Quantcast
Qpid Apache Qpid users

Question about C++ broker, C++ client, and SSL encryption

classic Classic list List threaded Threaded
14 messages Options
CjD
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate
star

Question about C++ broker, C++ client, and SSL encryption

CjD
I have two questions regarding SSL and the C++ broker / C++ client running qpidd (qpidc) version 0.5 from a trunk build.

1) Start c++ qpid broker as follows
   qpidd --log-enable debug:ssl --log-source yes \
      --log-function yes \
      --auth no \
      --load-module src/.libs/ssl.so \
      --ssl-cert-db /etc/pki/tls/qpid/test_cert_db
      --ssl-cert-password-file /etc/pki/tls/private/qpid_ssl.pass \
      --ssl-cert-name commit.CjD \
      --ssl-require-client-authentication \
      --require-encryption

2) Run the c++ direct example on port 5672
   ./examples/direct/declare_queues localhost 5672  
   ./examples/direct/direct_producer localhost 5672
   ./examples/direct/listener localhost 5672
The queue is created, populated, and read with no problems.

3) Run the c++ direct example on port 5671 (first set-up env variables)
   QPID_LOAD_MODULE=./src/.libs/sslconnector.so
   QPID_SSL_CERT_DB=/etc/pki/tls/qpid/test_cert_db
   ./examples/direct/declare_queues localhost 5671

At this point, the declare_queues example hangs until CTRL C is pressed.  When declare_queues terminates, the broker outputs:
debug qpid/sys/ssl/SslHandler.cpp:143:void qpid::sys::ssl::SslHandler::eof(qpid::sys::ssl::SslIO&): DISCONNECTED [127.0.0.1:57801]


Question 1 - Why did the examples on port 5672 (#2) succeed?  I thought --load-module src/.libs/ssl.so and --require-encryption would cause the connection to be rejected.

Question 2 - What is the declare_queue code from #3 blocking on?  Is SSL fully implemented in the c++ client?

Any insights would be gratefully appreciated.

Cullen J. Davis
CommIT Enterprises, Inc.

---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project:      http://qpid.apache.org
Use/Interact: mailto:[hidden email]

Gordon Sim
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate
star

Re: Question about C++ broker, C++ client, and SSL encryption

Gordon Sim
Cullen Davis wrote:

> I have two questions regarding SSL and the C++ broker / C++ client running qpidd (qpidc) version 0.5 from a trunk build.
>
> 1) Start c++ qpid broker as follows
>    qpidd --log-enable debug:ssl --log-source yes \
>       --log-function yes \
>       --auth no \
>       --load-module src/.libs/ssl.so \
>       --ssl-cert-db /etc/pki/tls/qpid/test_cert_db
>       --ssl-cert-password-file /etc/pki/tls/private/qpid_ssl.pass \
>       --ssl-cert-name commit.CjD \
>       --ssl-require-client-authentication \
>       --require-encryption
>
> 2) Run the c++ direct example on port 5672
>    ./examples/direct/declare_queues localhost 5672  
>    ./examples/direct/direct_producer localhost 5672
>    ./examples/direct/listener localhost 5672
> The queue is created, populated, and read with no problems.
>
> 3) Run the c++ direct example on port 5671 (first set-up env variables)
>    QPID_LOAD_MODULE=./src/.libs/sslconnector.so
>    QPID_SSL_CERT_DB=/etc/pki/tls/qpid/test_cert_db
>    ./examples/direct/declare_queues localhost 5671
>
> At this point, the declare_queues example hangs until CTRL C is pressed.  When declare_queues terminates, the broker outputs:
> debug qpid/sys/ssl/SslHandler.cpp:143:void qpid::sys::ssl::SslHandler::eof(qpid::sys::ssl::SslIO&): DISCONNECTED [127.0.0.1:57801]
>
>
> Question 1 - Why did the examples on port 5672 (#2) succeed?  I thought --load-module src/.libs/ssl.so and --require-encryption would cause the connection to be rejected.

That is because the of the auth=no option, this is a known issue and
should be fixed in the next release.

https://issues.apache.org/jira/browse/QPID-1899

> Question 2 - What is the declare_queue code from #3 blocking on?  

