Quantcast
Qpid Apache Qpid users

SSL Client Authentication support for C++ on Windows

classic Classic list List threaded Threaded
14 messages Options
Jakub Scholz-2
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate
star

SSL Client Authentication support for C++ on Windows

Jakub Scholz-2
Hi,

I played a bit with the support for SSL client authentication in the
C++ API for Windows. It seems that I got it working, at least against
our Red Hat MRG 2.0 (Qpid 0.10) brokers ... I did following changes:
1) Added a support for SASL EXTERNAL mechanism
2) Added new connection option ssl-cert-store which allows to select
the certificate store which should be used to search for the
certificate. If not specified, the default "Personal" store is used.
3) Changed the SSL Connector to try to load the private key if
EXTERNAL mechanism has been selected
4) The username for the SASL EXTERNAL mechanism is used from the
"username" connection option. The username is also used to find the
right certificate, since the username has to be in the subject of the
certificate. I was considering adding new option for this, but this
approach seemed to be the best.

Currently, I'm aware of few limitations:
1) when the SSL client authentication is enabled on the broker, the
client can connect only with EXTERNAL, not with PLAIN. But this
problem was there already before my changes ... I have some idea where
the problem is, but I'm not sure whether I will manage to fix it ...
2) When there are multiple certificates with a matching subject, the
first one is always used. I didn't found any better method for
selecting the certificate ...

Also, the current version is developed against 0.14 source codes,
because I had some problems getting the trunk to compile&work ... I
have to look at it ...

The patch is attached. If someone wants to try it right now, feel free
to do so. Also if anyone has some comments, please share them.
Otherwise, I will try to reconcile the patch to trunk and will attach
the patch to some JIRA Issue ... either existing one or a new one -
I'm not sure whether there already is some open JIRA covering it.

Regards
JAkub

PS: I didn't looked into the .NET API yet. Does someone know whether
the .NET API needs to be somehow modified or are the modifications in
the C++ APIs automatically used by the .NET?



---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]
Steve Huston
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate
star

RE: SSL Client Authentication support for C++ on Windows

Steve Huston
Terrific, Jakub - thanks!

Could you please open a jira for this and attach your patches to it -
please be sure to check the box granting rights to ASF or we can't use the
patch.

Someone else will need to comment on the .NET aspect.

-Steve

> -----Original Message-----
> From: Jakub Scholz [mailto:[hidden email]]
> Sent: Tuesday, March 06, 2012 6:48 PM
> To: [hidden email]
> Subject: SSL Client Authentication support for C++ on Windows
>
> Hi,
>
> I played a bit with the support for SSL client authentication in the
> C++ API for Windows. It seems that I got it working, at least against
> our Red Hat MRG 2.0 (Qpid 0.10) brokers ... I did following changes:
> 1) Added a support for SASL EXTERNAL mechanism
> 2) Added new connection option ssl-cert-store which allows to select the
> certificate store which should be used to search for the certificate. If
not
> specified, the default "Personal" store is used.
> 3) Changed the SSL Connector to try to load the private key if EXTERNAL
> mechanism has been selected
> 4) The username for the SASL EXTERNAL mechanism is used from the
> "username" connection option. The username is also used to find the
right
> certificate, since the username has to be in the subject of the
certificate. I
> was considering adding new option for this, but this approach seemed to
be
> the best.
>
> Currently, I'm aware of few limitations:
> 1) when the SSL client authentication is enabled on the broker, the
client can
> connect only with EXTERNAL, not with PLAIN. But this problem was there
> already before my changes ... I have some idea where the problem is, but
I'm
> not sure whether I will manage to fix it ...
> 2) When there are multiple certificates with a matching subject, the
first one
> is always used. I didn't found any better method for selecting the
certificate
> ...
>
> Also, the current version is developed against 0.14 source codes,
because I
> had some problems getting the trunk to compile&work ... I have to look
at it
> ...
>
> The patch is attached. If someone wants to try it right now, feel free
to do so.
> Also if anyone has some comments, please share them.
> Otherwise, I will try to reconcile the patch to trunk and will attach
the patch
> to some JIRA Issue ... either existing one or a new one - I'm not sure
whether
> there already is some open JIRA covering it.
>
> Regards
> JAkub
>
> PS: I didn't looked into the .NET API yet. Does someone know whether the
> .NET API needs to be somehow modified or are the modifications in the
C++
> APIs automatically used by the .NET?


