Created: (AMQCPP-140) Add SSL transport

Thread: Created: (AMQCPP-140) Add SSL transport

Search this list only Search all lists
Created: (AMQCPP-140) Add SSL transport
United States	2007-08-04 12:56:48
Add SSL transport ----------------- Key: AMQCPP-140 URL: https://issues.apache.org/activemq/browse/AMQCPP-140 Project: ActiveMQ C++ Client Issue Type: New Feature Affects Versions: 2.2 Reporter: Nathan Mittler Assignee: Nathan Mittler Need a secure transport for activemq-cpp. Some options for ssl support: 1) OpenSSL - fairly robust set of ssl functions 2) APR - trunk has added support for ssl sockets. An attractive option, given that we're already starting to incorporate API in other areas. Should create a Java-like set of classes in decaf to add basic ssl support, then use those classes to make an SSLTransport in activemq-cpp. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.

Updated: (AMQCPP-140) Add SSL transport
United States	2007-08-04 12:56:49
[ https://issues.apache.org/activemq/browse/AMQCPP-140?p age=com.atlassian.jira.plugin.system.issuetabpanels:all-tabp anel ] Nathan Mittler updated AMQCPP-140: ---------------------------------- Fix Version/s: 2.2 > Add SSL transport > ----------------- > > Key: AMQCPP-140 > URL: https://issues.apache.org/activemq/browse/AMQCPP-140 > Project: ActiveMQ C++ Client > Issue Type: New Feature > Affects Versions: 2.2 > Reporter: Nathan Mittler > Assignee: Nathan Mittler > Fix For: 2.2 > > > Need a secure transport for activemq-cpp. Some options for ssl support: > 1) OpenSSL - fairly robust set of ssl functions > 2) APR - trunk has added support for ssl sockets. An attractive option, given that we're already starting to incorporate API in other areas. > Should create a Java-like set of classes in decaf to add basic ssl support, then use those classes to make an SSLTransport in activemq-cpp. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.

Commented: (AMQCPP-140) Add SSL transport
United States	2007-10-17 07:32:25
[ https://issues.apache.org/activemq/br owse/AMQCPP-140?page=com.atlassian.jira.plugin.system.issuet abpanels:comment-tabpanel#action_40398 ] Nathan Mittler commented on AMQCPP-140: --------------------------------------- Just some thoughts on the user interface for the ssl transport, based on how it works in the Java client (http ://activemq.apache.org/how-do-i-use-ssl.html)... 1) SSL transport-specific properties could be passed in via the connection URI. This is in keeping with the other transports. 2) The ActiveMQ-CPP's decaf library, has support for handling environment variables. It would be fairly simple to allow the default behavior of the SSL transport to be determined by the following environment variables: decaf.net.ssl.keyStore=/path/to/client.ks decaf.net.ssl.keyStorePassword=password decaf.net.ssl.trustStore=/path/to/client.ts If no SSL transport arguments are passed in via the connection uri, these environment variables could be used to automatically configure SSL. 3) The following SSL transport arguments in the connection uri would override the system properties: "ssl://localhost:11111?ssl.keyStore=/path/to/client.ks& amp;ssl.keyStore.Password=password&ssl.trustStore=/path/ to/client.ts" > Add SSL transport > ----------------- > > Key: AMQCPP-140 > URL: https://issues.apache.org/activemq/browse/AMQCPP-140 > Project: ActiveMQ C++ Client > Issue Type: New Feature > Affects Versions: 2.2 > Reporter: Nathan Mittler > Assignee: Nathan Mittler > Fix For: 2.2 > > > Need a secure transport for activemq-cpp. Some options for ssl support: > 1) OpenSSL - fairly robust set of ssl functions > 2) APR - trunk has added support for ssl sockets. An attractive option, given that we're already starting to incorporate API in other areas. > Should create a Java-like set of classes in decaf to add basic ssl support, then use those classes to make an SSLTransport in activemq-cpp. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.

Commented: (AMQCPP-140) Add SSL transport
United States	2007-10-17 10:28:24
[ https://issues.apache.org/activemq/br owse/AMQCPP-140?page=com.atlassian.jira.plugin.system.issuet abpanels:comment-tabpanel#action_40399 ] Hiram Chirino commented on AMQCPP-140: -------------------------------------- I like it.. > Add SSL transport > ----------------- > > Key: AMQCPP-140 > URL: https://issues.apache.org/activemq/browse/AMQCPP-140 > Project: ActiveMQ C++ Client > Issue Type: New Feature > Affects Versions: 2.2 > Reporter: Nathan Mittler > Assignee: Nathan Mittler > Fix For: 2.2 > > > Need a secure transport for activemq-cpp. Some options for ssl support: > 1) OpenSSL - fairly robust set of ssl functions > 2) APR - trunk has added support for ssl sockets. An attractive option, given that we're already starting to incorporate API in other areas. > Should create a Java-like set of classes in decaf to add basic ssl support, then use those classes to make an SSLTransport in activemq-cpp. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.