To use ssl in the client you have to select 'ssl' as the protocol. The
examples don't currently allow you to do that at present. However if you
make the following modifications then you can specify 'ssl' after host
and port and it should work:

Index: examples/direct/declare_queues.cpp
===================================================================
--- examples/direct/declare_queues.cpp  (revision 797423)
+++ examples/direct/declare_queues.cpp  (working copy)
@@ -53,12 +53,14 @@


  int main(int argc, char** argv) {
-    const char* host = argc>1 ? argv[1] : "127.0.0.1";
-    int port = argc>2 ? atoi(argv[2]) : 5672;
+    ConnectionSettings settings;
+    if (argc>1) settings.host = argv[1];
+    if (argc>2) settings.port = atoi(argv[2]);
+    if (argc>3) settings.protocol = argv[3];
      Connection connection;

      try {
-      connection.open(host, port);
+      connection.open(settings);
        Session session =  connection.newSession();

The same change would be required on the other example programs. We
should get this changed for the next release also. I've raised a Jira to
track it:

https://issues.apache.org/jira/browse/QPID-2049




---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project:      http://qpid.apache.org
Use/Interact: mailto:[hidden email]

CjD
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate
star

RE: Question about C++ broker, C++ client, and SSL encryption

CjD
I followed your lead and modified the tests to pass a protocol into the Connection::open.  When the ConnectionImpl object was instantiated, the ProtocolRegistry().find(proto) failed with an "Unknown Protocol" error.   I was using "ssl" as the target protocol.

Any additional thoughts?

Cullen J. Davis
CommIT Enterprises, Inc.

________________________________________
From: Gordon Sim [[hidden email]]
Sent: Friday, August 14, 2009 3:34 AM
To: [hidden email]
Subject: Re: Question about C++ broker, C++ client, and SSL encryption

Cullen Davis wrote:

> I have two questions regarding SSL and the C++ broker / C++ client running qpidd (qpidc) version 0.5 from a trunk build.
>
> 1) Start c++ qpid broker as follows
>    qpidd --log-enable debug:ssl --log-source yes \
>       --log-function yes \
>       --auth no \
>       --load-module src/.libs/ssl.so \
>       --ssl-cert-db /etc/pki/tls/qpid/test_cert_db
>       --ssl-cert-password-file /etc/pki/tls/private/qpid_ssl.pass \
>       --ssl-cert-name commit.CjD \
>       --ssl-require-client-authentication \
>       --require-encryption
>
> 2) Run the c++ direct example on port 5672
>    ./examples/direct/declare_queues localhost 5672
>    ./examples/direct/direct_producer localhost 5672
>    ./examples/direct/listener localhost 5672
> The queue is created, populated, and read with no problems.
>
> 3) Run the c++ direct example on port 5671 (first set-up env variables)
>    QPID_LOAD_MODULE=./src/.libs/sslconnector.so
>    QPID_SSL_CERT_DB=/etc/pki/tls/qpid/test_cert_db
>    ./examples/direct/declare_queues localhost 5671
>
> At this point, the declare_queues example hangs until CTRL C is pressed.  When declare_queues terminates, the broker outputs:
> debug qpid/sys/ssl/SslHandler.cpp:143:void qpid::sys::ssl::SslHandler::eof(qpid::sys::ssl::SslIO&): DISCONNECTED [127.0.0.1:57801]
>
>
> Question 1 - Why did the examples on port 5672 (#2) succeed?  I thought --load-module src/.libs/ssl.so and --require-encryption would cause the connection to be rejected.

That is because the of the auth=no option, this is a known issue and
should be fixed in the next release.

https://issues.apache.org/jira/browse/QPID-1899

> Question 2 - What is the declare_queue code from #3 blocking on?

