diff options
| author | Gordon Sim <gsim@apache.org> | 2014-08-28 13:44:55 +0000 |
|---|---|---|
| committer | Gordon Sim <gsim@apache.org> | 2014-08-28 13:44:55 +0000 |
| commit | c68fe9bb5498dd8e9598d89f7bb8c8f99fd170be (patch) | |
| tree | 4b9de99c97b2be1f89a1fdb20948083f64b46c08 | |
| parent | 47d244161446d54a68d345f710971f8aa7f1d983 (diff) | |
| download | qpid-python-c68fe9bb5498dd8e9598d89f7bb8c8f99fd170be.tar.gz | |
ensure ssl is initialised for 1.0 client connections; merged from trunk r1620948
git-svn-id: https://svn.apache.org/repos/asf/qpid/branches/0.30@1621136 13f79535-47bb-0310-9956-ffa450edef68
| -rw-r--r-- | qpid/cpp/src/qpid/client/SslConnector.cpp | 10 | ||||
| -rw-r--r-- | qpid/cpp/src/qpid/client/ssl.h | 30 | ||||
| -rw-r--r-- | qpid/cpp/src/qpid/messaging/amqp/SslTransport.cpp | 7 | ||||
| -rwxr-xr-x | qpid/cpp/src/tests/ssl_test | 15 |
4 files changed, 60 insertions, 2 deletions
diff --git a/qpid/cpp/src/qpid/client/SslConnector.cpp b/qpid/cpp/src/qpid/client/SslConnector.cpp index ffe751ab65..7c67196242 100644 --- a/qpid/cpp/src/qpid/client/SslConnector.cpp +++ b/qpid/cpp/src/qpid/client/SslConnector.cpp @@ -161,6 +161,16 @@ namespace { } } +void initialiseSSL() +{ + init.checkInitialised(); +} + +void shutdownSSL() +{ + if (StaticInit::initialised) shutdownNSS(); +} + SslConnector::SslConnector(Poller::shared_ptr p, ProtocolVersion ver, const ConnectionSettings& settings, diff --git a/qpid/cpp/src/qpid/client/ssl.h b/qpid/cpp/src/qpid/client/ssl.h new file mode 100644 index 0000000000..0adef21f7e --- /dev/null +++ b/qpid/cpp/src/qpid/client/ssl.h @@ -0,0 +1,30 @@ +#ifndef QPID_CLIENT_SSL_H +#define QPID_CLIENT_SSL_H + +/* + * + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + * + */ +namespace qpid { +namespace client { +void initialiseSSL(); +void shutdownSSL(); +}} // namespace qpid::client + +#endif /*!QPID_CLIENT_SSL_H*/ diff --git a/qpid/cpp/src/qpid/messaging/amqp/SslTransport.cpp b/qpid/cpp/src/qpid/messaging/amqp/SslTransport.cpp index 30ff636636..ffb64c4421 100644 --- a/qpid/cpp/src/qpid/messaging/amqp/SslTransport.cpp +++ b/qpid/cpp/src/qpid/messaging/amqp/SslTransport.cpp @@ -25,6 +25,7 @@ #include "qpid/sys/AsynchIO.h" #include "qpid/sys/ConnectionCodec.h" #include "qpid/sys/Poller.h" +#include "qpid/client/ssl.h" #include "qpid/log/Statement.h" #include <boost/bind.hpp> #include <boost/format.hpp> @@ -40,6 +41,7 @@ namespace amqp { namespace { Transport* create(TransportContext& c, Poller::shared_ptr p) { + qpid::client::initialiseSSL(); return new SslTransport(c, p); } @@ -49,6 +51,11 @@ struct StaticInit { Transport::add("ssl", &create); }; + + ~StaticInit() + { + qpid::client::shutdownSSL(); + } } init; } diff --git a/qpid/cpp/src/tests/ssl_test b/qpid/cpp/src/tests/ssl_test index e7c763f9ce..d681059495 100755 --- a/qpid/cpp/src/tests/ssl_test +++ b/qpid/cpp/src/tests/ssl_test @@ -35,6 +35,10 @@ OTHER_CA_PEM_FILE=${TEST_CERT_DIR}/other_ca_cert.pem PY_PING_BROKER=${QPID_TEST_SRC_DIR}/ping_broker COUNT=10 +if [[ -a $AMQP_LIB ]] ; then + MODULES="--load-module $AMQP_LIB" +fi + trap cleanup EXIT error() { echo $*; exit 1; } @@ -135,7 +139,7 @@ cleanup() { } start_ssl_broker() { - start_brokers 1 "--transport ssl --ssl-port 0 --require-encryption --auth no" + start_brokers 1 "--transport ssl --ssl-port 0 --require-encryption --auth no $MODULES" } start_ssl_mux_broker() { @@ -146,7 +150,7 @@ start_ssl_mux_broker() { sasl_config_dir=$QPID_TEST_EXEC_DIR/sasl_config start_authenticating_broker() { - start_brokers 1 "--transport ssl --ssl-port 0 --require-encryption --ssl-sasl-no-dict --ssl-require-client-authentication --auth yes --sasl-config=${sasl_config_dir}" + start_brokers 1 "--transport ssl --ssl-port 0 --require-encryption --ssl-sasl-no-dict --ssl-require-client-authentication --auth yes --sasl-config=${sasl_config_dir} $MODULES" } ssl_cluster_broker() { # $1 = port @@ -184,6 +188,13 @@ URL=amqp:ssl:$TEST_HOSTNAME:$PORT MSG=`./qpid-receive -b $URL -a "foo;{create:always}" --messages 1` test "$MSG" = "hello" || { echo "receive failed '$MSG' != 'hello'"; exit 1; } +if [[ -a $AMQP_LIB ]] ; then + echo "Testing ssl over AMQP 1.0" + ./qpid-send --connection-options '{protocol:amqp1.0}' -b $URL --content-string=hello -a "foo;{create:always}" + MSG=`./qpid-receive --connection-options '{protocol:amqp1.0}' -b $URL -a "foo;{create:always}" --messages 1` + test "$MSG" = "hello" || { echo "receive failed for AMQP 1.0 '$MSG' != 'hello'"; exit 1; } +fi + ## Test connection with a combination of URL and connection options (in messaging API) URL=$TEST_HOSTNAME:$PORT ./qpid-send -b $URL --connection-options '{transport:ssl,heartbeat:2}' --content-string='hello again' -a "foo;{create:always}" |