1009493 – Client succeeds to connect to non-ssl broker even if the ssl transport is requested by the client

Bug 1009493 - Client succeeds to connect to non-ssl broker even if the ssl transport is requested by the client

Summary: Client succeeds to connect to non-ssl broker even if the ssl transport is req...

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise MRG
Classification:	Red Hat
Component:	qpid-cpp
Sub Component:
Version:	Development
Hardware:	Unspecified
OS:	Unspecified
Priority:	medium
Severity:	medium
Target Milestone:	3.0
Target Release:	---
Assignee:	Gordon Sim
QA Contact:	Leonid Zhaldybin
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2013-09-18 14:33 UTC by Petr Matousek
Modified:	2014-11-09 22:39 UTC (History)
CC List:	5 users (show)
Fixed In Version:	qpid-cpp-0.22-16
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2014-09-24 15:08:48 UTC
Target Upstream Version:

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Apache JIRA	QPID-5143	0	None	None	None	Never
Red Hat Product Errata	RHEA-2014:1296	0	normal	SHIPPED_LIVE	Red Hat Enterprise MRG Messaging 3.0 Release	2014-09-24 19:00:06 UTC

Description Petr Matousek 2013-09-18 14:33:32 UTC

Description of problem:

When using qpid-send/qpid-receive clients for sending/receiving message to default broker address and the ssl transport is requested by the client, the client is successful even when connecting to non-ssl broker: 
qpid-send --connection-options "{transport: 'ssl'}" -a "q;{create:always}"

Note: When the broker address is specified for the connection then the connection is not initiated (as expected):
qpid-send --connection-options "{transport: 'ssl'}" -a "q;{create:always}" -b localhost
qpid-send: Unknown protocol: ssl (/builddir/build/BUILD/qpid-0.22/cpp/src/qpid/client/Connector.cpp:52)

Version-Release number of selected component (if applicable):
qpid-cpp-*-0.22-14

How reproducible:
100%

Steps to Reproduce:
1. run a non-ssl broker
2. qpid-send --connection-options "{transport: 'ssl'}" -a "q;{create:always}"
3. qpid-config queues
4. the queue q was created

Actual results:
ssl connection to non-ssl broker succeeds

Expected results:
ssl connection to non-ssl broker is aborted

Additional info:

Comment 1 Gordon Sim 2013-09-18 19:28:27 UTC

Fixed upstream: https://svn.apache.org/r1524506

Comment 3 Leonid Zhaldybin 2014-01-07 15:46:36 UTC

Tested on RHEL6.5 (both i386 and x86_64). This issue has been fixed.

Packages used for testing:
python-qpid-0.22-9.el6
python-qpid-qmf-0.22-25.el6
qpid-cpp-client-0.22-30.el6
qpid-cpp-client-devel-0.22-30.el6
qpid-cpp-client-devel-docs-0.22-30.el6
qpid-cpp-client-ssl-0.22-30.el6
qpid-cpp-server-0.22-30.el6
qpid-cpp-server-devel-0.22-30.el6
qpid-cpp-server-linearstore-0.22-30.el6
qpid-cpp-server-ssl-0.22-30.el6
qpid-cpp-server-xml-0.22-30.el6
qpid-java-client-0.22-5.el6
qpid-java-common-0.22-5.el6
qpid-java-example-0.22-5.el6
qpid-jca-0.22-1.el6
qpid-jca-xarecovery-0.22-1.el6
qpid-proton-c-0.6-1.el6
qpid-qmf-0.22-25.el6
qpid-snmpd-1.0.0-15.el6
qpid-tools-0.22-7.el6

-> VERIFIED

Comment 4 errata-xmlrpc 2014-09-24 15:08:48 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHEA-2014-1296.html

Note You need to log in before you can comment on or make changes to this bug.