To use ssl in the client you have to select 'ssl' as the protocol. The
examples don't currently allow you to do that at present. However if you
make the following modifications then you can specify 'ssl' after host
and port and it should work:

Index: examples/direct/declare_queues.cpp
===================================================================
--- examples/direct/declare_queues.cpp  (revision 797423)
+++ examples/direct/declare_queues.cpp  (working copy)
@@ -53,12 +53,14 @@


  int main(int argc, char** argv) {
-    const char* host = argc>1 ? argv[1] : "127.0.0.1";
-    int port = argc>2 ? atoi(argv[2]) : 5672;
+    ConnectionSettings settings;
+    if (argc>1) settings.host = argv[1];
+    if (argc>2) settings.port = atoi(argv[2]);
+    if (argc>3) settings.protocol = argv[3];
      Connection connection;

      try {
-      connection.open(host, port);
+      connection.open(settings);
        Session session =  connection.newSession();

The same change would be required on the other example programs. We
should get this changed for the next release also. I've raised a Jira to
track it:

https://issues.apache.org/jira/browse/QPID-2049




---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project:      http://qpid.apache.org
Use/Interact: mailto:[hidden email]


---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project:      http://qpid.apache.org
Use/Interact: mailto:[hidden email]

Gordon Sim
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate
star

Re: Question about C++ broker, C++ client, and SSL encryption

Gordon Sim
Cullen Davis wrote:
> I followed your lead and modified the tests to pass a protocol into the Connection::open.  When the ConnectionImpl object was instantiated, the ProtocolRegistry().find(proto) failed with an "Unknown Protocol" error.   I was using "ssl" as the target protocol.
>
> Any additional thoughts?

You need to have QPID_LOAD_MODULE=./src/.libs/sslconnector.so (or have
the ssl client plugin in the standard location for clients).

>
> Cullen J. Davis
> CommIT Enterprises, Inc.
>
> ________________________________________
> From: Gordon Sim [[hidden email]]
> Sent: Friday, August 14, 2009 3:34 AM
> To: [hidden email]
> Subject: Re: Question about C++ broker, C++ client, and SSL encryption
>
> Cullen Davis wrote:
>> I have two questions regarding SSL and the C++ broker / C++ client running qpidd (qpidc) version 0.5 from a trunk build.
>>
>> 1) Start c++ qpid broker as follows
>>    qpidd --log-enable debug:ssl --log-source yes \
>>       --log-function yes \
>>       --auth no \
>>       --load-module src/.libs/ssl.so \
>>       --ssl-cert-db /etc/pki/tls/qpid/test_cert_db
>>       --ssl-cert-password-file /etc/pki/tls/private/qpid_ssl.pass \
>>       --ssl-cert-name commit.CjD \
>>       --ssl-require-client-authentication \
>>       --require-encryption
>>
>> 2) Run the c++ direct example on port 5672
>>    ./examples/direct/declare_queues localhost 5672
>>    ./examples/direct/direct_producer localhost 5672
>>    ./examples/direct/listener localhost 5672
>> The queue is created, populated, and read with no problems.
>>
>> 3) Run the c++ direct example on port 5671 (first set-up env variables)
>>    QPID_LOAD_MODULE=./src/.libs/sslconnector.so
>>    QPID_SSL_CERT_DB=/etc/pki/tls/qpid/test_cert_db
>>    ./examples/direct/declare_queues localhost 5671
>>
>> At this point, the declare_queues example hangs until CTRL C is pressed.  When declare_queues terminates, the broker outputs:
>> debug qpid/sys/ssl/SslHandler.cpp:143:void qpid::sys::ssl::SslHandler::eof(qpid::sys::ssl::SslIO&): DISCONNECTED [127.0.0.1:57801]
>>
>>
>> Question 1 - Why did the examples on port 5672 (#2) succeed?  I thought --load-module src/.libs/ssl.so and --require-encryption would cause the connection to be rejected.
>
> That is because the of the auth=no option, this is a known issue and
> should be fixed in the next release.
>
> https://issues.apache.org/jira/browse/QPID-1899
>
>> Question 2 - What is the declare_queue code from #3 blocking on?
>
> To use ssl in the client you have to select 'ssl' as the protocol. The
> examples don't currently allow you to do that at present. However if you
> make the following modifications then you can specify 'ssl' after host
> and port and it should work:
>
> Index: examples/direct/declare_queues.cpp
> ===================================================================
> --- examples/direct/declare_queues.cpp  (revision 797423)
> +++ examples/direct/declare_queues.cpp  (working copy)
> @@ -53,12 +53,14 @@
>
>
>   int main(int argc, char** argv) {
> -    const char* host = argc>1 ? argv[1] : "127.0.0.1";
> -    int port = argc>2 ? atoi(argv[2]) : 5672;
> +    ConnectionSettings settings;
> +    if (argc>1) settings.host = argv[1];
> +    if (argc>2) settings.port = atoi(argv[2]);
> +    if (argc>3) settings.protocol = argv[3];
>       Connection connection;
>
>       try {
> -      connection.open(host, port);
> +      connection.open(settings);
>         Session session =  connection.newSession();
>
> The same change would be required on the other example programs. We
> should get this changed for the next release also. I've raised a Jira to
> track it:
>
> https://issues.apache.org/jira/browse/QPID-2049
>
>
>
>
> ---------------------------------------------------------------------
> Apache Qpid - AMQP Messaging Implementation
> Project:      http://qpid.apache.org
> Use/Interact: mailto:[hidden email]
>
>
> ---------------------------------------------------------------------
> Apache Qpid - AMQP Messaging Implementation
> Project:      http://qpid.apache.org
> Use/Interact: mailto:[hidden email]
>


