Qpid
  1. Qpid
  2. QPID-2374

qpidd: --require-encryption with "--auth no" will reject SSL connections as being "un-encrypted"

    Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 0.7
    • Component/s: C++ Broker
    • Labels:
      None

      Description

      Running qpidd with "-auth no" and "-require-encryption" will reject SSL-based encrypted connections.

      Running qpidd like so:

      $ ./qpidd --auth no --require-encryption --transport ssl --no-data-dir --no-module-dir --load-module ./.libs/ssl.so --ssl-cert-db /home/kgiusti/.test_ssl_cert_db/test_cert_db --ssl-cert-password-file /home/kgiusti/.test_ssl_cert_db/cert.password --ssl-cert-name localhost.localdomain
      2010-01-28 10:11:35 notice SASL disabled: No Authentication Performed
      2010-01-28 10:11:35 notice Listening on TCP port 5672
      2010-01-28 10:11:35 notice Listening for SSL connections on TCP port 5671
      5671
      2010-01-28 10:11:35 notice Broker running

      And running perftest using SSL:

      $ export QPID_NO_MODULE_DIR=1
      $ export QPID_LOAD_MODULE=./.libs/sslconnector.so
      $ export QPID_SSL_CERT_DB=/home/kgiusti/.test_ssl_cert_db/test_cert_db
      $ export QPID_SSL_CERT_PASSWORD_FILE=/home/kgiusti/.test_ssl_cert_db/cert.password
      $ ./tests/perftest --count 1 -P ssl -b localhost.localdomain --summary --port 5671

      The connection is rejected, and the broker logs:

      2010-01-28 10:13:18 error Rejected un-encrypted connection.

      I think the proper behavior would have the broker allow encrypted SSL connections, even if --auth no.

        Activity

        Hide
        Ken Giusti added a comment -

        --auth no and --require-encryption will now correctly identify TSL connections and accept them.

        Show
        Ken Giusti added a comment - --auth no and --require-encryption will now correctly identify TSL connections and accept them.

          People

          • Assignee:
            Ken Giusti
            Reporter:
            Ken Giusti
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development