---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Jakub Scholz-2
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate
star

Re: SSL Client Authentication support for C++ on Windows

Jakub Scholz-2
In reply to this post by Jakub Scholz-2
BTW: The attachment was probably discarded by the mailing list server,
so I uploaded it to http://pastebin.com/gb1RnUYk ... the URL will
hopefully survive :-)

On Wed, Mar 7, 2012 at 00:47, Jakub Scholz <[hidden email]> wrote:

> Hi,
>
> I played a bit with the support for SSL client authentication in the
> C++ API for Windows. It seems that I got it working, at least against
> our Red Hat MRG 2.0 (Qpid 0.10) brokers ... I did following changes:
> 1) Added a support for SASL EXTERNAL mechanism
> 2) Added new connection option ssl-cert-store which allows to select
> the certificate store which should be used to search for the
> certificate. If not specified, the default "Personal" store is used.
> 3) Changed the SSL Connector to try to load the private key if
> EXTERNAL mechanism has been selected
> 4) The username for the SASL EXTERNAL mechanism is used from the
> "username" connection option. The username is also used to find the
> right certificate, since the username has to be in the subject of the
> certificate. I was considering adding new option for this, but this
> approach seemed to be the best.
>
> Currently, I'm aware of few limitations:
> 1) when the SSL client authentication is enabled on the broker, the
> client can connect only with EXTERNAL, not with PLAIN. But this
> problem was there already before my changes ... I have some idea where
> the problem is, but I'm not sure whether I will manage to fix it ...
> 2) When there are multiple certificates with a matching subject, the
> first one is always used. I didn't found any better method for
> selecting the certificate ...
>
> Also, the current version is developed against 0.14 source codes,
> because I had some problems getting the trunk to compile&work ... I
> have to look at it ...
>
> The patch is attached. If someone wants to try it right now, feel free
> to do so. Also if anyone has some comments, please share them.
> Otherwise, I will try to reconcile the patch to trunk and will attach
> the patch to some JIRA Issue ... either existing one or a new one -
> I'm not sure whether there already is some open JIRA covering it.
>
> Regards
> JAkub
>
> PS: I didn't looked into the .NET API yet. Does someone know whether
> the .NET API needs to be somehow modified or are the modifications in
> the C++ APIs automatically used by the .NET?

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Hamid.Shahid
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate
star

Re: SSL Client Authentication support for C++ on Windows

Hamid.Shahid
In reply to this post by Jakub Scholz-2
Thats awsome...

It would be ideal case if we can have support for file based certificates as well.

thanks Jakub!
Best Regards,
Hamid.
Steve Huston
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate
star

RE: SSL Client Authentication support for C++ on Windows

Steve Huston
In reply to this post by Jakub Scholz-2
Ok, Jakub, but we still need to have the patch(es) attached to a jira and
make sure you check the  box granting rights to ASF, or we can't use it.

I just checked and did not see an existing jira for this issue (though it
has been discussed on the mailing list recently), so please go ahead and
open a new jira, and attach your patches to that.

Thanks!
-Steve

> -----Original Message-----
> From: Jakub Scholz [mailto:[hidden email]]
> Sent: Wednesday, March 07, 2012 4:22 AM
> To: [hidden email]
> Subject: Re: SSL Client Authentication support for C++ on Windows
>
> BTW: The attachment was probably discarded by the mailing list server,
so I

> uploaded it to http://pastebin.com/gb1RnUYk ... the URL will hopefully
> survive :-)
>
> On Wed, Mar 7, 2012 at 00:47, Jakub Scholz <[hidden email]> wrote:
> > Hi,
> >
> > I played a bit with the support for SSL client authentication in the
> > C++ API for Windows. It seems that I got it working, at least against
> > our Red Hat MRG 2.0 (Qpid 0.10) brokers ... I did following changes:
> > 1) Added a support for SASL EXTERNAL mechanism
> > 2) Added new connection option ssl-cert-store which allows to select
> > the certificate store which should be used to search for the
> > certificate. If not specified, the default "Personal" store is used.
> > 3) Changed the SSL Connector to try to load the private key if
> > EXTERNAL mechanism has been selected
> > 4) The username for the SASL EXTERNAL mechanism is used from the
> > "username" connection option. The username is also used to find the
> > right certificate, since the username has to be in the subject of the
> > certificate. I was considering adding new option for this, but this
> > approach seemed to be the best.
> >
> > Currently, I'm aware of few limitations:
> > 1) when the SSL client authentication is enabled on the broker, the
> > client can connect only with EXTERNAL, not with PLAIN. But this
> > problem was there already before my changes ... I have some idea where
> > the problem is, but I'm not sure whether I will manage to fix it ...
> > 2) When there are multiple certificates with a matching subject, the
> > first one is always used. I didn't found any better method for
> > selecting the certificate ...
> >
> > Also, the current version is developed against 0.14 source codes,
> > because I had some problems getting the trunk to compile&work ... I
> > have to look at it ...
> >
> > The patch is attached. If someone wants to try it right now, feel free
> > to do so. Also if anyone has some comments, please share them.
> > Otherwise, I will try to reconcile the patch to trunk and will attach
> > the patch to some JIRA Issue ... either existing one or a new one -
> > I'm not sure whether there already is some open JIRA covering it.
> >
> > Regards
> > JAkub
> >
> > PS: I didn't looked into the .NET API yet. Does someone know whether
> > the .NET API needs to be somehow modified or are the modifications in
> > the C++ APIs automatically used by the .NET?
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [hidden email] For additional
> commands, e-mail: [hidden email]