---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project:      http://qpid.apache.org
Use/Interact: mailto:[hidden email]

PacaMike
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate
star

Question about C++ broker, DotNet/Java/C++ client and WAN deployment

PacaMike
This post was updated on .
In reply to this post by CjD
CONTENTS DELETED
The author has deleted this message.
Carl Trieloff
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate
star

Re: Question about C++ broker, DotNet/Java/C++ client and WAN deployment

Carl Trieloff
Rodrigues, Marc wrote:
> Hello All,
>
> I would like to know if QPid can operate only on a LAN ?
>  

yes.

> Does Qpid have the necessary security model for public network ?
>  

that would depend on your requirements. It does have TSL/SLL in 0.5 and
on trunk we now
have Kerberos encryption for most clients.

> To use QPid across a public network, what is the recommendation ( VPN ,
> SSH tunnels, SSL etc) ?
>  
I would go VPM or TSL/SSL.

> What is your recommended approach to a WAN deployment ?
>  

Do you want all clients to one location, or a federation?

> Thanks
>
> ---------------------------------------------------------------------
> Apache Qpid - AMQP Messaging Implementation
> Project:      http://qpid.apache.org
> Use/Interact: mailto:[hidden email]
>
>  


---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project:      http://qpid.apache.org
Use/Interact: mailto:[hidden email]

PacaMike
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate
star

RE: Question about C++ broker, DotNet/Java/C++ client and WAN deployment

PacaMike
This post was updated on .
CONTENTS DELETED
The author has deleted this message.
Carl Trieloff
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate
star

Re: Question about C++ broker, DotNet/Java/C++ client and WAN deployment

Carl Trieloff
Rodrigues, Marc wrote:
> Thanks Carl
>
>  
>> Do you want all clients to one location, or a federation?
>>    
>
> All the clients will be on the public network (Internet) all over the country.
>  


Then I would setup a few federated brokers if possible.

See: http://qpid.apache.org/using-broker-federation.html

Carl.
Robert Greig
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate
star

Re: Question about C++ broker, DotNet/Java/C++ client and WAN deployment

Robert Greig
Administrator
In reply to this post by Carl Trieloff
2009/8/31 Carl Trieloff <[hidden email]>:

>> I would like to know if QPid can operate only on a LAN ?
>>
>
> yes.

Carl, are you actually saying you think Qpid only works in a LAN environment?

Robert

---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project:      http://qpid.apache.org
Use/Interact: mailto:[hidden email]

Carl Trieloff
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate
star

Re: Question about C++ broker, DotNet/Java/C++ client and WAN deployment

Carl Trieloff
Robert Greig wrote:

> 2009/8/31 Carl Trieloff <[hidden email]>:
>
>  
>>> I would like to know if QPid can operate only on a LAN ?
>>>
>>>      
>> yes.
>>    
>
> Carl, are you actually saying you think Qpid only works in a LAN environment?

It works in both LAN and WAN. thanks for picking that up.

Carl.
PacaMike
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate
star

Running the C++ Broker as a daemon process

PacaMike
This post was updated on .
In reply to this post by Carl Trieloff
CONTENTS DELETED
The author has deleted this message.
Steve Huston
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate
star

RE: Running the C++ Broker as a daemon process

Steve Huston
Hi Marc,

> I installed QPid 0.5 on Windows XP PRO SP3 machine
> (qpidc-0.5.msi | QPid C++ Broker 0.5) for test purpose.
>  
> It works fine but how can I run it as a daemon ( Windows service).

