Details
-
Bug
-
Status: Closed
-
Major
-
Resolution: Fixed
-
None
-
None
Description
Running qpidd with "-auth no" and "-require-encryption" will reject SSL-based encrypted connections.
Running qpidd like so:
$ ./qpidd --auth no --require-encryption --transport ssl --no-data-dir --no-module-dir --load-module ./.libs/ssl.so --ssl-cert-db /home/kgiusti/.test_ssl_cert_db/test_cert_db --ssl-cert-password-file /home/kgiusti/.test_ssl_cert_db/cert.password --ssl-cert-name localhost.localdomain
2010-01-28 10:11:35 notice SASL disabled: No Authentication Performed
2010-01-28 10:11:35 notice Listening on TCP port 5672
2010-01-28 10:11:35 notice Listening for SSL connections on TCP port 5671
5671
2010-01-28 10:11:35 notice Broker running
And running perftest using SSL:
$ export QPID_NO_MODULE_DIR=1
$ export QPID_LOAD_MODULE=./.libs/sslconnector.so
$ export QPID_SSL_CERT_DB=/home/kgiusti/.test_ssl_cert_db/test_cert_db
$ export QPID_SSL_CERT_PASSWORD_FILE=/home/kgiusti/.test_ssl_cert_db/cert.password
$ ./tests/perftest --count 1 -P ssl -b localhost.localdomain --summary --port 5671
The connection is rejected, and the broker logs:
2010-01-28 10:13:18 error Rejected un-encrypted connection.
I think the proper behavior would have the broker allow encrypted SSL connections, even if --auth no.