Uploaded image for project: 'Qpid'
  1. Qpid
  2. QPID-5788

Delay initialization of NSS library until the creation of first SSL connection.

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 0.28
    • Fix Version/s: 0.29
    • Component/s: C++ Client
    • Labels:
      None

      Description

      There are two issues here:
      ===Issue 1===
      When a qpid C++ client sets the SSL client environment variables programmatically prior(in program order) to opening a connection, qpid seems to ignore the environment variables. This issue was reported to the mailing list. Please find it at http://mail-archives.apache.org/mod_mbox/qpid-users/201405.mbox/%3C5374D926.3000501@vt.edu%3E

      A simple example to reproduce this issue:
      ===source===
      #include <qpid/messaging/Connection.h>
      #include <cstdlib>
      #include <iostream>
      #include <stdlib.h>

      using namespace qpid::messaging;

      int main()
      {
      const char* url = "localhost:5671";
      std::string connectionOptions = "

      {username:admin,password:admin,transport:ssl}

      ";

      setenv("QPID_SSL_CERT_NAME", "QpidCppClient", 1);
      setenv("QPID_SSL_CERT_DB", "/tmp/test/client_db", 1);
      setenv("QPID_SSL_CERT_PASSWORD_FILE", "/tmp/test/qpid-client-pfile", 1);

      Connection connection(url, connectionOptions);

      try

      { connection.open(); }

      catch (const std::exception& e)

      { std::cout << e.what() << "\n"; return (-1); }

      connection.close();
      return 0;
      }
      ===compilation===
      g++ -o test test.cpp -lqpidmessaging

      ===error message===
      Unknown protocol: ssl (/builddir/build/BUILD/qpid-0.28-rc2/cpp/src/qpid/client/Connector.cpp:52)

      Gordon responded to this issue at http://mail-archives.apache.org/mod_mbox/qpid-users/201405.mbox/%3C5379D276.3040609@redhat.com%3E

      This method of initialization has another side-effect and leads to the following:
      ===Issue 2===
      Due to this early initialization, the qid C++ precludes creating multiple processes which in turn can create connections to the broker. See below example.

      ===example===
      #include <qpid/messaging/Connection.h>
      #include<cstdlib>
      #include<iostream>
      #include<stdlib.h>

      using namespace qpid::messaging;

      int foo()
      {
      const char* url = "localhost:5672";
      std::string connectionOptions =
      "

      {username:test,password:test,transport:ssl}

      ";

      Connection connection(url, connectionOptions);

      try

      { connection.open(); }

      catch (const std::exception& e)

      { std::cout << e.what() << "\n"; }

      connection.close();
      return 0;
      }

      int main()
      {
      int retval = -1;

      retval = fork();
      if (retval == 0)
      foo();
      else
      sleep(5);

      return 0;
      }

      ===error message===
      On C++ qpid broker:
      May 26 20:50:00 qa1 qpidd[21500]: 2014-05-26 20:50:00 [System] error
      Error reading socket: Success(0)

      On C++ qpid client:
      2014-05-26 20:50:00 [Security] warning Connect failed: Failed: NSS error
      [-8023]
      (/builddir/build/BUILD/qpid-0.28-rc2/cpp/src/qpid/sys/ssl/SslSocket.cpp:156)
      2014-05-26 20:50:00 [Client] warning Connection closed

      This issue has been reported at http://mail-archives.apache.org/mod_mbox/qpid-users/201405.mbox/%3C5383E31E.6020506@vt.edu%3E

      and Gordon's response to it is at http://mail-archives.apache.org/mod_mbox/qpid-users/201405.mbox/%3C53845426.6090400@redhat.com%3E

        Attachments

          Activity

            People

            • Assignee:
              gsim Gordon Sim
              Reporter:
              haripyla Hari Pyla
            • Votes:
              1 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: