qpid-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ted Ross (JIRA)" <j...@apache.org>
Subject [jira] [Created] (DISPATCH-743) Intermittent SSL Failure
Date Wed, 12 Apr 2017 14:03:41 GMT
Ted Ross created DISPATCH-743:

             Summary: Intermittent SSL Failure
                 Key: DISPATCH-743
                 URL: https://issues.apache.org/jira/browse/DISPATCH-743
             Project: Qpid Dispatch
          Issue Type: Bug
          Components: Container
    Affects Versions: 0.8.0
            Reporter: Ted Ross
             Fix For: 1.0.0

I'm seeing intermittent instances of 'SSL Failure: Unknown error.' when using SSL to access
the router.  This test uses the SSL certificates checked into the tests/ssl_certs directory.

Router Configuration:
ssl_profile {
    name: SSL
    certDb: /path_to/ssl_certs/ca-certificate.pem
    certFile: /path_to/ssl_certs/server-certificate.pem
    keyFile: /path_to/ssl_certs/server-private-key.pem
    password: server-password

listener {
    host: ::
    port: amqps
    authenticatePeer: yes
    saslMechanisms: EXTERNAL
    sslProfile: SSL
    requireSsl: yes

The client command line is:
qdstat -b amqps://localhost -c --ssl-certificate=client-certificate.pem --ssl-key=client-private-key.pem
--ssl-password=client-password --ssl-trustfile=ca-certificate.pem

This operates correctly because the configured server hostname is "localhost".

To reproduce this error, replace "localhost" with "" in the command line.  This will
correctly result in a certificate verification error due to the name mismatch.  Then repeat
the command with "localhost" again.  This first attempt to use the correct name often results
in the unexpected failure.

This message was sent by Atlassian JIRA

To unsubscribe, e-mail: dev-unsubscribe@qpid.apache.org
For additional commands, e-mail: dev-help@qpid.apache.org

View raw message