Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 641330

Summary: qpidd broker reports 'Error reading socket: Encountered end of file [-5938]' as an reaction to 'qpid-config -a amqps://${SRV_CN}:${SSL_PORT}'
Product: Red Hat Enterprise MRG Reporter: Martin Kudlej <mkudlej>
Component: qpid-cppAssignee: Jonathan Robie <jonathan.robie>
Status: CLOSED DUPLICATE QA Contact: MRG Quality Engineering <mrgqe-bugs>
Severity: medium Docs Contact:
Priority: medium    
Version: betaCC: freznice, gsim, iboverma
Target Milestone: 2.0   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2011-02-01 19:43:55 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 552330    
Attachments:
Description Flags
A script that correctly executes qpid-config with ssl
none
Test script using ssl with qpid-config, and various other programs. Based on ssl_test. none

Description Martin Kudlej 2010-10-08 12:55:22 UTC 
Description of problem:
I've found this error in qpidd.log:
Error reading socket: Encountered end of file [-5938]
during verification of BZ552330.

Version-Release number of selected component (if applicable):
RHEL 5.5 x86_64
python-qpid-0.7.946106-14.el5
qpid-cpp-client-0.7.946106-17.el5
qpid-cpp-client-ssl-0.7.946106-17.el5
qpid-cpp-server-0.7.946106-17.el5
qpid-cpp-server-ssl-0.7.946106-17.el5
qpid-tools-0.7.946106-11.el5
python-qmf-0.7.946106-13.el5

How reproducible:
100%

Steps to Reproduce:
1. set up ssl environment according:
#based on jsarenik's ppecka's script

#function for generating seed files
function genoise() {
        NOISE_FILE=$(mktemp)
        dd count=1 bs=4096 if=/dev/urandom of=${NOISE_FILE}
} 2>/dev/null

#CA authority
CA_PASSWORD="imstrong"
#this evaluates to /bin/CA_db, it is necessary to set proper rights to that directory and all file inside it
CA_DIR="$(readlink -f $(dirname $0))/CA_db"
CA_PW_FILE="${CA_DIR}/passwordfile"
CA_NICK=CAnick

#SERVER related variables
SRV_PASSWORD=${CA_PASSWORD}
SRV_DIR=${CA_DIR}
SRV_PW_FILE=${CA_PW_FILE}
SRV_NICK=serv_$(uname -n)
SRV_CN=$(uname -n)
[[ -z "${SRV_CN}" ]] && echo "ERROR: FQDN not obtained" && exit 1

#CLIENT related variables
CLI_PASSWORD=${CA_PASSWORD}
CLI_DIR=${CA_DIR}
CLI_PW_FILE=${CA_PW_FILE}
CLI_NICK=client_$(uname -n)
CLI_CN=guest

if [[ -n ${CA_DIR} ]] ; then
  rm -rf ${CA_DIR}
  mkdir ${CA_DIR}
  echo ${CA_PASSWORD} > ${CA_PW_FILE}
fi

# Initialise CERT DB
certutil -N -d ${CA_DIR} -f ${CA_PW_FILE}
# Generate a new public and private key pair within a key database
genoise
certutil -G -d ${CA_DIR} -f ${CA_PW_FILE} -z ${NOISE_FILE}

#Create the self-signed Root CA certificate, specifying the subject name for the certificate.
genoise
echo -e "y\n0\nn\n" | certutil -S -d ${CA_DIR} -n "${CA_NICK}" -s "CN=CAcert" -t "CT,," -x -m 1000 -v 120 -f ${CA_PW_FILE} -z ${NOISE_FILE}

#Create Server cert
genoise
certutil -S -n "${SRV_NICK}" -s "CN=${SRV_CN}" -c "${CA_NICK}" -t "u,u,u" -m 1001 -v 120 -d ${CA_DIR} -f ${CA_PW_FILE} -z ${NOISE_FILE}

#Create Client cert
genoise
certutil -S -n "${CLI_NICK}" -s "CN=${CLI_CN}" -c "${CA_NICK}" -t "u,u,u" -m 1002 -v 120 -d ${CA_DIR} -f ${CA_PW_FILE} -z ${NOISE_FILE}
  