---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Jakub Scholz-2
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate
star

Re: SSL Client Authentication support for C++ on Windows

Jakub Scholz-2
Hi Steve,

Yes, I know. There are still some unresolved issues as mentioned in
the first email and I also need to check how does it work against the
trunk - this version is prepared against 0.14 release. The patch here
is mainly for the people who want to give it a try ... once I have
that, I will create an JIRA and attached with the licence granted.

Regards
Jakub

On Wed, Mar 7, 2012 at 18:13, Steve Huston <[hidden email]> wrote:

> Ok, Jakub, but we still need to have the patch(es) attached to a jira and
> make sure you check the  box granting rights to ASF, or we can't use it.
>
> I just checked and did not see an existing jira for this issue (though it
> has been discussed on the mailing list recently), so please go ahead and
> open a new jira, and attach your patches to that.
>
> Thanks!
> -Steve
>
>> -----Original Message-----
>> From: Jakub Scholz [mailto:[hidden email]]
>> Sent: Wednesday, March 07, 2012 4:22 AM
>> To: [hidden email]
>> Subject: Re: SSL Client Authentication support for C++ on Windows
>>
>> BTW: The attachment was probably discarded by the mailing list server,
> so I
>> uploaded it to http://pastebin.com/gb1RnUYk ... the URL will hopefully
>> survive :-)
>>
>> On Wed, Mar 7, 2012 at 00:47, Jakub Scholz <[hidden email]> wrote:
>> > Hi,
>> >
>> > I played a bit with the support for SSL client authentication in the
>> > C++ API for Windows. It seems that I got it working, at least against
>> > our Red Hat MRG 2.0 (Qpid 0.10) brokers ... I did following changes:
>> > 1) Added a support for SASL EXTERNAL mechanism
>> > 2) Added new connection option ssl-cert-store which allows to select
>> > the certificate store which should be used to search for the
>> > certificate. If not specified, the default "Personal" store is used.
>> > 3) Changed the SSL Connector to try to load the private key if
>> > EXTERNAL mechanism has been selected
>> > 4) The username for the SASL EXTERNAL mechanism is used from the
>> > "username" connection option. The username is also used to find the
>> > right certificate, since the username has to be in the subject of the
>> > certificate. I was considering adding new option for this, but this
>> > approach seemed to be the best.
>> >
>> > Currently, I'm aware of few limitations:
>> > 1) when the SSL client authentication is enabled on the broker, the
>> > client can connect only with EXTERNAL, not with PLAIN. But this
>> > problem was there already before my changes ... I have some idea where
>> > the problem is, but I'm not sure whether I will manage to fix it ...
>> > 2) When there are multiple certificates with a matching subject, the
>> > first one is always used. I didn't found any better method for
>> > selecting the certificate ...
>> >
>> > Also, the current version is developed against 0.14 source codes,
>> > because I had some problems getting the trunk to compile&work ... I
>> > have to look at it ...
>> >
>> > The patch is attached. If someone wants to try it right now, feel free
>> > to do so. Also if anyone has some comments, please share them.
>> > Otherwise, I will try to reconcile the patch to trunk and will attach
>> > the patch to some JIRA Issue ... either existing one or a new one -
>> > I'm not sure whether there already is some open JIRA covering it.
>> >
>> > Regards
>> > JAkub
>> >
>> > PS: I didn't looked into the .NET API yet. Does someone know whether
>> > the .NET API needs to be somehow modified or are the modifications in
>> > the C++ APIs automatically used by the .NET?
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: [hidden email] For additional
>> commands, e-mail: [hidden email]
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [hidden email]
> For additional commands, e-mail: [hidden email]
>

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Steve Huston
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate
star

RE: SSL Client Authentication support for C++ on Windows

Steve Huston
Ah, ok - thank you very much, Jakub!

