Description of problem: Prior 3.0, broker provided NSS error details like: 2015-06-30 10:37:27 [Security] error Error reading socket: SSL peer cannot verify your certificate. [-12271] These details are now hidden due to QPID-4272. Please extend broker logs by the NSS error details back, i.e. fix&backport QPID-6435. Version-Release number of selected component (if applicable): 0.22-*, 0.30-* How reproducible: 100% Steps to Reproduce: 1. Run broker with SSL enabled / enforced. 2. Try to login to the broker with invalid SSL cert or anyhow else to get auth/SSL failure. 3. Check qpid logs for details. Actual results: broker logs just general errors from IO and not from SSL, like: 2015-06-30 10:39:01 [System] error Error reading socket: Success(0) or 2015-06-30 10:42:01 [System] error Error reading socket: No such file or directory(2) Expected results: Same errors like in MRG 2.* / 0.18 brokers (see Description for an example) Additional info:
This issue is now fixed upstream on trunk: https://svn.apache.org/r1696715
This issue has been fixed. Verified on rhel6.7 (i386, x86_64) and rhel7.1 (x86_64). NSS error are logged again. packages: qpid-cpp-0.34-4 -> VERIFIED
Thanks for the draft text Andrew. Marking for inclusion in the 3.2 Release Notes.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHEA-2015-1879.html