Updated: (AMQCPP-140) Add SSL transport
United States	2007-10-21 16:28:23
[ https://issues.apache.org/activemq/browse/AMQCPP-140?p age=com.atlassian.jira.plugin.system.issuetabpanels:all-tabp anel ] Teemu Torma updated AMQCPP-140: ------------------------------- Attachment: amqcpp-ssl.patch1 This is a my first draft of ssl support using openssl. The patch is against 2.1 and has no configuration support so far (openssl headers must be found by the compiler and user must link the libraries.) I had a look apr ssl routines in the trunk and they are either too simplistic or too incomplete for any serious use. My design goal was to use the existing code as much as possible without resorting to use "if"s in the code. There are multiple ways of doing this and this happens to be the one that first popped into my head. No connection properties or certificate handling has been implemented yet. Plain encrypted connections appear to work, at least for me. > Add SSL transport > ----------------- > > Key: AMQCPP-140 > URL: https://issues.apache.org/activemq/browse/AMQCPP-140 > Project: ActiveMQ C++ Client > Issue Type: New Feature > Affects Versions: 2.2 > Reporter: Nathan Mittler > Assignee: Nathan Mittler > Fix For: 2.2 > > Attachments: amqcpp-ssl.patch1 > > > Need a secure transport for activemq-cpp. Some options for ssl support: > 1) OpenSSL - fairly robust set of ssl functions > 2) APR - trunk has added support for ssl sockets. An attractive option, given that we're already starting to incorporate API in other areas. > Should create a Java-like set of classes in decaf to add basic ssl support, then use those classes to make an SSLTransport in activemq-cpp. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.

Commented: (AMQCPP-140) Add SSL transport
United States	2007-10-21 17:36:23
[ https://issues.apache.org/activemq/br owse/AMQCPP-140?page=com.atlassian.jira.plugin.system.issuet abpanels:comment-tabpanel#action_40449 ] Albert Strasheim commented on AMQCPP-140: ----------------------------------------- Patch looks promising. Might want to think a bit about these warnings when building on Windows though: 1>..srcmainactivemqnetworkSSLSocket.cpp(58) : warning C4244: 'argument' : conversion from 'activemq::network::Socket::SocketHandle' to 'int', possible loss of data 1>..srcmainactivemqnetworkSSLSocket.cpp(95) : warning C4244: 'argument' : conversion from 'activemq::network::Socket::SocketHandle' to 'int', possible loss of data The offending lines look like this: SSL_set_fd( ssl, socketHandle ); On Windows, SocketHandle is a Winsock2 SOCKET, which seems to be a typedef of UINT_PTR, which I don't think can safely be cast to an int (if it even makes sense to cast it). Can OpenSSL work with Winsock2 sockets? Maybe there's an alternative function to SSL_set_fd that should be called in this case? > Add SSL transport > ----------------- > > Key: AMQCPP-140 > URL: https://issues.apache.org/activemq/browse/AMQCPP-140 > Project: ActiveMQ C++ Client > Issue Type: New Feature > Affects Versions: 2.2 > Reporter: Nathan Mittler > Assignee: Nathan Mittler > Fix For: 2.2 > > Attachments: amqcpp-ssl.patch1 > > > Need a secure transport for activemq-cpp. Some options for ssl support: > 1) OpenSSL - fairly robust set of ssl functions > 2) APR - trunk has added support for ssl sockets. An attractive option, given that we're already starting to incorporate API in other areas. > Should create a Java-like set of classes in decaf to add basic ssl support, then use those classes to make an SSLTransport in activemq-cpp. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.

Commented: (AMQCPP-140) Add SSL transport
United States	2007-10-21 18:36:23
[ https://issues.apache.org/activemq/br owse/AMQCPP-140?page=com.atlassian.jira.plugin.system.issuet abpanels:comment-tabpanel#action_40450 ] Teemu Torma commented on AMQCPP-140: ------------------------------------ I should have mentioned I have tested on Linux only. I don't even have any windows machines, I would have to delegate that part. By searching I don't see any other usage on windows, everything seems to be using SSL_set_fd. We are also using omniORB which also implements ssl and works in all platforms uses it (I used the code as a reference too whilst doing this, I have not programmed with openssl before.) here is something called BIO interface in openssl that could be used too, but that does not seem to be any different in this case. That would just add yet another abstraction layer and I feel there are already enough of them If it works on windows, maybe just stick reinterpret_cast for the call. > Add SSL transport > ----------------- > > Key: AMQCPP-140 > URL: https://issues.apache.org/activemq/browse/AMQCPP-140 > Project: ActiveMQ C++ Client > Issue Type: New Feature > Affects Versions: 2.2 > Reporter: Nathan Mittler > Assignee: Nathan Mittler > Fix For: 2.2 > > Attachments: amqcpp-ssl.patch1 > > > Need a secure transport for activemq-cpp. Some options for ssl support: > 1) OpenSSL - fairly robust set of ssl functions > 2) APR - trunk has added support for ssl sockets. An attractive option, given that we're already starting to incorporate API in other areas. > Should create a Java-like set of classes in decaf to add basic ssl support, then use those classes to make an SSLTransport in activemq-cpp. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.