> -----Original Message-----
> From: Jakub Scholz [mailto:[hidden email]]
> Sent: Wednesday, March 07, 2012 1:38 PM
> To: [hidden email]
> Subject: Re: SSL Client Authentication support for C++ on Windows
>
> Hi Steve,
>
> Yes, I know. There are still some unresolved issues as mentioned in the
first
> email and I also need to check how does it work against the trunk - this
> version is prepared against 0.14 release. The patch here is mainly for
the
> people who want to give it a try ... once I have that, I will create an
JIRA and
> attached with the licence granted.
>
> Regards
> Jakub
>
> On Wed, Mar 7, 2012 at 18:13, Steve Huston <[hidden email]> wrote:
> > Ok, Jakub, but we still need to have the patch(es) attached to a jira
> > and make sure you check the  box granting rights to ASF, or we can't
use it.

> >
> > I just checked and did not see an existing jira for this issue (though
> > it has been discussed on the mailing list recently), so please go
> > ahead and open a new jira, and attach your patches to that.
> >
> > Thanks!
> > -Steve
> >
> >> -----Original Message-----
> >> From: Jakub Scholz [mailto:[hidden email]]
> >> Sent: Wednesday, March 07, 2012 4:22 AM
> >> To: [hidden email]
> >> Subject: Re: SSL Client Authentication support for C++ on Windows
> >>
> >> BTW: The attachment was probably discarded by the mailing list
> >> server,
> > so I
> >> uploaded it to http://pastebin.com/gb1RnUYk ... the URL will
> >> hopefully survive :-)
> >>
> >> On Wed, Mar 7, 2012 at 00:47, Jakub Scholz <[hidden email]> wrote:
> >> > Hi,
> >> >
> >> > I played a bit with the support for SSL client authentication in
> >> > the
> >> > C++ API for Windows. It seems that I got it working, at least
> >> > C++ against
> >> > our Red Hat MRG 2.0 (Qpid 0.10) brokers ... I did following
changes:
> >> > 1) Added a support for SASL EXTERNAL mechanism
> >> > 2) Added new connection option ssl-cert-store which allows to
> >> > select the certificate store which should be used to search for the
> >> > certificate. If not specified, the default "Personal" store is
used.

> >> > 3) Changed the SSL Connector to try to load the private key if
> >> > EXTERNAL mechanism has been selected
> >> > 4) The username for the SASL EXTERNAL mechanism is used from the
> >> > "username" connection option. The username is also used to find the
> >> > right certificate, since the username has to be in the subject of
> >> > the certificate. I was considering adding new option for this, but
> >> > this approach seemed to be the best.
> >> >
> >> > Currently, I'm aware of few limitations:
> >> > 1) when the SSL client authentication is enabled on the broker, the
> >> > client can connect only with EXTERNAL, not with PLAIN. But this
> >> > problem was there already before my changes ... I have some idea
> >> > where the problem is, but I'm not sure whether I will manage to fix
it ...

> >> > 2) When there are multiple certificates with a matching subject,
> >> > the first one is always used. I didn't found any better method for
> >> > selecting the certificate ...
> >> >
> >> > Also, the current version is developed against 0.14 source codes,
> >> > because I had some problems getting the trunk to compile&work ... I
> >> > have to look at it ...
> >> >
> >> > The patch is attached. If someone wants to try it right now, feel
> >> > free to do so. Also if anyone has some comments, please share them.
> >> > Otherwise, I will try to reconcile the patch to trunk and will
> >> > attach the patch to some JIRA Issue ... either existing one or a
> >> > new one - I'm not sure whether there already is some open JIRA
> covering it.
> >> >
> >> > Regards
> >> > JAkub
> >> >
> >> > PS: I didn't looked into the .NET API yet. Does someone know
> >> > whether the .NET API needs to be somehow modified or are the
> >> > modifications in the C++ APIs automatically used by the .NET?
> >>
> >> ---------------------------------------------------------------------
> >> To unsubscribe, e-mail: [hidden email] For
> >> additional commands, e-mail: [hidden email]
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: [hidden email] For
> > additional commands, e-mail: [hidden email]
> >
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [hidden email] For additional
> commands, e-mail: [hidden email]


