Remove default location for certificate database.

Some extra checking in loading ssl libraries.



git-svn-id: https://svn.apache.org/repos/asf/incubator/qpid/trunk/qpid@706349 13f79535-47bb-0310-9956-ffa450edef68

4 files changed, 22 insertions, 11 deletions

diff --git a/cpp/src/qpid/client/SslConnector.cpp b/cpp/src/qpid/client/SslConnector.cpp
index 8ae412ed09..4ea54a3b59 100644
--- a/cpp/src/qpid/client/SslConnector.cpp
+++ b/cpp/src/qpid/client/SslConnector.cpp
@@ -146,8 +146,12 @@ namespace {
             try {
                 SslOptions options;
                 options.parse (0, 0, CONF_FILE, true);
-                initNSS(options);                
-                Connector::registerFactory("ssl", &create);
+                if (options.certDbPath.empty()) {
+                    QPID_LOG(warning, "SSL connector not enabled, you must set QPID_SSL_CERT_DB to enable it.");                    
+                } else {
+                    initNSS(options);                
+                    Connector::registerFactory("ssl", &create);
+                }
             } catch (const std::exception& e) {
                 QPID_LOG(error, "Failed to initialise SSL connector: " << e.what());
             }
diff --git a/cpp/src/qpid/sys/SslPlugin.cpp b/cpp/src/qpid/sys/SslPlugin.cpp
index ee272830e1..c519f5dc80 100644
--- a/cpp/src/qpid/sys/SslPlugin.cpp
+++ b/cpp/src/qpid/sys/SslPlugin.cpp
@@ -89,13 +89,21 @@ static struct SslPlugin : public Plugin {
         broker::Broker* broker = dynamic_cast<broker::Broker*>(&target);
         // Only provide to a Broker
         if (broker) {
-            ssl::initNSS(options, true);
-
-            const broker::Broker::Options& opts = broker->getOptions();
-            ProtocolFactory::shared_ptr protocol(new SslProtocolFactory(options,
-                                                                        opts.connectionBacklog, opts.tcpNoDelay));
-            QPID_LOG(info, "Listening for SSL connections on TCP port " << protocol->getPort());
-            broker->registerProtocolFactory("ssl", protocol);
+            if (options.certDbPath.empty()) {
+                QPID_LOG(warning, "SSL plugin not enabled, you must set --qpid-ssl-cert-db to enable it.");                    
+            } else {
+                try {
+                    ssl::initNSS(options, true);
+                    
+                    const broker::Broker::Options& opts = broker->getOptions();
+                    ProtocolFactory::shared_ptr protocol(new SslProtocolFactory(options,
+                                                                                opts.connectionBacklog, opts.tcpNoDelay));
+                    QPID_LOG(info, "Listening for SSL connections on TCP port " << protocol->getPort());
+                    broker->registerProtocolFactory("ssl", protocol);
+                } catch (const std::exception& e) {
+                    QPID_LOG(error, "Failed to initialise SSL plugin: " << e.what());
+                }
+            }
         }
     }
 } sslPlugin;
diff --git a/cpp/src/qpid/sys/ssl/util.cpp b/cpp/src/qpid/sys/ssl/util.cpp
index 63855d49ac..97b00f19de 100644
--- a/cpp/src/qpid/sys/ssl/util.cpp
+++ b/cpp/src/qpid/sys/ssl/util.cpp
@@ -49,7 +49,6 @@ std::string defaultCertName()
 }
 
 SslOptions::SslOptions() : qpid::Options("SSL Settings"), 
-                           certDbPath(CERT_DB),
                            certName(defaultCertName()),
                            exportPolicy(false)
 {
diff --git a/cpp/src/ssl.mk b/cpp/src/ssl.mk
index 921266d377..6545b33e38 100644
--- a/cpp/src/ssl.mk
+++ b/cpp/src/ssl.mk
@@ -13,7 +13,7 @@ libsslcommon_la_SOURCES = \
 
 libsslcommon_la_LIBADD= -lnss3 -lssl3 -lnspr4 libqpidcommon.la
 
-libsslcommon_la_CXXFLAGS=$(AM_CXXFLAGS) $(SSL_CFLAGS) -DCERT_DB=\"$(sysconfdir)/qpid_cert_db\"
+libsslcommon_la_CXXFLAGS=$(AM_CXXFLAGS) $(SSL_CFLAGS)
 
 lib_LTLIBRARIES +=  libsslcommon.la