From c68fe9bb5498dd8e9598d89f7bb8c8f99fd170be Mon Sep 17 00:00:00 2001
From: Gordon Sim <gsim@apache.org>
Date: Thu, 28 Aug 2014 13:44:55 +0000
Subject: ensure ssl is initialised for 1.0 client connections; merged from
 trunk r1620948

git-svn-id: https://svn.apache.org/repos/asf/qpid/branches/0.30@1621136 13f79535-47bb-0310-9956-ffa450edef68
---
 qpid/cpp/src/qpid/client/SslConnector.cpp         | 10 ++++++++
 qpid/cpp/src/qpid/client/ssl.h                    | 30 +++++++++++++++++++++++
 qpid/cpp/src/qpid/messaging/amqp/SslTransport.cpp |  7 ++++++
 qpid/cpp/src/tests/ssl_test                       | 15 ++++++++++--
 4 files changed, 60 insertions(+), 2 deletions(-)
 create mode 100644 qpid/cpp/src/qpid/client/ssl.h

diff --git a/qpid/cpp/src/qpid/client/SslConnector.cpp b/qpid/cpp/src/qpid/client/SslConnector.cpp
index ffe751ab65..7c67196242 100644
--- a/qpid/cpp/src/qpid/client/SslConnector.cpp
+++ b/qpid/cpp/src/qpid/client/SslConnector.cpp
@@ -161,6 +161,16 @@ namespace {
     }
 }
 
+void initialiseSSL()
+{
+    init.checkInitialised();
+}
+
+void shutdownSSL()
+{
+    if (StaticInit::initialised) shutdownNSS();
+}
+
 SslConnector::SslConnector(Poller::shared_ptr p,
                      ProtocolVersion ver,
                      const ConnectionSettings& settings,
diff --git a/qpid/cpp/src/qpid/client/ssl.h b/qpid/cpp/src/qpid/client/ssl.h
new file mode 100644
index 0000000000..0adef21f7e
--- /dev/null
+++ b/qpid/cpp/src/qpid/client/ssl.h
@@ -0,0 +1,30 @@
+#ifndef QPID_CLIENT_SSL_H
+#define QPID_CLIENT_SSL_H
+
+/*
+ *
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+namespace qpid {
+namespace client {
+void initialiseSSL();
+void shutdownSSL();
+}} // namespace qpid::client
+
+#endif  /*!QPID_CLIENT_SSL_H*/
diff --git a/qpid/cpp/src/qpid/messaging/amqp/SslTransport.cpp b/qpid/cpp/src/qpid/messaging/amqp/SslTransport.cpp
index 30ff636636..ffb64c4421 100644
--- a/qpid/cpp/src/qpid/messaging/amqp/SslTransport.cpp
+++ b/qpid/cpp/src/qpid/messaging/amqp/SslTransport.cpp
@@ -25,6 +25,7 @@
 #include "qpid/sys/AsynchIO.h"
 #include "qpid/sys/ConnectionCodec.h"
 #include "qpid/sys/Poller.h"
+#include "qpid/client/ssl.h"
 #include "qpid/log/Statement.h"
 #include <boost/bind.hpp>
 #include <boost/format.hpp>
@@ -40,6 +41,7 @@ namespace amqp {
 namespace {
 Transport* create(TransportContext& c, Poller::shared_ptr p)
 {
+    qpid::client::initialiseSSL();
     return new SslTransport(c, p);
 }
 
@@ -49,6 +51,11 @@ struct StaticInit
     {
         Transport::add("ssl", &create);
     };
+
+    ~StaticInit()
+    {
+        qpid::client::shutdownSSL();
+    }
 } init;
 }
 
diff --git a/qpid/cpp/src/tests/ssl_test b/qpid/cpp/src/tests/ssl_test
index e7c763f9ce..d681059495 100755
--- a/qpid/cpp/src/tests/ssl_test
+++ b/qpid/cpp/src/tests/ssl_test
@@ -35,6 +35,10 @@ OTHER_CA_PEM_FILE=${TEST_CERT_DIR}/other_ca_cert.pem
 PY_PING_BROKER=${QPID_TEST_SRC_DIR}/ping_broker
 COUNT=10
 
+if [[ -a $AMQP_LIB ]] ; then
+    MODULES="--load-module $AMQP_LIB"
+fi
+
 trap cleanup EXIT
 
 error() { echo $*; exit 1; }
@@ -135,7 +139,7 @@ cleanup() {
 }
 
 start_ssl_broker() {
-    start_brokers 1 "--transport ssl --ssl-port 0 --require-encryption --auth no"
+    start_brokers 1 "--transport ssl --ssl-port 0 --require-encryption --auth no $MODULES"
 }
 
 start_ssl_mux_broker() {
@@ -146,7 +150,7 @@ start_ssl_mux_broker() {
 sasl_config_dir=$QPID_TEST_EXEC_DIR/sasl_config
 
 start_authenticating_broker() {
-    start_brokers 1 "--transport ssl --ssl-port 0 --require-encryption --ssl-sasl-no-dict --ssl-require-client-authentication --auth yes --sasl-config=${sasl_config_dir}"
+    start_brokers 1 "--transport ssl --ssl-port 0 --require-encryption --ssl-sasl-no-dict --ssl-require-client-authentication --auth yes --sasl-config=${sasl_config_dir} $MODULES"
 }
 
 ssl_cluster_broker() {		# $1 = port
@@ -184,6 +188,13 @@ URL=amqp:ssl:$TEST_HOSTNAME:$PORT
 MSG=`./qpid-receive -b $URL -a "foo;{create:always}" --messages 1`
 test "$MSG" = "hello" || { echo "receive failed '$MSG' != 'hello'"; exit 1; }
 
+if [[ -a $AMQP_LIB ]] ; then
+    echo "Testing ssl over AMQP 1.0"
+    ./qpid-send --connection-options '{protocol:amqp1.0}'  -b $URL --content-string=hello -a "foo;{create:always}"
+    MSG=`./qpid-receive --connection-options '{protocol:amqp1.0}' -b $URL -a "foo;{create:always}" --messages 1`
+    test "$MSG" = "hello" || { echo "receive failed for AMQP 1.0 '$MSG' != 'hello'"; exit 1; }
+fi
+
 ## Test connection with a combination of URL and connection options (in messaging API)
 URL=$TEST_HOSTNAME:$PORT
 ./qpid-send -b $URL --connection-options '{transport:ssl,heartbeat:2}' --content-string='hello again' -a "foo;{create:always}"
-- 
cgit v1.2.1