Qpid
  1. Qpid
  2. QPID-5062

[C++ client] EXTERNAL authentication using SSL certificates doesn't work with AMQP 1.0

    Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: 0.24
    • Fix Version/s: 0.24
    • Component/s: C++ Client
    • Labels:
      None
    • Environment:

      CentOS 6.4, Qpid 0.24 RC1, Proton 0.4

      Description

      A C++ based client using the qpid.messaging API with AMQP 1.0 seems to be unable to connect to the broker and authenticate with the SASL EXTERNAL authentication / SSL Client Certificates. The client side log is following:

      2013-08-08 20:07:01 [Messaging] debug Driver started
      2013-08-08 20:07:01 [Messaging] debug localhost:10000 Connecting ...
      2013-08-08 20:07:01 [System] info Connecting: 127.0.0.1:10000
      2013-08-08 20:07:01 [Security] debug Failed to connect: Connection refused
      2013-08-08 20:07:01 [Messaging] debug localhost:10000 Failed to connect
      Exception: Could not connect to amqp:ssl:localhost:10000 (/home/jakub/qpid/qpid-0.24-rc1/cpp/src/qpid/messaging/amqp/ConnectionContext.cpp:117)
      2013-08-08 20:07:01 [Messaging] debug Driver stopped
      [jakub@localhost Messaging-Sandbox]$ ./ReqRespClient
      2013-08-08 20:07:50 [Messaging] debug Driver started
      2013-08-08 20:07:50 [Messaging] debug localhost:10000 Connecting ...
      2013-08-08 20:07:50 [System] info Connecting: 127.0.0.1:10000
      2013-08-08 20:07:50 [Messaging] debug localhost:10000 Connected
      2013-08-08 20:07:50 [Messaging] debug wakeupDriver()
      2013-08-08 20:07:50 [Messaging] debug localhost:10000 Waiting to be authenticated...
      2013-08-08 20:07:50 [Security] trace localhost:10000 Sasl::canEncode(): 1 || 0
      2013-08-08 20:07:50 [Security] trace localhost:10000 Sasl::canEncode(): 1 || 0
      2013-08-08 20:07:50 [Protocol] debug localhost:10000 writing protocol header: 1-0
      2013-08-08 20:07:50 [Security] trace localhost:10000 Sasl::encode(65535): 8
      2013-08-08 20:07:50 [Security] trace localhost:10000 Sasl::canEncode(): 0 || 0
      2013-08-08 20:07:50 [Protocol] debug localhost:10000 read protocol header: 1-0
      2013-08-08 20:07:50 [Security] trace Reading SASL frame of size 30
      2013-08-08 20:07:50 [Security] trace Reading SASL-MECHANISMS
      2013-08-08 20:07:50 [Protocol] debug localhost:10000 Received SASL-MECHANISMS(EXTERNAL)
      2013-08-08 20:07:50 [Security] debug CyrusSasl::start(EXTERNAL )
      2013-08-08 20:07:50 [Security] debug min_ssf: 0, max_ssf: 256
      2013-08-08 20:07:50 [System] debug Exception constructed: Sasl error: SASL(-4): no mechanism available: (/home/jakub/qpid/qpid-0.24-rc1/cpp/src/qpid/SaslFactory.cpp:309)
      2013-08-08 20:07:50 [System] error Caught exception in state: 3 with event: 1: internal-error: Sasl error: SASL(-4): no mechanism available: (/home/jakub/qpid/qpid-0.24-rc1/cpp/src/qpid/SaslFactory.cpp:309)
      2013-08-08 20:07:55 [Security] debug [127.0.0.1:34905-localhost:10000] SslTransport closing...
      2013-08-08 20:07:55 [Security] debug [127.0.0.1:34905-localhost:10000] Socket closed
      Exception: Disconnected
      2013-08-08 20:07:55 [Messaging] debug Driver stopped

      The broker log mentions that the connection is being closed because no protocol was received (max-negotiate-timeout expired):

      2013-08-08 20:07:50 [Network] info Set TCP_NODELAY on connection to 127.0.0.1:34905
      2013-08-08 20:07:50 [Broker] info Using AMQP 1.0 (with SASL layer)
      2013-08-08 20:07:50 [Model] trace Mgmt create connection. id:qpid.127.0.0.1:10000-127.0.0.1:34905
      2013-08-08 20:07:50 [Security] info SASL: Mechanism list: EXTERNAL
      2013-08-08 20:07:55 [System] error Connection qpid.127.0.0.1:10000-127.0.0.1:34905 No protocol received closing
      2013-08-08 20:07:55 [Security] info qpid.127.0.0.1:10000-127.0.0.1:34905 Connection closed prior to authentication completing
      2013-08-08 20:07:55 [Security] info qpid.127.0.0.1:10000-127.0.0.1:34905 Connection closed prior to authentication completing
      2013-08-08 20:07:55 [Model] debug Delete connection. user: rhost:qpid.127.0.0.1:10000-127.0.0.1:34905
      2013-08-08 20:08:03 [Model] trace Mgmt delete connection. id:qpid.127.0.0.1:10000-127.0.0.1:34905 Statistics:

      {bytesFromClient:0, bytesToClient:0, closing:False, framesFromClient:0, framesToClient:0, msgsFromClient:0, msgsToClient:0}

      With AMQP 0.10 it seems to work fine.

        Activity

        Hide
        ASF subversion and git services added a comment -

        Commit 1512346 from Gordon Sim in branch 'qpid/trunk'
        [ https://svn.apache.org/r1512346 ]

        QPID-5062: pass through security details from SSL transport to enable EXTERNAL authentication

        Show
        ASF subversion and git services added a comment - Commit 1512346 from Gordon Sim in branch 'qpid/trunk' [ https://svn.apache.org/r1512346 ] QPID-5062 : pass through security details from SSL transport to enable EXTERNAL authentication
        Hide
        Chuck Rolke added a comment -

        approved for 0.24

        Show
        Chuck Rolke added a comment - approved for 0.24
        Hide
        Justin Ross added a comment -

        Reviewed by Chuck. Approved for 0.24.

        Show
        Justin Ross added a comment - Reviewed by Chuck. Approved for 0.24.
        Hide
        ASF subversion and git services added a comment -

        Commit 1512410 from Gordon Sim in branch 'qpid/branches/0.24'
        [ https://svn.apache.org/r1512410 ]

        QPID-5062: pass through security details from SSL transport to enable EXTERNAL authentication (merged from r1512346)

        Show
        ASF subversion and git services added a comment - Commit 1512410 from Gordon Sim in branch 'qpid/branches/0.24' [ https://svn.apache.org/r1512410 ] QPID-5062 : pass through security details from SSL transport to enable EXTERNAL authentication (merged from r1512346)
        Hide
        Justin Ross added a comment -
        Show
        Justin Ross added a comment - Released in Qpid 0.24, http://qpid.apache.org/releases/qpid-0.24/index.html

          People

          • Assignee:
            Gordon Sim
            Reporter:
            JAkub Scholz
          • Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development