SDK Warning while using Solace C API

chaudharys
chaudharys Member Posts: 25
edited January 2021 in General Discussions #1

Hello everyone,
I am new to using Solace. I am trying to execute the sample HelloWorldPub and HelloWorldSub applications as downloaded from the Solace C API.
When I try to run them, I get the following output:
HelloWorldPub:
HelloWorldPub initializing...
SDK WARNING Fri Jan 29 16:47:17.960 2021 solClientSSL.c:2264 (7f589a035740) Session '(c0,s1)_shivalika-trial' failed to load trust store: unspecified property 'SESSION_SSL_TRUST_STORE_DIR'
SDK WARNING Fri Jan 29 16:47:17.960 2021 solClient.c:12569 (7f589a035740) Bad session pointer '(nil)'in solClient_session_connect
Connected.
About to send message 'Hello world!' to topic 'topic'...
SDK WARNING Fri Jan 29 16:47:17.960 2021 solClientMsg.c:3464 (7f589a035740) Bad session pointer '(nil)' in solClient_session_sendMsg
Message sent. Exiting.

HelloWorldSub:
HelloWorldSub initializing...
SDK WARNING Fri Jan 29 16:47:15.477 2021 solClientSSL.c:2264 (7f30ebd46740) Session '(c0,s1)_shivalika-trial' failed to load trust store: unspecified property 'SESSION_SSL_TRUST_STORE_DIR'
SDK WARNING Fri Jan 29 16:47:15.477 2021 solClient.c:12569 (7f30ebd46740) Bad session pointer '(nil)'in solClient_session_connect
Connected.
SDK WARNING Fri Jan 29 16:47:15.477 2021 solClientSubscription.c:6341 (7f30ebd46740) Bad session pointer '(nil)' in solClient_session_topicSubscribeExt
Waiting for message......

I am using the Connection details from a Service on my PubSub+ Cloud trial account.
I am unable to understand what is going wrong. Please guide me through it.
Thanks!

Best Answers

  • marc
    marc Member, Administrator, Moderator, Employee Posts: 914 admin
    edited January 2021 #2 Answer ✓

    Hi @chaudharys,
    It looks like the code is trying to connect via a secure connection (I assume you're using port 55443?) and can't find the trust store to make the SSL handshake with. My guess is that the HelloWorldPub and HelloWorldSub do not set the truststore and by default try to connect on port 55555 which is the default SMF port. Because you're using PubSub+ Cloud only the secured ports are available by default. Please take a look at the Secure Session example and see if this works for you. You should be able to add the trust store information to the session in the HelloWorld apps and have them work as well.

    Note that you can download a truststore on the same page as your "Connection Details" in solace cloud.

    -Marc

  • nram
    nram Member, Employee Posts: 80 Solace Employee
    #3 Answer ✓

    @chaudharys ,
    1. Can you move the .pem file to a separate folder (eg: /home/chaudharylin/ssl/stores), set 400 permissions (chmod 400 /home/chaudharylin/ssl/stores/*.pem) and run again giving the absolute path ?
    2. Can you try running secureSession sample itself and make sure its working ?
    3. It appears the connection was successful despite the warning based on the output you provided. Can you confirm if the message was published / not ?
    4. To answer your query above to @marc : No you don't need to run the .PEM file or anything else. You only need to supply the folder containing the truststores as you have done in your code.

Answers

  • marc
    marc Member, Administrator, Moderator, Employee Posts: 914 admin
    edited January 2021 #4 Answer ✓

    Hi @chaudharys,
    It looks like the code is trying to connect via a secure connection (I assume you're using port 55443?) and can't find the trust store to make the SSL handshake with. My guess is that the HelloWorldPub and HelloWorldSub do not set the truststore and by default try to connect on port 55555 which is the default SMF port. Because you're using PubSub+ Cloud only the secured ports are available by default. Please take a look at the Secure Session example and see if this works for you. You should be able to add the trust store information to the session in the HelloWorld apps and have them work as well.

    Note that you can download a truststore on the same page as your "Connection Details" in solace cloud.

    -Marc

  • marc
    marc Member, Administrator, Moderator, Employee Posts: 914 admin

    Also @chaudharys, if you want you can enable non-secure ports on messaging service creation under the "Advanced Settings". So that's another option; note that for now you can't enable it after initial creation, but you could delete your service and create a new one.

  • chaudharys
    chaudharys Member Posts: 25

    Hi @marc
    Thank you for your help. I created a new service with non-secure ports enabled. I am successfully able to pass messages using the normal SMF host URL.
    I looked at the Secure Session example and added the properties: SOLCLIENT_SESSION_PROP_SSL_VALIDATE_CERTIFICATE, SOLCLIENT_SESSION_PROP_SSL_VALIDATE_CERTIFICATE_DATE, SOLCLIENT_SESSION_PROP_SSL_TRUST_STORE_DIR.
    When I execute the application with the Secured SMF host URL, I get the error:
    ./HelloWorldPub tcps://mr-1lfnha94ek2p.messaging.solace.cloud:55443 trial solace-cloud-client vrjus50uruhmsthaqu4ggi3gp9 topic
    HelloWorldPub initializing...
    SDK NOTICE Mon Feb 01 17:02:51.931 2021 solClientOS.c:8940 (7f3ce0dd6700) _solClient_dirFindFirst: can't open file /home/chaudharylin/Downloads/solclient_Linux26-x86_64_opt_7.15.0.47/solclient-7.15.0.47/Intro/DigiCert_Global_Root_CA.pem.
    SDK WARNING Mon Feb 01 17:02:51.931 2021 solClientSSL.c:1236 (7f3ce0dd6700) Session '(c0,s1)_trial' failed to load trust store '/home/chaudharylin/Downloads/solclient_Linux26-x86_64_opt_7.15.0.47/solclient-7.15.0.47/Intro/DigiCert_Global_Root_CA.pem'
    Connected.
    About to send message 'HelloWorld!' to topic 'topic'...
    Message sent. Exiting.