You can't. That feature has not been added. It would be great if you
would like to help to develop it.

Best regards,
-Steve


---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project:      http://qpid.apache.org
Use/Interact: mailto:[hidden email]

Andre Paim Lemos
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate
star

Re: Running the C++ Broker as a daemon process

Andre Paim Lemos
In reply to this post by PacaMike
Hi,

I'm running qpid as a windows service using the service wrapper XYService (
http://www.codeproject.com/KB/system/xyntservice.aspx?display=PrintAll&fid=1239&df=90&mpp=25&noise=3&sort=Position&view=Quick&fr=851&select=659777).

I known that is not the best solution, but works for me...

Andre

On Tue, Sep 1, 2009 at 11:33 AM, Rodrigues, Marc
<[hidden email]>wrote:

> Hello All,
>
> I installed QPid 0.5 on Windows XP PRO SP3 machine (qpidc-0.5.msi | QPid
> C++ Broker 0.5) for test purpose.
>
> It works fine but how can I run it as a daemon ( Windows service).
>
> I tried the option --daemon  to run the broker as daemon process without
> success.
> I don't see any more daemon option --help, is it still available.
>
> How can install it as a deamon under Windows XP Pro or Windows Server 2003
> ?
>
>
> Thanks
>
>
>
> http://qpid.apache.org/rasc.html <http://qpid.apache.org/rasc.html>
>
>
>
>
>
> From: Carl Trieloff [mailto:[hidden email]]
> Sent: lundi 31 août 2009 17:07
> To: Rodrigues, Marc
> Cc: [hidden email]
> Subject: Re: Question about C++ broker, DotNet/Java/C++ client and WAN
> deployment
>
>
>
> Rodrigues, Marc wrote:
>
> Thanks Carl
>
>
>
>        Do you want all clients to one location, or a federation?
>
>
>
> All the clients will be on the public network (Internet) all over the
> country.
>
>
>
>
> Then I would setup a few federated brokers if possible.
>
> See: http://qpid.apache.org/using-broker-federation.html
>
> Carl.
>
>


--
[]'s
Andre Paim Lemos
Wes Parish-3
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate
star

RE: Running the C++ Broker as a daemon process

Wes Parish-3
In reply to this post by PacaMike
I am not sure if Qpid natively supports being installed as a service, but if it doesn't there is another option.

You can create a Windows service using SRVANY.exe from the Windows Server 2003 Resource Kit.  Basically, you run the SRVANY.exe application and it installs the service to your registry (and in the Services snap-in), then you can add parameters directly to your registry.  This is a very useful tool, and can be used for almost any application.

http://support.microsoft.com/kb/137890

Wes


-----Original Message-----
From: Rodrigues, Marc [mailto:[hidden email]]
Sent: Tue 9/1/2009 9:33 AM
To: [hidden email]
Subject: Running the C++ Broker as a daemon process
 
Hello All,
 
I installed QPid 0.5 on Windows XP PRO SP3 machine (qpidc-0.5.msi | QPid C++ Broker 0.5) for test purpose.
 
It works fine but how can I run it as a daemon ( Windows service).
 
I tried the option --daemon  to run the broker as daemon process without success.
I don't see any more daemon option --help, is it still available.
 
How can install it as a deamon under Windows XP Pro or Windows Server 2003 ?
 

Thanks

 

http://qpid.apache.org/rasc.html <http://qpid.apache.org/rasc.html>

 

 

From: Carl Trieloff [mailto:[hidden email]]
Sent: lundi 31 août 2009 17:07
To: Rodrigues, Marc
Cc: [hidden email]
Subject: Re: Question about C++ broker, DotNet/Java/C++ client and WAN deployment

 

Rodrigues, Marc wrote:

Thanks Carl
 
 

        Do you want all clients to one location, or a federation?
           

 
All the clients will be on the public network (Internet) all over the country.
 



Then I would setup a few federated brokers if possible.

See: http://qpid.apache.org/using-broker-federation.html

Carl.





---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project:      http://qpid.apache.org
Use/Interact: mailto:[hidden email]
Loading...
Powered by Nabble Edit this page