From 7a592121b8a8404e431c4bb0f485f6bbde0db77f Mon Sep 17 00:00:00 2001
From: Gordon Sim <gsim@apache.org>
Date: Mon, 20 Oct 2008 18:00:05 +0000
Subject: Remove default location for certificate database. Some extra checking
 in loading ssl libraries.

git-svn-id: https://svn.apache.org/repos/asf/incubator/qpid/trunk/qpid@706349 13f79535-47bb-0310-9956-ffa450edef68
---
 cpp/src/qpid/client/SslConnector.cpp |  8 ++++++--
 cpp/src/qpid/sys/SslPlugin.cpp       | 22 +++++++++++++++-------
 cpp/src/qpid/sys/ssl/util.cpp        |  1 -
 3 files changed, 21 insertions(+), 10 deletions(-)

(limited to 'cpp/src/qpid')

diff --git a/cpp/src/qpid/client/SslConnector.cpp b/cpp/src/qpid/client/SslConnector.cpp
index 8ae412ed09..4ea54a3b59 100644
--- a/cpp/src/qpid/client/SslConnector.cpp
+++ b/cpp/src/qpid/client/SslConnector.cpp
@@ -146,8 +146,12 @@ namespace {
             try {
                 SslOptions options;
                 options.parse (0, 0, CONF_FILE, true);
-                initNSS(options);                
-                Connector::registerFactory("ssl", &create);
+                if (options.certDbPath.empty()) {
+                    QPID_LOG(warning, "SSL connector not enabled, you must set QPID_SSL_CERT_DB to enable it.");                    
+                } else {
+                    initNSS(options);                
+                    Connector::registerFactory("ssl", &create);
+                }
             } catch (const std::exception& e) {
                 QPID_LOG(error, "Failed to initialise SSL connector: " << e.what());
             }
diff --git a/cpp/src/qpid/sys/SslPlugin.cpp b/cpp/src/qpid/sys/SslPlugin.cpp
index ee272830e1..c519f5dc80 100644
--- a/cpp/src/qpid/sys/SslPlugin.cpp
+++ b/cpp/src/qpid/sys/SslPlugin.cpp
@@ -89,13 +89,21 @@ static struct SslPlugin : public Plugin {
         broker::Broker* broker = dynamic_cast<broker::Broker*>(&target);
         // Only provide to a Broker
         if (broker) {
-            ssl::initNSS(options, true);
-
-            const broker::Broker::Options& opts = broker->getOptions();
-            ProtocolFactory::shared_ptr protocol(new SslProtocolFactory(options,
-                                                                        opts.connectionBacklog, opts.tcpNoDelay));
-            QPID_LOG(info, "Listening for SSL connections on TCP port " << protocol->getPort());
-            broker->registerProtocolFactory("ssl", protocol);
+            if (options.certDbPath.empty()) {
+                QPID_LOG(warning, "SSL plugin not enabled, you must set --qpid-ssl-cert-db to enable it.");                    
+            } else {
+                try {
+                    ssl::initNSS(options, true);
+                    
+                    const broker::Broker::Options& opts = broker->getOptions();
+                    ProtocolFactory::shared_ptr protocol(new SslProtocolFactory(options,
+                                                                                opts.connectionBacklog, opts.tcpNoDelay));
+                    QPID_LOG(info, "Listening for SSL connections on TCP port " << protocol->getPort());
+                    broker->registerProtocolFactory("ssl", protocol);
+                } catch (const std::exception& e) {
+                    QPID_LOG(error, "Failed to initialise SSL plugin: " << e.what());
+                }
+            }
         }
     }
 } sslPlugin;
diff --git a/cpp/src/qpid/sys/ssl/util.cpp b/cpp/src/qpid/sys/ssl/util.cpp
index 63855d49ac..97b00f19de 100644
--- a/cpp/src/qpid/sys/ssl/util.cpp
+++ b/cpp/src/qpid/sys/ssl/util.cpp
@@ -49,7 +49,6 @@ std::string defaultCertName()
 }
 
 SslOptions::SslOptions() : qpid::Options("SSL Settings"), 
-                           certDbPath(CERT_DB),
                            certName(defaultCertName()),
                            exportPolicy(false)
 {
-- 
cgit v1.2.1