#set qpidd configuration to /etc/qpidd.conf:
cluster-mechanism=ANONYMOUS
log-to-syslog=0
log-to-file=/tmp/qpidd.log
log-time=1
log-level=1
log-enable=debug+
ssl-port=5681
require-encryption=yes
ssl-require-client-authentication=yes
ssl-cert-password-file=/bin/CA_db/passwordfile
ssl-cert-db=/bin/CA_db
ssl-cert-name=serv_===hostname===
auth=yes


service qpidd restart

2. # Set client variables
export SSL_PORT=5681
export QPID_SSL_CERT_PASSWORD_FILE=${CLI_PW_FILE}
export QPID_SSL_CERT_DB=${CLI_DIR}
export QPID_SSL_CERT_NAME=${CLI_NICK}
export QPID_SSL_USE_EXPORT_POLICY=yes

3. qpid-config -a amqps://guest/guest@${SRV_CN}:${SSL_PORT}
or just 
qpid-config -a amqps://${SRV_CN}:${SSL_PORT}

4. echo $? 
evaluates to 0
  
Actual results:
There is error in qpid-cpp-server:
Error reading socket: Encountered end of file [-5938]
and qpid-config doesn't return any information.

Expected results:
There is no error like "Encountered end of file" and qpid-config will return proper information.

Additional info:
$ cat qpidd.log

2010-10-08 08:22:52 info Loaded Module: /usr/lib64/qpid/daemon/replication_exchange.so
2010-10-08 08:22:52 info Loaded Module: /usr/lib64/qpid/daemon/ssl.so
2010-10-08 08:22:52 info Loaded Module: /usr/lib64/qpid/daemon/acl.so
2010-10-08 08:22:52 info Loaded Module: /usr/lib64/qpid/daemon/replicating_listener.so
2010-10-08 08:22:52 debug Forked daemon child process
2010-10-08 08:22:52 info No message store configured, persistence is disabled.
2010-10-08 08:22:52 info Management enabled
2010-10-08 08:22:52 debug ManagementAgent restored broker ID: 887145f2-6fa7-4ad8-bb34-7b872e28ebc6
2010-10-08 08:22:52 debug ManagementAgent boot sequence: 24
2010-10-08 08:22:52 debug ManagementAgent added package org.apache.qpid.broker
2010-10-08 08:22:52 debug ManagementAgent added class org.apache.qpid.broker:system
2010-10-08 08:22:52 debug ManagementAgent added class org.apache.qpid.broker:broker
2010-10-08 08:22:52 debug ManagementAgent added class org.apache.qpid.broker:agent
2010-10-08 08:22:52 debug ManagementAgent added class org.apache.qpid.broker:vhost
2010-10-08 08:22:52 debug ManagementAgent added class org.apache.qpid.broker:queue
2010-10-08 08:22:52 debug ManagementAgent added class org.apache.qpid.broker:exchange
2010-10-08 08:22:52 debug ManagementAgent added class org.apache.qpid.broker:binding
2010-10-08 08:22:52 debug ManagementAgent added class org.apache.qpid.broker:subscription
2010-10-08 08:22:52 debug ManagementAgent added class org.apache.qpid.broker:connection
2010-10-08 08:22:52 debug ManagementAgent added class org.apache.qpid.broker:link
2010-10-08 08:22:52 debug ManagementAgent added class org.apache.qpid.broker:bridge
2010-10-08 08:22:52 debug ManagementAgent added class org.apache.qpid.broker:session
2010-10-08 08:22:52 debug ManagementAgent added class org.apache.qpid.broker:managementsetupstate
2010-10-08 08:22:52 debug ManagementAgent added class org.apache.qpid.broker:clientConnect
2010-10-08 08:22:52 debug ManagementAgent added class org.apache.qpid.broker:clientConnectFail
2010-10-08 08:22:52 debug ManagementAgent added class org.apache.qpid.broker:clientDisconnect
2010-10-08 08:22:52 debug ManagementAgent added class org.apache.qpid.broker:brokerLinkUp
2010-10-08 08:22:52 debug ManagementAgent added class org.apache.qpid.broker:brokerLinkDown
2010-10-08 08:22:52 debug ManagementAgent added class org.apache.qpid.broker:queueDeclare
2010-10-08 08:22:52 debug ManagementAgent added class org.apache.qpid.broker:queueDelete
2010-10-08 08:22:52 debug ManagementAgent added class org.apache.qpid.broker:exchangeDeclare
2010-10-08 08:22:52 debug ManagementAgent added class org.apache.qpid.broker:exchangeDelete
2010-10-08 08:22:52 debug ManagementAgent added class org.apache.qpid.broker:bind
2010-10-08 08:22:52 debug ManagementAgent added class org.apache.qpid.broker:unbind
2010-10-08 08:22:52 debug ManagementAgent added class org.apache.qpid.broker:subscribe
2010-10-08 08:22:52 debug ManagementAgent added class org.apache.qpid.broker:unsubscribe
2010-10-08 08:22:52 info Registered replication exchange
2010-10-08 08:22:52 info SASL enabled
2010-10-08 08:22:52 notice Listening on TCP port 5672
2010-10-08 08:22:52 notice Listening for SSL connections on TCP port 5681
2010-10-08 08:22:52 info Policy file not specified. ACL Disabled, no ACL checking being done!
2010-10-08 08:22:52 debug Daemon ready on port: 5672
2010-10-08 08:22:52 notice Broker running
2010-10-08 08:22:52 info Loaded Module: /usr/lib64/qpid/daemon/replication_exchange.so
2010-10-08 08:22:52 info Loaded Module: /usr/lib64/qpid/daemon/ssl.so
2010-10-08 08:22:52 info Loaded Module: /usr/lib64/qpid/daemon/acl.so
2010-10-08 08:22:52 info Loaded Module: /usr/lib64/qpid/daemon/replicating_listener.so
2010-10-08 08:23:02 debug periodic update  management snapshot: packages: 1 objects: 11 new objects: 0
2010-10-08 08:23:12 debug periodic update  management snapshot: packages: 1 objects: 11 new objects: 0
2010-10-08 08:23:22 debug periodic update  management snapshot: packages: 1 objects: 11 new objects: 0
2010-10-08 08:23:32 debug periodic update  management snapshot: packages: 1 objects: 11 new objects: 0
2010-10-08 08:23:42 debug periodic update  management snapshot: packages: 1 objects: 11 new objects: 0
2010-10-08 08:23:51 error Error reading socket: Encountered end of file [-5938]
2010-10-08 08:23:51 debug DISCONNECTED [10.16.64.86:43432]
2010-10-08 08:23:52 debug periodic update  management snapshot: packages: 1 objects: 11 new objects: 0
2010-10-08 08:24:02 debug periodic update  management snapshot: packages: 1 objects: 11 new objects: 0
....

