Uploaded image for project: 'Qpid'
  1. Qpid
  2. QPID-5062

[C++ client] EXTERNAL authentication using SSL certificates doesn't work with AMQP 1.0

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 0.24
    • Fix Version/s: 0.24
    • Component/s: C++ Client
    • Labels:
      None
    • Environment:

      CentOS 6.4, Qpid 0.24 RC1, Proton 0.4

      Description

      A C++ based client using the qpid.messaging API with AMQP 1.0 seems to be unable to connect to the broker and authenticate with the SASL EXTERNAL authentication / SSL Client Certificates. The client side log is following:

      2013-08-08 20:07:01 [Messaging] debug Driver started
      2013-08-08 20:07:01 [Messaging] debug localhost:10000 Connecting ...
      2013-08-08 20:07:01 [System] info Connecting: 127.0.0.1:10000
      2013-08-08 20:07:01 [Security] debug Failed to connect: Connection refused
      2013-08-08 20:07:01 [Messaging] debug localhost:10000 Failed to connect
      Exception: Could not connect to amqp:ssl:localhost:10000 (/home/jakub/qpid/qpid-0.24-rc1/cpp/src/qpid/messaging/amqp/ConnectionContext.cpp:117)
      2013-08-08 20:07:01 [Messaging] debug Driver stopped
      [jakub@localhost Messaging-Sandbox]$ ./ReqRespClient
      2013-08-08 20:07:50 [Messaging] debug Driver started
      2013-08-08 20:07:50 [Messaging] debug localhost:10000 Connecting ...
      2013-08-08 20:07:50 [System] info Connecting: 127.0.0.1:10000
      2013-08-08 20:07:50 [Messaging] debug localhost:10000 Connected
      2013-08-08 20:07:50 [Messaging] debug wakeupDriver()
      2013-08-08 20:07:50 [Messaging] debug localhost:10000 Waiting to be authenticated...
      2013-08-08 20:07:50 [Security] trace localhost:10000 Sasl::canEncode(): 1 || 0
      2013-08-08 20:07:50 [Security] trace localhost:10000 Sasl::canEncode(): 1 || 0
      2013-08-08 20:07:50 [Protocol] debug localhost:10000 writing protocol header: 1-0
      2013-08-08 20:07:50 [Security] trace localhost:10000 Sasl::encode(65535): 8
      2013-08-08 20:07:50 [Security] trace localhost:10000 Sasl::canEncode(): 0 || 0
      2013-08-08 20:07:50 [Protocol] debug localhost:10000 read protocol header: 1-0
      2013-08-08 20:07:50 [Security] trace Reading SASL frame of size 30
      2013-08-08 20:07:50 [Security] trace Reading SASL-MECHANISMS
      2013-08-08 20:07:50 [Protocol] debug localhost:10000 Received SASL-MECHANISMS(EXTERNAL)
      2013-08-08 20:07:50 [Security] debug CyrusSasl::start(EXTERNAL )
      2013-08-08 20:07:50 [Security] debug min_ssf: 0, max_ssf: 256
      2013-08-08 20:07:50 [System] debug Exception constructed: Sasl error: SASL(-4): no mechanism available: (/home/jakub/qpid/qpid-0.24-rc1/cpp/src/qpid/SaslFactory.cpp:309)
      2013-08-08 20:07:50 [System] error Caught exception in state: 3 with event: 1: internal-error: Sasl error: SASL(-4): no mechanism available: (/home/jakub/qpid/qpid-0.24-rc1/cpp/src/qpid/SaslFactory.cpp:309)
      2013-08-08 20:07:55 [Security] debug [127.0.0.1:34905-localhost:10000] SslTransport closing...
      2013-08-08 20:07:55 [Security] debug [127.0.0.1:34905-localhost:10000] Socket closed
      Exception: Disconnected
      2013-08-08 20:07:55 [Messaging] debug Driver stopped

      The broker log mentions that the connection is being closed because no protocol was received (max-negotiate-timeout expired):

      2013-08-08 20:07:50 [Network] info Set TCP_NODELAY on connection to 127.0.0.1:34905
      2013-08-08 20:07:50 [Broker] info Using AMQP 1.0 (with SASL layer)
      2013-08-08 20:07:50 [Model] trace Mgmt create connection. id:qpid.127.0.0.1:10000-127.0.0.1:34905
      2013-08-08 20:07:50 [Security] info SASL: Mechanism list: EXTERNAL
      2013-08-08 20:07:55 [System] error Connection qpid.127.0.0.1:10000-127.0.0.1:34905 No protocol received closing
      2013-08-08 20:07:55 [Security] info qpid.127.0.0.1:10000-127.0.0.1:34905 Connection closed prior to authentication completing
      2013-08-08 20:07:55 [Security] info qpid.127.0.0.1:10000-127.0.0.1:34905 Connection closed prior to authentication completing
      2013-08-08 20:07:55 [Model] debug Delete connection. user: rhost:qpid.127.0.0.1:10000-127.0.0.1:34905
      2013-08-08 20:08:03 [Model] trace Mgmt delete connection. id:qpid.127.0.0.1:10000-127.0.0.1:34905 Statistics:

      {bytesFromClient:0, bytesToClient:0, closing:False, framesFromClient:0, framesToClient:0, msgsFromClient:0, msgsToClient:0}

      With AMQP 0.10 it seems to work fine.

        Attachments

          Activity

            People

            • Assignee:
              gsim Gordon Sim
              Reporter:
              scholzj Jakub Scholz
            • Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: