Uploaded image for project: 'Qpid'
  1. Qpid
  2. QPID-2374

qpidd: --require-encryption with "--auth no" will reject SSL connections as being "un-encrypted"

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 0.7
    • Component/s: C++ Broker
    • Labels:
      None

      Description

      Running qpidd with "-auth no" and "-require-encryption" will reject SSL-based encrypted connections.

      Running qpidd like so:

      $ ./qpidd --auth no --require-encryption --transport ssl --no-data-dir --no-module-dir --load-module ./.libs/ssl.so --ssl-cert-db /home/kgiusti/.test_ssl_cert_db/test_cert_db --ssl-cert-password-file /home/kgiusti/.test_ssl_cert_db/cert.password --ssl-cert-name localhost.localdomain
      2010-01-28 10:11:35 notice SASL disabled: No Authentication Performed
      2010-01-28 10:11:35 notice Listening on TCP port 5672
      2010-01-28 10:11:35 notice Listening for SSL connections on TCP port 5671
      5671
      2010-01-28 10:11:35 notice Broker running

      And running perftest using SSL:

      $ export QPID_NO_MODULE_DIR=1
      $ export QPID_LOAD_MODULE=./.libs/sslconnector.so
      $ export QPID_SSL_CERT_DB=/home/kgiusti/.test_ssl_cert_db/test_cert_db
      $ export QPID_SSL_CERT_PASSWORD_FILE=/home/kgiusti/.test_ssl_cert_db/cert.password
      $ ./tests/perftest --count 1 -P ssl -b localhost.localdomain --summary --port 5671

      The connection is rejected, and the broker logs:

      2010-01-28 10:13:18 error Rejected un-encrypted connection.

      I think the proper behavior would have the broker allow encrypted SSL connections, even if --auth no.

        Attachments

          Activity

            People

            • Assignee:
              kgiusti Ken Giusti
              Reporter:
              kgiusti Ken Giusti
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: