Bug 864997 - Add a note to the MCIG instructions on enabling broker SSL support to not require client auth
Add a note to the MCIG instructions on enabling broker SSL support to not req...
Product: Red Hat Enterprise MRG
Classification: Red Hat
Component: Management_Console_Installation_Guide (Show other bugs)
Unspecified Unspecified
low Severity medium
: ---
: ---
Assigned To: mmurray
Messaging QE
Depends On: 862561
  Show dependency treegraph
Reported: 2012-10-10 11:15 EDT by Trevor McKay
Modified: 2016-05-26 16:22 EDT (History)
5 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: 862561
Last Closed: 2016-05-26 16:22:51 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Trevor McKay 2012-10-10 11:15:45 EDT
Cumin does not yet support this option, so we should add a note to the MCIG warning that if the option is thrown in the broker Cumin will not be able to connect to it.

+++ This bug was initially created as a clone of Bug #862561 +++

Description of problem:
Recently python clients (qpid-stat, qpid-config, qpid-tool) from Messaging started to support option 'ssl-require-client-authentication=yes'.

What does this option do?
Forces clients to authenticate in order to establish an SSL connection.

Who can be affected?
When users start using this option cumin stops working over ssl, but diagnostic python tools will still work.

See linked BZs for more information.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. Setup broker with 'ssl-require-client-authentication=yes'
2. Try to use cumin-broker configuration with SSL according to MCIG
Actual results:
cumin doesn't connect to broker

Expected results:
cumin set according to documentation works over ssl
I propose:
a) mention unsupported 'ssl-require-client-authentication=yes' in MCIG
b) fix cumin to work with both (yes/no) authentication options
Comment 4 Stanislav Graf 2013-02-25 11:08:16 EST
I can see proper text:
Cumin currently does not support the configuration setting ssl-require-client-authentication=yes. Setting this configuration option on the broker will prevent Cumin from connecting.

Revision 3.1-0	Fri Feb 22 2013
Comment 11 Anne-Louise Tangring 2016-05-26 16:22:51 EDT
MRG-Grid is in maintenance and only customer escalations will be considered. This issue can be reopened if a customer escalation associated with it occurs.

Note You need to log in before you can comment on or make changes to this bug.