Affects Version/s: 0.16
Fix Version/s: 0.18
Component/s: C++ Broker
CentOS release 5.5 (Final)
Linux 2.6.18-194.32.1.el5 #1 SMP Wed Jan 5 17:52:25 EST 2011 x86_64 x86_64 x86_64 GNU/Linux
gcc (GCC) 4.1.2 20080704 (Red Hat 4.1.2-48)
I'm running a set of Qpid 0.16 C++ brokers with configuration like:
ie the broker is requiring both encryption and authentication (configured SASL mech list is CRAM-MD5 DIGEST-MD5 EXTERNAL PLAIN).
Now, if a client (let's use qpid-stat for example) connects via SSL (amqps) and authenticates successfully, then everything is happy.
However, if a client repeatedly fails to use SSL and/or fails to provide credentials, then the broker loses one of it's configured max connections every time!
So, for example, if we start the broker using the configuration shown above, then do this:
The above loop will report ~ 500 AuthenticationFailure errors, then switch to ConnectionError errors. Once the ConnectionError errors begin, all further connections to the broker will be rejected - permanently (until the broker is restarted), with the broker logging:
From my testing, the following loops never cause an issue (with this configuration):
Whereas any of the following will break the broker:
|Field||Original Value||New Value|
|Summary||Failed client connections permanently exhausting broker's max connections limit||Failed client connections permanently exhaust broker's max connections limit|
|Status||Open [ 1 ]||Resolved [ 5 ]|
|Fix Version/s||0.18 [ 12322451 ]|
|Resolution||Fixed [ 1 ]|
|Status||Resolved [ 5 ]||Closed [ 6 ]|