Bug 751845
| Summary: | Allow SSL and non-SSL connections on the same port | ||
|---|---|---|---|
| Product: | Red Hat Enterprise MRG | Reporter: | Justin Ross <jross> |
| Component: | qpid-cpp | Assignee: | Gordon Sim <gsim> |
| Status: | CLOSED ERRATA | QA Contact: | Frantisek Reznicek <freznice> |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | 2.1 | CC: | esammons, freznice, iboverma, jneedle |
| Target Milestone: | 2.1.2 | Keywords: | FutureFeature |
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | qpid-cpp-mrg-0.14-3.el5 | Doc Type: | Enhancement |
| Doc Text: |
Cause:
Support in the broker for listening on SSL encrypted sockets and plain TCP sockets is implemented by two distinct modules, each listening on its own port.
Consequence:
It is not therefore possible to serve both SSL and non-SSL connection from the same port. A deployment requiring both types needs to advertise two port numbers. This is not always possible or convenient
Change:
The SSL module has been changed to optionally serve plain (non-SSL encrypted) connections using the same port.
Result:
If required a single port can be advertised that will support both SSL and non-SSL traffic. This is enabled by setting the --ssl-port and --port option to the same value. Note that under this configuration there is at present no support for IPv6 addresses.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2012-04-30 17:53:06 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | |||
| Bug Blocks: | 754376, 783492 | ||
|
Description
Justin Ross
2011-11-07 18:41:58 UTC
Technical note added. If any revisions are required, please edit the "Technical Notes" field
accordingly. All revisions will be proofread by the Engineering Content Services team.
New Contents:
Cause:
Support in the broker for listening on SSL encrypted sockets and plain TCP sockets is implemented by two distinct modules, each listening on its own port.
Consequence:
It is not therefore possible to serve both SSL and non-SSL connection from the same port. A deployment requiring both types needs to advertise two port numbers. This is not always possible or convenient
Change:
The SSL module has been changed to optionally serve plain (non-SSL encrypted) connections using the same port.
Result:
If required a single port can be advertised that will support both SSL and non-SSL traffic. This is enabled by setting the --ssl-port and --port option to the same value. Note that under this configuration there is at present no support for IPv6 addresses.
The feature has been implemented and it's proved to be functional on RHEL 5.7 / 6.2 i[36]86 / x86_64 on packages: python-qpid-0.14-1.el5 python-qpid-qmf-0.14-2.el5 qpid-cpp-client-0.14-4.el5 qpid-cpp-client-devel-0.14-4.el5 qpid-cpp-client-devel-docs-0.14-4.el5 qpid-cpp-client-rdma-0.14-4.el5 qpid-cpp-client-ssl-0.14-4.el5 qpid-cpp-mrg-debuginfo-0.14-4.el5 qpid-cpp-server-0.14-4.el5 qpid-cpp-server-cluster-0.14-4.el5 qpid-cpp-server-devel-0.14-4.el5 qpid-cpp-server-rdma-0.14-4.el5 qpid-cpp-server-ssl-0.14-4.el5 qpid-cpp-server-store-0.14-4.el5 qpid-cpp-server-xml-0.14-4.el5 qpid-java-client-0.14-1.el5 qpid-java-common-0.14-1.el5 qpid-java-example-0.14-1.el5 qpid-qmf-0.14-2.el5 qpid-qmf-debuginfo-0.14-2.el5 qpid-qmf-devel-0.14-2.el5 qpid-tests-0.14-1.el5 qpid-tools-0.14-1.el5 ruby-qpid-qmf-0.14-2.el5 -> VERIFIED Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHSA-2012-0529.html |