Bug 895515 - '--ssl-key' option missing in several management tools
Summary: '--ssl-key' option missing in several management tools
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise MRG
Classification: Red Hat
Component: qpid-tools
Version: Development
Hardware: Unspecified
OS: Unspecified
medium
low
Target Milestone: 3.0
: ---
Assignee: Ken Giusti
QA Contact: Petra Svobodová
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2013-01-15 12:23 UTC by Petr Matousek
Modified: 2014-09-24 15:05 UTC (History)
4 users (show)

Fixed In Version: qpid-tools-0.22-3.el6, qpid-tools-0.22-3.el5
Doc Type: Bug Fix
Doc Text:
It was discovered that some of the QPID command-line tools did not provide a way for the user to supply a private key when a certificate was used to identify the user of the command to the broker. This caused the command to fail because it was not able to use the certificate without the key. The fix ensures all QPID command line tools that allow user identification through a self-identifying certificate now allow the private key to be supplied via the `--ssl-key` option. This option takes a path to a file that contains the certificate's private key in PEM format. The command line tool now presents the certificate to the broker for authorization, and the command is executed successfully. This feature is documented in the "Enable SSL in Python Clients" section of the Messaging Installation and Configuration Guide and the "Connection Options Reference" of the Messaging Programming Reference Guide.
Clone Of:
Environment:
Last Closed: 2014-09-24 15:05:13 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Apache JIRA QPID-4744 0 None None None Never
Red Hat Bugzilla 895535 0 medium CLOSED 'ssl_key' connection option is not working as expected 2021-02-22 00:41:40 UTC
Red Hat Product Errata RHEA-2014:1296 0 normal SHIPPED_LIVE Red Hat Enterprise MRG Messaging 3.0 Release 2014-09-24 19:00:06 UTC

Internal Links: 895535

Description Petr Matousek 2013-01-15 12:23:04 UTC 
Description of problem:

Several management tools offer except '--ssl-certificate' also '--ssl-key' options (qpid-config, qpid-printevents, qpid-stat) and some don't (qpid-queue-stats, qpid-route, qpid-cluster). Implement the option to all the management tools that supports ssl. All the management tools shall be consistent.

Version-Release number of selected component (if applicable):
qpid-tools-0.18-7.el5

How reproducible:
100%

Steps to Reproduce:
n/a
  
Actual results:
Not all the management tools offer '--ssl-key' option

Expected results:
All the management tools that supports ssl offer '--ssl-key' option
Comment 1 Ken Giusti 2013-02-06 14:40:35 UTC 
I believe the fix for BZ895535 addresses this bug also:

https://bugzilla.redhat.com/show_bug.cgi?id=895535

Petr, do you agree?
Comment 3 Petr Matousek 2013-02-06 15:50:18 UTC 
I agree that this issue is solved (starting from qpid-tools-0.18-8 all the qpid-tools that supports '--ssl-certificate' option supports '--ssl-key' option as well).

I do not agree that this bug is duplicate of bug 895535 and I believe that the standard procedure shall be applied MODIFIED -> ON_QA -> VERIFIED.

From my point of view this issue is solved and already tested on QE side and may be included to 2.3 release. Adding qa_ack+.
Comment 4 Petr Matousek 2013-02-08 14:20:43 UTC 
There is still one tool that supports '--ssl-certificate' option and miss the '--ssl-key' option: qpid-tool (tested package: qpid-tools-0.18-8)

Note: The ssl certificate can be passed through the second command line argument atm.

moreover the supported ssl-certificate option is not listed in the help for the command:

# qpid-tool --help
Usage:  qpid-tool [[<username>/<password>@]<target-host>[:<tcp-port>]]

expected syntax:

Usage:  qpid-tool [[<username>/<password>@]<target-host>[:<tcp-port>]] <ssl_certfile> <ssl_keyfile>

OR

Usage:  qpid-tool [[<username>/<password>@]<target-host>[:<tcp-port>]]     
options:
    --ssl-certificate=<cert>
                        Client SSL certificate (PEM Format)
    --ssl-key=<key>     Client SSL private key (PEM Format)


Expected fix:
Add support for '--ssl-key' option to qpid-tool
List the ssl options in the command help
Comment 11 Petr Matousek 2013-02-14 10:56:46 UTC 
QE Note: All of the qpid-tools except 'qpid-tool' were already updated to support '--ssl-key' option and the functionality of the option was already verified in MRG/M 2.3 release. 

So this bug tracks only the last one remaining issue listed in comment 4.
Comment 12 Justin Ross 2013-02-23 12:49:34 UTC 
Bug 710429 has a patch that addresses the issue in comment 4.

(In reply to comment #11)
> QE Note: All of the qpid-tools except 'qpid-tool' were already updated to
> support '--ssl-key' option and the functionality of the option was already
> verified in MRG/M 2.3 release. 
> 
> So this bug tracks only the last one remaining issue listed in comment 4.
Comment 13 Ken Giusti 2013-04-16 23:41:48 UTC 
Upstream patch should resolve the issues as described in comment 4:

http://svn.apache.org/viewvc?view=revision&revision=1468683
Comment 17 Petra Svobodová 2013-12-20 13:48:12 UTC 
All qpid-tools (qpid-config, qpid-stat, qpid-route, qpid-queue-stats, qpid-printevents and qpid-tool) provide options --ssl-certificate and --ssl-key and display them in their help. 
Functionality of --ssl-key connection options of the tools are verified in bug 895535.

Verified on package qpid-tools-0.22-7 on Rhel 6.5 in i386 and x86_64 architectures.

--> VERIFIED
Comment 20 errata-xmlrpc 2014-09-24 15:05:13 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHEA-2014-1296.html
Note You need to log in before you can comment on or make changes to this bug.