QPID-4810: No TCP if SSL initialisation fails and TCP/SSL mux enabled

git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk@1478510 13f79535-47bb-0310-9956-ffa450edef68
author: Andrew Stitcher <astitcher@apache.org> 2013-05-02 20:10:13 +0000
committer: Andrew Stitcher <astitcher@apache.org> 2013-05-02 20:10:13 +0000
commit: a10a55d4c5b9052a17b3189cea56fb4b9149374a (patch)
tree: 653936272637e1c32c0d6576209c9c0b3a21935d /qpid/cpp/src
parent: 81c5afbaf3c4a2deca04c9a6eba489f317a50f66 (diff)
download: qpid-python-a10a55d4c5b9052a17b3189cea56fb4b9149374a.tar.gz
1 files changed, 37 insertions, 34 deletions
diff --git a/qpid/cpp/src/qpid/sys/SslPlugin.cpp b/qpid/cpp/src/qpid/sys/SslPlugin.cpp
index b99b93137a..22c5127f02 100644
--- a/qpid/cpp/src/qpid/sys/SslPlugin.cpp
+++ b/qpid/cpp/src/qpid/sys/SslPlugin.cpp
@@ -85,13 +85,27 @@ static struct SslPlugin : public Plugin {
 
     void earlyInitialize(Target& target) {
         broker::Broker* broker = dynamic_cast<broker::Broker*>(&target);
-        if (broker && !options.certDbPath.empty()) {
+        if (broker && broker->shouldListen("ssl")) {
             broker::Broker::Options& opts = broker->getOptions();
 
+            if (options.certDbPath.empty()) {
+                QPID_LOG(notice, "SSL plugin not enabled, you must set --ssl-cert-db to enable it.");
+                broker->disableListening("ssl");
+                return;
+            }
+
+            try {
+                ssl::initNSS(options, true);
+                nssInitialized = true;
+            } catch (const std::exception& e) {
+                QPID_LOG(error, "Failed to initialise SSL plugin: " << e.what());
+                broker->disableListening("ssl");
+                return;
+            }
+
             if (opts.port == options.port && // AMQP & AMQPS ports are the same
                 opts.port != 0 &&
-                broker->shouldListen("tcp")&&
-                broker->shouldListen("ssl")) {
+                broker->shouldListen("tcp")) {
                 multiplex = true;
                 broker->disableListening("tcp");
             }
@@ -103,39 +117,28 @@ static struct SslPlugin : public Plugin {
         broker::Broker* broker = dynamic_cast<broker::Broker*>(&target);
         // Only provide to a Broker
         if (broker) {
-            if (options.certDbPath.empty()) {
-                QPID_LOG(notice, "SSL plugin not enabled, you must set --ssl-cert-db to enable it.");
-            } else {
-                try {
-                    ssl::initNSS(options, true);
-                    nssInitialized = true;
-
-                    const broker::Broker::Options& opts = broker->getOptions();
-                    uint16_t port = options.port;
-                    TransportAcceptor::shared_ptr ta;
-                    if (broker->shouldListen("ssl")) {
-                        SocketAcceptor* sa =
-                            new SocketAcceptor(opts.tcpNoDelay, options.nodict, opts.maxNegotiateTime, broker->getTimer());
-                            port = sa->listen(opts.listenInterfaces, boost::lexical_cast<std::string>(options.port), opts.connectionBacklog,
-                                                multiplex ?
-                                                    boost::bind(&createServerSSLMuxSocket, options) :
-                                                    boost::bind(&createServerSSLSocket, options));
-                        if ( port!=0 ) {
-                            ta.reset(sa);
-                            QPID_LOG(notice, "Listening for " <<
-                                            (multiplex ? "SSL or TCP" : "SSL") <<
-                                            " connections on TCP/TCP6 port " <<
-                                            port);
-                        }
-                    }
-                    TransportConnector::shared_ptr tc(
-                        new SocketConnector(opts.tcpNoDelay, options.nodict, opts.maxNegotiateTime, broker->getTimer(),
-                                            &createClientSSLSocket));
-                    broker->registerTransport("ssl", ta, tc, port);
-                } catch (const std::exception& e) {
-                    QPID_LOG(error, "Failed to initialise SSL plugin: " << e.what());
+            const broker::Broker::Options& opts = broker->getOptions();
+            uint16_t port = options.port;
+            TransportAcceptor::shared_ptr ta;
+            if (broker->shouldListen("ssl")) {
+                SocketAcceptor* sa =
+                    new SocketAcceptor(opts.tcpNoDelay, options.nodict, opts.maxNegotiateTime, broker->getTimer());
+                    port = sa->listen(opts.listenInterfaces, boost::lexical_cast<std::string>(options.port), opts.connectionBacklog,
+                                        multiplex ?
+                                            boost::bind(&createServerSSLMuxSocket, options) :
+                                            boost::bind(&createServerSSLSocket, options));
+                if ( port!=0 ) {
+                    ta.reset(sa);
+                    QPID_LOG(notice, "Listening for " <<
+                                    (multiplex ? "SSL or TCP" : "SSL") <<
+                                    " connections on TCP/TCP6 port " <<
+                                    port);
                 }
             }
+            TransportConnector::shared_ptr tc(
+                new SocketConnector(opts.tcpNoDelay, options.nodict, opts.maxNegotiateTime, broker->getTimer(),
+                                    &createClientSSLSocket));
+            broker->registerTransport("ssl", ta, tc, port);
         }
     }
 } sslPlugin;
author	Andrew Stitcher <astitcher@apache.org>	2013-05-02 20:10:13 +0000
committer	Andrew Stitcher <astitcher@apache.org>	2013-05-02 20:10:13 +0000
commit	a10a55d4c5b9052a17b3189cea56fb4b9149374a (patch)
tree	653936272637e1c32c0d6576209c9c0b3a21935d /qpid/cpp/src
parent	81c5afbaf3c4a2deca04c9a6eba489f317a50f66 (diff)
download	qpid-python-a10a55d4c5b9052a17b3189cea56fb4b9149374a.tar.gz