<div dir="ltr">Fred;<div class="gmail_extra"><br><br><div class="gmail_quote">On Sun, Mar 30, 2014 at 1:29 PM, Dushin Fred <span dir="ltr"><<a href="mailto:fred@dushin.net" target="_blank">fred@dushin.net</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">Hi Folks,<br>
<br>
I have run into two issues with the (admittedly unsupported) rabbitmq-c and SimpleAmqpClient libraries. (I realize I am hijacking the RabbtiMQ mailing list for this topic, but I am guessing the Pivotal folks don't mind, because this should result in an improvement of the overall RabbitMQ ecosystem.)<br>
</blockquote><div><br></div><div>Currently this mailing list is the best place to have discussions concerning these two libraries. </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
<br>
The first issue is with the SimpleAmqpClient library. It appears that there is no knob in the Channel::CreateSecureChannel operation to disable hostname verification of the RabbitMQ server. There is a knob in the rabbitmq-c API (amqp_ssl_socket_set_verify), but you need a socket to call it, and the only reasonable place to do that is in the Channel constructor. I am including a patch off the github 2.3 tag for doing just that, though for some reason I did not track down, I could not get boost::make_shared take my new constructor signature, so I just used the shared_ptr constructor in the raw. That may not fit the current model, but it seems harmless for testing.<br>
</blockquote><div><br></div><div>This is probably what you want: <a href="https://github.com/alanxz/SimpleAmqpClient/pull/85">https://github.com/alanxz/SimpleAmqpClient/pull/85</a>. In the future feel free to open a pull-request against the library on github. The error you were seeing with boost::make_shared most likely had to do its limit of 10 arguments.</div>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
<br><br>
If I look at the rabbitmq-c code, I see that the C client library and API only seems to support the PLAIN SASL method. </blockquote><div><br></div><div>That is correct. I'm open to adding support for additional SASL mechanisms to rabbitmq-c. If the implementation of the SASL mechanism is anything more than trivial (e.g., PLAIN really is dead-simple), rabbitmq-c should probably link in a thoroughly tested external library (like cyrus-SASL). Given use of these alternate SASL mechanisms appears to be very low, any external library dependancies should remain optional. I can provide some other hints to get started adding this to rabbitmq-c if you so desire.</div>
<div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"> Any pointers to docs on the EXTERNAL mechanism (at least WRT SSL client auth) or existing code would be greatly appreciated.<br>
</blockquote><div><br></div><div>The RFC for SASL includes a pretty good description of how the SASL EXTERNAL method should operate: <a href="http://tools.ietf.org/html/rfc4422#appendix-A">http://tools.ietf.org/html/rfc4422#appendix-A</a> (it actually looks pretty simple to implement).</div>
<div><br></div><div><br></div><div>-Alan</div></div><br></div></div>