---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Jakub Scholz-2
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate
star

Re: SSL Client Authentication support for C++ on Windows

Jakub Scholz-2
In reply to this post by Hamid.Shahid
Hi Hamid,

I understand the advantages of the file based certificates. But:
a) right now I have no idea whether the SChannel API is able to work with them
b) I believe the use of the Windows built in certificate is also in
the other parts of the Windows version (the broker, also client is
already searching for the public key of the broker there etc.) ... so
storing the client's private key there as well is much more consistent
behaviour
(and c) I'm glad I managed get it working at least like this :-o)

I can take a quick look at it, but do not put too much hope on it ...

Regards
Jakub

On Wed, Mar 7, 2012 at 17:36, Hamid.Shahid <[hidden email]> wrote:

> Thats awsome...
>
> It would be ideal case if we can have support for file based certificates as
> well.
>
> thanks Jakub!
>
>
> --
> View this message in context: http://qpid.2158936.n2.nabble.com/SSL-Client-Authentication-support-for-C-on-Windows-tp7350387p7352312.html
> Sent from the Apache Qpid users mailing list archive at Nabble.com.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [hidden email]
> For additional commands, e-mail: [hidden email]
>

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Hamid.Shahid
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate
star

Re: SSL Client Authentication support for C++ on Windows

Hamid.Shahid
Hi Jakub,

Yes, I can understand the point a , b...
and definately the point c :)

Great Job!

Best Regards,
Hamid.
Best Regards,
Hamid.
Jakub Scholz-2
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate
star

Re: SSL Client Authentication support for C++ on Windows

Jakub Scholz-2
In reply to this post by Steve Huston
So, after a vacation and few days spent with getting the trunk to work
on my Windows XP machine (see JIRA QPID-3759 for more details) I
finally managed to prepare the patch for trunk (well, it is pretty
much the same as for 0.14). I also created the JIRA issue QPID-3914
where I attached the patch ... I hope it gets committed sooner then my
Python patch for the same feature :-o

Regards
Jakub

On Wed, Mar 7, 2012 at 20:19, Steve Huston <[hidden email]> wrote:

> Ah, ok - thank you very much, Jakub!
>
>> -----Original Message-----
>> From: Jakub Scholz [mailto:[hidden email]]
>> Sent: Wednesday, March 07, 2012 1:38 PM
>> To: [hidden email]
>> Subject: Re: SSL Client Authentication support for C++ on Windows
>>
>> Hi Steve,
>>
>> Yes, I know. There are still some unresolved issues as mentioned in the
> first
>> email and I also need to check how does it work against the trunk - this
>> version is prepared against 0.14 release. The patch here is mainly for
> the
>> people who want to give it a try ... once I have that, I will create an
> JIRA and
>> attached with the licence granted.
>>
>> Regards
>> Jakub
>>
>> On Wed, Mar 7, 2012 at 18:13, Steve Huston <[hidden email]> wrote:
>> > Ok, Jakub, but we still need to have the patch(es) attached to a jira
>> > and make sure you check the  box granting rights to ASF, or we can't
> use it.
>> >
>> > I just checked and did not see an existing jira for this issue (though
>> > it has been discussed on the mailing list recently), so please go
>> > ahead and open a new jira, and attach your patches to that.
>> >
>> > Thanks!
>> > -Steve
>> >
>> >> -----Original Message-----
>> >> From: Jakub Scholz [mailto:[hidden email]]
>> >> Sent: Wednesday, March 07, 2012 4:22 AM
>> >> To: [hidden email]
>> >> Subject: Re: SSL Client Authentication support for C++ on Windows
>> >>
>> >> BTW: The attachment was probably discarded by the mailing list
>> >> server,
>> > so I
>> >> uploaded it to http://pastebin.com/gb1RnUYk ... the URL will
>> >> hopefully survive :-)
>> >>
>> >> On Wed, Mar 7, 2012 at 00:47, Jakub Scholz <[hidden email]> wrote:
>> >> > Hi,
>> >> >
>> >> > I played a bit with the support for SSL client authentication in
>> >> > the
>> >> > C++ API for Windows. It seems that I got it working, at least
>> >> > C++ against
>> >> > our Red Hat MRG 2.0 (Qpid 0.10) brokers ... I did following
> changes:
>> >> > 1) Added a support for SASL EXTERNAL mechanism
>> >> > 2) Added new connection option ssl-cert-store which allows to
>> >> > select the certificate store which should be used to search for the
>> >> > certificate. If not specified, the default "Personal" store is
> used.
>> >> > 3) Changed the SSL Connector to try to load the private key if
>> >> > EXTERNAL mechanism has been selected
>> >> > 4) The username for the SASL EXTERNAL mechanism is used from the
>> >> > "username" connection option. The username is also used to find the
>> >> > right certificate, since the username has to be in the subject of
>> >> > the certificate. I was considering adding new option for this, but
>> >> > this approach seemed to be the best.
>> >> >
>> >> > Currently, I'm aware of few limitations:
>> >> > 1) when the SSL client authentication is enabled on the broker, the
>> >> > client can connect only with EXTERNAL, not with PLAIN. But this
>> >> > problem was there already before my changes ... I have some idea
>> >> > where the problem is, but I'm not sure whether I will manage to fix
> it ...
>> >> > 2) When there are multiple certificates with a matching subject,
>> >> > the first one is always used. I didn't found any better method for
>> >> > selecting the certificate ...
>> >> >
>> >> > Also, the current version is developed against 0.14 source codes,
>> >> > because I had some problems getting the trunk to compile&work ... I
>> >> > have to look at it ...
>> >> >
>> >> > The patch is attached. If someone wants to try it right now, feel
>> >> > free to do so. Also if anyone has some comments, please share them.
>> >> > Otherwise, I will try to reconcile the patch to trunk and will
>> >> > attach the patch to some JIRA Issue ... either existing one or a
>> >> > new one - I'm not sure whether there already is some open JIRA
>> covering it.
>> >> >
>> >> > Regards
>> >> > JAkub
>> >> >
>> >> > PS: I didn't looked into the .NET API yet. Does someone know
>> >> > whether the .NET API needs to be somehow modified or are the
>> >> > modifications in the C++ APIs automatically used by the .NET?
>> >>
>> >> ---------------------------------------------------------------------
>> >> To unsubscribe, e-mail: [hidden email] For
>> >> additional commands, e-mail: [hidden email]
>> >
>> >
>> > ---------------------------------------------------------------------
>> > To unsubscribe, e-mail: [hidden email] For
>> > additional commands, e-mail: [hidden email]
>> >
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: [hidden email] For additional
>> commands, e-mail: [hidden email]
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [hidden email]
> For additional commands, e-mail: [hidden email]
>

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Michal Zerola
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate
star

Re: SSL Client Authentication support for C++ on Windows

Michal Zerola
In reply to this post by Hamid.Shahid
Hello, I have extended the Jakub's patch for file based certificate client authentication.

It is attached to the same JIRA issue.

This patch extends the Jakub's one for the missing client file based authentication under the Windows. A client may specify new Connection options:

■ssl-cert-filename
■ssl-cert-filenamepass
■host-cert-filename
for providing the private P12 key from the file, password for accessing this file and finally the host public certificate from the file. If specified, the private key is loaded from the file and used for client authentication instead of finding the certificate in the registry based store. If the host key filename is specified, the public key from the file attempts to be added into the Trusted Root Certification Authority store, so the host will be trusted (I have not found other way to trust the host other than adding the public key into the store before the handshake). Any combination of the new connection parameters is allowed (e.g. load private key from the file and use public host certificate from existing registry store).
This patch increases the portability of the SSL based client applications, where certificates can be provided with the application and there is no need to import them by hand before executing the main application.
Hamid.Shahid
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate
star

Re: SSL Client Authentication support for C++ on Windows

Hamid.Shahid
Hi Michal,

Thats great, awsome job!

@ Steve - Would it be possible to add these updates in the next offical version of QPID?

Thank you.

regards,
Hamid
Best Regards,
Hamid.
Steve Huston
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate
star

RE: SSL Client Authentication support for C++ on Windows

Steve Huston
Hi Hamid,

> Hi Michal,
>
> Thats great, awsome job!
>
> @ Steve - Would it be possible to add these updates in the next offical
> version of QPID?

Not in 0.16 - that's already frozen for release testing.

I will try to get it in 0.18.

-Steve


---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Hamid.Shahid
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate
star

RE: SSL Client Authentication support for C++ on Windows

Hamid.Shahid
That will be great, Steve.
Thanks!
Best Regards,
Hamid.
Loading...
Powered by Nabble Edit this page