Commented: (AMQCPP-140) Add SSL transport
United States	2007-10-21 23:06:24
[ https://issues.apache.org/activemq/br owse/AMQCPP-140?page=com.atlassian.jira.plugin.system.issuet abpanels:comment-tabpanel#action_40451 ] Albert Strasheim commented on AMQCPP-140: ----------------------------------------- The thing I'm worried about is that SOCKET (which seems to be a UINT_PTR) could be a 32-bit value on 32-bit Windows and a 64-bit value on 64-bit Windows while int is always 32-bit, so a reinterpret_cast might cause problems, which is why the compiler warns. Maybe I'm being too paranoid... > Add SSL transport > ----------------- > > Key: AMQCPP-140 > URL: https://issues.apache.org/activemq/browse/AMQCPP-140 > Project: ActiveMQ C++ Client > Issue Type: New Feature > Affects Versions: 2.2 > Reporter: Nathan Mittler > Assignee: Nathan Mittler > Fix For: 2.2 > > Attachments: amqcpp-ssl.patch1 > > > Need a secure transport for activemq-cpp. Some options for ssl support: > 1) OpenSSL - fairly robust set of ssl functions > 2) APR - trunk has added support for ssl sockets. An attractive option, given that we're already starting to incorporate API in other areas. > Should create a Java-like set of classes in decaf to add basic ssl support, then use those classes to make an SSLTransport in activemq-cpp. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.

Updated: (AMQCPP-140) Add SSL transport
United States	2007-10-22 18:12:24
[ https://issues.apache.org/activemq/browse/AMQCPP-140?p age=com.atlassian.jira.plugin.system.issuetabpanels:all-tabp anel ] Teemu Torma updated AMQCPP-140: ------------------------------- Attachment: amqcpp-ssl.patch2 Second draft, also tested only on Linux. This adds many connection properties and some more final tuning. Configuration is still missing. Supported properties: sslCAFile=pem - CA certificate sslCAPath=dir - CA certificate directory. sslCertFile=pem - the client certificate sslKeyFile=pem - the client private key (if not given assume cert contains it.) sslPassword=pass - the certificate/key password. If one is needed and the property is not given openssl will prompt one interactively. sslVerifyPeer=boolean - If peer certificate and name should be verified (need CA certificate for that.) sslVerifyName=name - the CN to match in the peer certificate (hostname is the default.) sslCiphers=ciphers - the openssl string to specify the chipers to use. I am sure the names will change and people will have differing opinions. So far I used most native openssl terms. One thing that would be really, really useful in a real life is to build some kind of extension for setting certificates from some other source than files (ldap for example.) I do not suggest that anything else would be supported by activemq-cpp itself, but some extension mechanism that would allow tweaking it without touching activemq-cpp code itself. I don't right now have any good solution for that, and good ideas would be appreciated. > Add SSL transport > ----------------- > > Key: AMQCPP-140 > URL: https://issues.apache.org/activemq/browse/AMQCPP-140 > Project: ActiveMQ C++ Client > Issue Type: New Feature > Affects Versions: 2.2 > Reporter: Nathan Mittler > Assignee: Nathan Mittler > Fix For: 2.2 > > Attachments: amqcpp-ssl.patch1, amqcpp-ssl.patch2 > > > Need a secure transport for activemq-cpp. Some options for ssl support: > 1) OpenSSL - fairly robust set of ssl functions > 2) APR - trunk has added support for ssl sockets. An attractive option, given that we're already starting to incorporate API in other areas. > Should create a Java-like set of classes in decaf to add basic ssl support, then use those classes to make an SSLTransport in activemq-cpp. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.

Updated: (AMQCPP-140) Add SSL transport
United States	2007-10-22 18:14:23
[ https://issues.apache.org/activemq/browse/AMQCPP-140?p age=com.atlassian.jira.plugin.system.issuetabpanels:all-tabp anel ] Teemu Torma updated AMQCPP-140: ------------------------------- Attachment: (was: amqcpp-ssl.patch1) > Add SSL transport > ----------------- > > Key: AMQCPP-140 > URL: https://issues.apache.org/activemq/browse/AMQCPP-140 > Project: ActiveMQ C++ Client > Issue Type: New Feature > Affects Versions: 2.2 > Reporter: Nathan Mittler > Assignee: Nathan Mittler > Fix For: 2.2 > > Attachments: amqcpp-ssl.patch2 > > > Need a secure transport for activemq-cpp. Some options for ssl support: > 1) OpenSSL - fairly robust set of ssl functions > 2) APR - trunk has added support for ssl sockets. An attractive option, given that we're already starting to incorporate API in other areas. > Should create a Java-like set of classes in decaf to add basic ssl support, then use those classes to make an SSLTransport in activemq-cpp. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.

[1-10] [11-12]

about | contact Other archives ( Real Estate discussion Medical topics )