Red Hat Bugzilla – Bug 864997
Add a note to the MCIG instructions on enabling broker SSL support to not require client auth
Last modified: 2016-05-26 16:22:51 EDT
Cumin does not yet support this option, so we should add a note to the MCIG warning that if the option is thrown in the broker Cumin will not be able to connect to it.
+++ This bug was initially created as a clone of Bug #862561 +++
Description of problem:
Recently python clients (qpid-stat, qpid-config, qpid-tool) from Messaging started to support option 'ssl-require-client-authentication=yes'.
What does this option do?
Forces clients to authenticate in order to establish an SSL connection.
Who can be affected?
When users start using this option cumin stops working over ssl, but diagnostic python tools will still work.
See linked BZs for more information.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Setup broker with 'ssl-require-client-authentication=yes'
2. Try to use cumin-broker configuration with SSL according to MCIG
cumin doesn't connect to broker
cumin set according to documentation works over ssl
a) mention unsupported 'ssl-require-client-authentication=yes' in MCIG
b) fix cumin to work with both (yes/no) authentication options
I can see proper text:
Cumin currently does not support the configuration setting ssl-require-client-authentication=yes. Setting this configuration option on the broker will prevent Cumin from connecting.
Revision 3.1-0 Fri Feb 22 2013
MRG-Grid is in maintenance and only customer escalations will be considered. This issue can be reopened if a customer escalation associated with it occurs.