From fb12b8a9442caa1735b3182cfe978596904721b8 Mon Sep 17 00:00:00 2001 From: Andrew Stitcher Date: Thu, 2 May 2013 20:10:13 +0000 Subject: QPID-4810: No TCP if SSL initialisation fails and TCP/SSL mux enabled git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk/qpid@1478510 13f79535-47bb-0310-9956-ffa450edef68 --- cpp/src/qpid/sys/SslPlugin.cpp | 71 ++++++++++++++++++++++-------------------- 1 file changed, 37 insertions(+), 34 deletions(-) (limited to 'cpp') diff --git a/cpp/src/qpid/sys/SslPlugin.cpp b/cpp/src/qpid/sys/SslPlugin.cpp index b99b93137a..22c5127f02 100644 --- a/cpp/src/qpid/sys/SslPlugin.cpp +++ b/cpp/src/qpid/sys/SslPlugin.cpp @@ -85,13 +85,27 @@ static struct SslPlugin : public Plugin { void earlyInitialize(Target& target) { broker::Broker* broker = dynamic_cast(&target); - if (broker && !options.certDbPath.empty()) { + if (broker && broker->shouldListen("ssl")) { broker::Broker::Options& opts = broker->getOptions(); + if (options.certDbPath.empty()) { + QPID_LOG(notice, "SSL plugin not enabled, you must set --ssl-cert-db to enable it."); + broker->disableListening("ssl"); + return; + } + + try { + ssl::initNSS(options, true); + nssInitialized = true; + } catch (const std::exception& e) { + QPID_LOG(error, "Failed to initialise SSL plugin: " << e.what()); + broker->disableListening("ssl"); + return; + } + if (opts.port == options.port && // AMQP & AMQPS ports are the same opts.port != 0 && - broker->shouldListen("tcp")&& - broker->shouldListen("ssl")) { + broker->shouldListen("tcp")) { multiplex = true; broker->disableListening("tcp"); } @@ -103,39 +117,28 @@ static struct SslPlugin : public Plugin { broker::Broker* broker = dynamic_cast(&target); // Only provide to a Broker if (broker) { - if (options.certDbPath.empty()) { - QPID_LOG(notice, "SSL plugin not enabled, you must set --ssl-cert-db to enable it."); - } else { - try { - ssl::initNSS(options, true); - nssInitialized = true; - - const broker::Broker::Options& opts = broker->getOptions(); - uint16_t port = options.port; - TransportAcceptor::shared_ptr ta; - if (broker->shouldListen("ssl")) { - SocketAcceptor* sa = - new SocketAcceptor(opts.tcpNoDelay, options.nodict, opts.maxNegotiateTime, broker->getTimer()); - port = sa->listen(opts.listenInterfaces, boost::lexical_cast(options.port), opts.connectionBacklog, - multiplex ? - boost::bind(&createServerSSLMuxSocket, options) : - boost::bind(&createServerSSLSocket, options)); - if ( port!=0 ) { - ta.reset(sa); - QPID_LOG(notice, "Listening for " << - (multiplex ? "SSL or TCP" : "SSL") << - " connections on TCP/TCP6 port " << - port); - } - } - TransportConnector::shared_ptr tc( - new SocketConnector(opts.tcpNoDelay, options.nodict, opts.maxNegotiateTime, broker->getTimer(), - &createClientSSLSocket)); - broker->registerTransport("ssl", ta, tc, port); - } catch (const std::exception& e) { - QPID_LOG(error, "Failed to initialise SSL plugin: " << e.what()); + const broker::Broker::Options& opts = broker->getOptions(); + uint16_t port = options.port; + TransportAcceptor::shared_ptr ta; + if (broker->shouldListen("ssl")) { + SocketAcceptor* sa = + new SocketAcceptor(opts.tcpNoDelay, options.nodict, opts.maxNegotiateTime, broker->getTimer()); + port = sa->listen(opts.listenInterfaces, boost::lexical_cast(options.port), opts.connectionBacklog, + multiplex ? + boost::bind(&createServerSSLMuxSocket, options) : + boost::bind(&createServerSSLSocket, options)); + if ( port!=0 ) { + ta.reset(sa); + QPID_LOG(notice, "Listening for " << + (multiplex ? "SSL or TCP" : "SSL") << + " connections on TCP/TCP6 port " << + port); } } + TransportConnector::shared_ptr tc( + new SocketConnector(opts.tcpNoDelay, options.nodict, opts.maxNegotiateTime, broker->getTimer(), + &createClientSSLSocket)); + broker->registerTransport("ssl", ta, tc, port); } } } sslPlugin; -- cgit v1.2.1