext_host_name" is declared in file /usr/include/openssl/tls1.h Is the tls1.h should be included to OpenSSLSocket.cpp? ===================================== /bin/sh ../../libtool --tag=CXX --mode=compile g++ -DHAVE_CONFIG_H -I. -I../.. -ansi -pedantic -DLINUX -D_REENTRANT -D_GNU_SOURCE -I/usr/local/apr/include/apr-1 -I/usr/kerberos/include -W -Wall -Wextra -Wconversion -fPIC -fstrict-aliasing -Wstrict-aliasing=2 -Wno-long-long -g -O2 -pthread -MT decaf/internal/net/ssl/openssl/libactivemq_cpp_la-OpenSSLSocket.lo -MD -MP -MF decaf/internal/net/ssl/openssl/.deps/libactivemq_cpp_la-OpenSSLSocket.Tpo -c -o decaf/internal/net/ssl/openssl/libactivemq_cpp_la-OpenSSLSocket.lo `test -f 'decaf/internal/net/ssl/openssl/OpenSSLSocket.cpp' || echo './'`decaf/internal/net/ssl/openssl/OpenSSLSocket.cpp libtool: compile: g++ -DHAVE_CONFIG_H -I. -I../.. -ansi -pedantic -DLINUX -D_REENTRANT -D_GNU_SOURCE -I/usr/local/apr/include/apr-1 -I/usr/kerberos/include -W -Wall -Wextra -Wconversion -fPIC -fstrict-aliasing -Wstrict-aliasing=2 -Wno-long-long -g -O2 -pthread -MT decaf/internal/net/ssl/openssl/libactivemq_cpp_la-OpenSSLSocket.lo -MD -MP -MF decaf/internal/net/ssl/openssl/.deps/libactivemq_cpp_la-OpenSSLSocket.Tpo -c decaf/internal/net/ssl/openssl/OpenSSLSocket.cpp -fPIC -DPIC -o decaf/internal/net/ssl/openssl/.libs/libactivemq_cpp_la-OpenSSLSocket.o decaf/internal/net/ssl/openssl/OpenSSLSocket.cpp: In member function 'virtual void decaf::internal::net::ssl::openssl::OpenSSLSocket::startHandshake()': decaf/internal/net/ssl/openssl/OpenSSLSocket.cpp:367: error: 'SSL_set_tlsext_host_name' was not declared in this scope make: *** [decaf/internal/net/ssl/openssl/libactivemq_cpp_la-OpenSSLSocket.lo] Error 1 =========================
        Hide
        Timothy Bish added a comment -

        Works fine with older versions, I'm on 1.0.1c so you should investigate if something has changed in that newer release.

        Show
        Timothy Bish added a comment - Works fine with older versions, I'm on 1.0.1c so you should investigate if something has changed in that newer release.
        Hide
        Timothy Bish added a comment -

        Added the

        tls1.h

        header to trunk and 3.8.x versions of OpenSSLSocket.cpp

        Show
        Timothy Bish added a comment - Added the tls1.h header to trunk and 3.8.x versions of OpenSSLSocket.cpp

          People

          • Assignee:
            Timothy Bish
            Reporter:
            Timothy Bish
          • Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development