Qpid
  1. Qpid
  2. QPID-2374

qpidd: --require-encryption with "--auth no" will reject SSL connections as being "un-encrypted"

    Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 0.7
    • Component/s: C++ Broker
    • Labels:
      None

      Description

      Running qpidd with "-auth no" and "-require-encryption" will reject SSL-based encrypted connections.

      Running qpidd like so:

      $ ./qpidd --auth no --require-encryption --transport ssl --no-data-dir --no-module-dir --load-module ./.libs/ssl.so --ssl-cert-db /home/kgiusti/.test_ssl_cert_db/test_cert_db --ssl-cert-password-file /home/kgiusti/.test_ssl_cert_db/cert.password --ssl-cert-name localhost.localdomain
      2010-01-28 10:11:35 notice SASL disabled: No Authentication Performed
      2010-01-28 10:11:35 notice Listening on TCP port 5672
      2010-01-28 10:11:35 notice Listening for SSL connections on TCP port 5671
      5671
      2010-01-28 10:11:35 notice Broker running

      And running perftest using SSL:

      $ export QPID_NO_MODULE_DIR=1
      $ export QPID_LOAD_MODULE=./.libs/sslconnector.so
      $ export QPID_SSL_CERT_DB=/home/kgiusti/.test_ssl_cert_db/test_cert_db
      $ export QPID_SSL_CERT_PASSWORD_FILE=/home/kgiusti/.test_ssl_cert_db/cert.password
      $ ./tests/perftest --count 1 -P ssl -b localhost.localdomain --summary --port 5671

      The connection is rejected, and the broker logs:

      2010-01-28 10:13:18 error Rejected un-encrypted connection.

      I think the proper behavior would have the broker allow encrypted SSL connections, even if --auth no.

        Activity

        Ken Giusti created issue -
        Hide
        Ken Giusti added a comment -

        --auth no and --require-encryption will now correctly identify TSL connections and accept them.

        Show
        Ken Giusti added a comment - --auth no and --require-encryption will now correctly identify TSL connections and accept them.
        Ken Giusti made changes -
        Field Original Value New Value
        Status Open [ 1 ] Resolved [ 5 ]
        Resolution Fixed [ 1 ]
        Ken Giusti made changes -
        Fix Version/s 0.7 [ 12314455 ]
        Justin Ross made changes -
        Status Resolved [ 5 ] Closed [ 6 ]
        Hide
        ASF subversion and git services added a comment -

        Commit 1633904 from Gordon Sim in branch 'qpid/trunk'
        [ https://svn.apache.org/r1633904 ]

        QPID-2374: Ensure --require-encryption works as expected for ssl even when sasl support libs are not available

        Show
        ASF subversion and git services added a comment - Commit 1633904 from Gordon Sim in branch 'qpid/trunk' [ https://svn.apache.org/r1633904 ] QPID-2374 : Ensure --require-encryption works as expected for ssl even when sasl support libs are not available
        Transition Time In Source Status Execution Times Last Executer Last Execution Date
        Open Open Resolved Resolved
        20h 41m 1 Ken Giusti 29/Jan/10 14:48
        Resolved Resolved Closed Closed
        1277d 4h 4m 1 Justin Ross 29/Jul/13 18:53

          People

          • Assignee:
            Ken Giusti
            Reporter:
            Ken Giusti
          • Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development