我正在尝试让SSL与activemq-cpp库一起工作。我在使用普通TCP连接时没有遇到任何问题,但使用SSL代理URL时,连接start方法永远不会返回。这是我的代码:
#include <iostream>
#include <activemq/library/ActiveMQCPP.h>
#include <activemq/core/ActiveMQConnectionFactory.h>
#include <activemq/util/Config.h>
#include <decaf/lang/System.h>
#include <cms/Connection.h>
/*
* Build exe with: g++ -std=c++11 -o main -I/usr/include/activemq-cpp-3.9.3 -I/usr/include/apr-1 -lactivemq-cpp -ldl -luuid main.cpp
*/
int main()
{
using namespace cms;
activemq::library::ActiveMQCPP::initializeLibrary();
{
// Setting SSL params
decaf::lang::System::setProperty( "decaf.net.ssl.keyStore", "/home/pcarter/tmp/active_mq_question/client.pem" );
decaf::lang::System::setProperty( "decaf.net.ssl.keyStorePassword", "password" );
decaf::lang::System::setProperty( "decaf.net.ssl.trustStore", "/home/pcarter/tmp/active_mq_question/broker.pem" );
// Program works fine with tcp url below
//std::string broker_url = "failover:(tcp://localhost:61616)";
// Program locks up in start() call with ssl url below:
std::string broker_url = "failover:(ssl://localhost:61617)";
// Create a ConnectionFactory
std::unique_ptr<ConnectionFactory> connection_factory(
ConnectionFactory::createCMSConnectionFactory(broker_url));
// Create a Connection
std::unique_ptr<cms::Connection> connection(connection_factory->createConnection());
std::cout << "Calling start()" << std::endl;
connection->start(); // This never returns
std::cout << "start() returned" << std::endl;
}
activemq::library::ActiveMQCPP::shutdownLibrary();
return 0;
}
我使用默认的activemq.xml文件和以下连接器部分
<transportConnectors>
<transportConnector name="stomp+ssl" uri="stomp+nio+ssl://0.0.0.0:61613?transport.enabledProtocols=TLSv1.2&needClientAuth=true" />
<transportConnector name="ssl" uri="ssl://0.0.0.0:61617?maximumConnections=1000&wireFormat.maxFrameSize=104857600&needClientAuth=true" />
<transportConnector name="openwire" uri="tcp://0.0.0.0:61616?maximumConnections=1000&wireFormat.maxFrameSize=104857600"/>
</transportConnectors>
然而,我不认为问题出在经纪人方面。当我运行代码时,tcpdump显示没有数据包被发送到端口61617。
我已经能够让SSL与python STOMP客户端一起工作。
我使用的是CentOS 7,并使用yum安装了ActiveMQ cpp 3.9.3版本。我使用的是普通的gcc编译器4.8.5版本。
我对SSL和C++的主要参考是这个问题:activemqcppc++客户端如何使用sslurl连接服务器
我使用这里描述的过程创建了证书:ActiveMQ-STOMP+SSL与Python STOMP客户端
当我尝试删除;故障转移";从代理URI,程序报告了一个错误(这是来自一个稍微修改过的测试程序,它捕获了cms:::CMSException(:
$ ./main
Caught: Error occurred while accessing an OpenSSL library method:
error:0906D06C:PEM routines:PEM_read_bio:no start line
error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM lib
Error occurred while accessing an OpenSSL library method:
error:0906D06C:PEM routines:PEM_read_bio:no start line
error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM lib
使用gdb中断异常抛出,表明错误是从以下代码段抛出的:
// Here we load the configured KeyStore, this is where the client and server certificate are
// stored, a client doesn't necessary need this if the server doesn't enforce client authentication.
std::string keyStorePath = System::getProperty( "decaf.net.ssl.keyStore" );
this->data->password = System::getProperty( "decaf.net.ssl.keyStorePassword" );
// We assume the Public and Private keys are in the same file.
if( !keyStorePath.empty() ) {
if( SSL_CTX_use_certificate_chain_file( this->data->openSSLContext, keyStorePath.c_str() ) != 1 ) {
throw OpenSSLSocketException( __FILE__, __LINE__ );
}
if( SSL_CTX_use_PrivateKey_file( this->data->openSSLContext, keyStorePath.c_str(), SSL_FILETYPE_PEM ) != 1 ) {
// This is where exception was thrown
throw OpenSSLSocketException( __FILE__, __LINE__ );
}
}
关于假设公钥和私钥在同一文件中的评论解释了失败的原因。将我的client.key文件(带有私钥(的内容添加到client.pem文件中解决了这个问题。
我还能够重新添加";故障转移";在这之后也将其发送到代理URI。