    I changed the file permissions of the pem file, still the same result.
    Please guide me with how to include the trust store information to the session.
    Thanks!

  • nram
    nram Member, Employee Posts: 80 Solace Employee

    Hi @chaudharys , Can you pl paste here the values you passed for SOLCLIENT_SESSION_PROP_SSL_TRUST_STORE_DIR & the directly long listing (ls -l

      ) for that dir? Thanks.
  • marc
    marc Member, Administrator, Moderator, Employee Posts: 914 admin

    @chaudharys, can you also try pointing at the directory which contains the .pem file instead of the pem itself? I don't use our c api often and I'm wondering if it expects that instead of being pointed directly to a file.

  • chaudharys
    chaudharys Member Posts: 25

    Hi @nram,
    These are the values I have pasted:
    sessionProps[propIndex++] = SOLCLIENT_SESSION_PROP_SSL_TRUST_STORE_DIR;
    sessionProps[propIndex++] = "/home/chaudharylin/Downloads/solclient_Linux26-x86_64_opt_7.15.0.47/solclient-7.15.0.47/Intro/DigiCert_Global_Root_CA.pem";

    The directory long listing:
    -rwxrwxrwx 1 chaudharylin chaudharylin 1337 Feb 1 12:42 DigiCert_Global_Root_CA.pem
    -rwxrwxr-x 1 chaudharylin chaudharylin 25800 Feb 2 10:16 HelloWorldPub
    -rwxrwxr-x 1 chaudharylin chaudharylin 7725 Feb 2 10:15 HelloWorldPub.c
    -rw-rw-r-- 1 chaudharylin chaudharylin 18608 Feb 2 10:16 HelloWorldPub.o
    -rwxrwxr-x 1 chaudharylin chaudharylin 25344 Feb 2 10:01 HelloWorldSub
    -rwxrwxr-x 1 chaudharylin chaudharylin 6421 Feb 2 10:01 HelloWorldSub.c
    -rw-rw-r-- 1 chaudharylin chaudharylin 17264 Feb 2 10:01 HelloWorldSub.o
    -rwxrwxr-x 1 chaudharylin chaudharylin 2871 Oct 29 20:34 Makefile
    -rwxrwxr-x 1 chaudharylin chaudharylin 618 Oct 29 20:34 os.h
    -rwxrwxr-x 1 chaudharylin chaudharylin 1450 Oct 29 20:34 README
    -rwxrwxr-x 1 chaudharylin chaudharylin 902 Oct 29 20:34 README.unix
    -rwxrw-r-- 1 chaudharylin chaudharylin 99 Jan 29 11:31 setenv.sh

  • chaudharys
    chaudharys Member Posts: 25

    @marc, I pointed it to the directory and not the particular file, it is giving the error as no certificate found
    'no certificate or crl found'(0x0b084088)
    Am I supposed to run the pem file or something..?

  • nram
    nram Member, Employee Posts: 80 Solace Employee
    #11 Answer ✓

    @chaudharys ,
    1. Can you move the .pem file to a separate folder (eg: /home/chaudharylin/ssl/stores), set 400 permissions (chmod 400 /home/chaudharylin/ssl/stores/*.pem) and run again giving the absolute path ?
    2. Can you try running secureSession sample itself and make sure its working ?
    3. It appears the connection was successful despite the warning based on the output you provided. Can you confirm if the message was published / not ?
    4. To answer your query above to @marc : No you don't need to run the .PEM file or anything else. You only need to supply the folder containing the truststores as you have done in your code.

  • chaudharys
    chaudharys Member Posts: 25

    Thank you for your help!
    1. I moved the pem file to a separate folder, set 400 permission, in the code, I set the directory as a command line argument. While executing I gave the path to the folder. It worked!
    2. I had tried running the secureSession sample, it did not work earlier, but after doing what I have mentioned in 1, it worked!
    3. The message was not published

    I have one last issue. When I try using the Compressed SMF Host, I get the error:
    Read failed from transport 'TCP' of session '(c0,s1)_trial' due to 'Peer closed socket, fd 7, cannot read', client name 'chaudharylin/5057/#00000001/pgF3_hYdfW', VPN name 'trial', peer host 'tcp://mr-1lfnha94ek2p.messaging.solace.cloud:55003' address 'IP 34.93.216.82', connection 'tcp_TxRx' local address 'IP 10.0.2.15:44696'
    Please guide me with how to use the Compressed SMF Host

  • nram
    nram Member, Employee Posts: 80 Solace Employee

    Hi @chaudharys , Did you set the SOLCLIENT_SESSION_PROP_COMPRESSION_LEVEL session prop? It should be set to at least "1" (its a string).
    Glad you got TLS connection working. If you can mark responses with "accepted answer", that would help the community. Tx.

  • hong
    hong Guest Posts: 480 ✭✭✭✭✭

    @chaudharys Can you accept the best answer by clicking "Did this answer the question? Yes"?