$ service qpidd restart
Stopping Qpid AMQP daemon: [FAILED]
Starting Qpid AMQP daemon: 2010-10-08 08:22:52 info Loaded Module: /usr/lib64/qpid/daemon/replication_exchange.so
2010-10-08 08:22:52 info Loaded Module: /usr/lib64/qpid/daemon/ssl.so
2010-10-08 08:22:52 info Loaded Module: /usr/lib64/qpid/daemon/acl.so
2010-10-08 08:22:52 info Loaded Module: /usr/lib64/qpid/daemon/replicating_listener.so
[  OK  ]
2010-10-08 08:22:52 info Loaded Module: /usr/lib64/qpid/daemon/replication_exchange.so
2010-10-08 08:22:52 info Loaded Module: /usr/lib64/qpid/daemon/ssl.so
2010-10-08 08:22:52 info Loaded Module: /usr/lib64/qpid/daemon/acl.so
2010-10-08 08:22:52 info Loaded Module: /usr/lib64/qpid/daemon/replicating_listener.so
Comment 2 Jonathan Robie 2011-01-14 23:29:04 UTC 
Created attachment 473619 [details]
A script that correctly executes qpid-config with ssl

With the attached script, and current trunk, I get correct output.

qpid-config -a amqps://127.0.0.1:53360
Total Exchanges: 8
          topic: 3
        headers: 1
         fanout: 1
         direct: 3

   Total Queues: 11
        durable: 0
    non-durable: 11

I have not yet tested this script against the version you were using.
Comment 3 Jonathan Robie 2011-01-21 19:52:25 UTC 
Created attachment 474675 [details]
Test script using ssl with qpid-config, and various other programs. Based on ssl_test.

This works for me on both Fedora 13 and RHEL5. The PYTHON_EXAMPLES path must be set, in the script, to point to your Python examples directory.

On RHEL5, you must have python-ssl installed, from EPEL. Otherwise, ssl is not enabled.
Comment 4 Jonathan Robie 2011-01-21 20:02:37 UTC 
Could your problem be that python-ssl was not installed? If you're using a python version < 2.6, you must install python-ssl. For RHEL5, it is in EPEL.

I'm have asked for this dependency to be documented.
Comment 5 Jonathan Robie 2011-01-21 20:32:22 UTC 
We also need to move python-ssl into the RHEL4 and RHEL5 repos.
Comment 6 Jonathan Robie 2011-02-01 19:43:55 UTC 

*** This bug has been marked as a duplicate of bug 560978 ***