[rabbitmq-discuss] Problem opening an SSL connection

Chris Duncan celldee at gmail.com
Wed Sep 23 16:32:13 BST 2009


Hi,

I'm trying to test the native SSL support in the upcoming RabbitMQ  
v1.7.0 using the Ruby v1.9.1 openssl library and Erlang R12B-5_1.  
I've cloned the default branch of the server code (hg id gives me  
b87b7ed85157) and can start the server successfully according to  
rabbit.log -

=INFO REPORT==== 23-Sep-2009::09:21:25 ===
started TCP Listener on 0.0.0.0:5672

=INFO REPORT==== 23-Sep-2009::09:21:26 ===
started SSL Listener on 0.0.0.0:5671

I wanted to get the simplest case running which is to connect without  
using any certificates. I decided to try to follow the instructions  
in the wiki - https://dev.rabbitmq.com/wiki/SslSupport - and so  
created a rabbit.conf file with similar contents to the example (only  
the paths differ). It contains -

RABBITMQ_SERVER_START_ARGS="-rabbit ssl_listeners [{\"0.0.0.0\", 
5671}] -rabbit ssl_options
[{cacertfile,\"/path/to/testca/cacert.pem\"},{certfile,\"/path/to/ 
server/cert.pem\"},
  {keyfile,\"/path/to/server/key.pem\"},{verify,verify_peer}, 
{fail_if_no_peer_cert,false}]"

When I try to connect I get a 'Connection reset by peer' error and  
these entries in rabbit.log -

=INFO REPORT==== 23-Sep-2009::09:22:24 ===
accepted TCP connection on 0.0.0.0:5671 from 127.0.0.1:51689

=ERROR REPORT==== 23-Sep-2009::09:22:24 ===
failed to upgrade TCP connection from 127.0.0.1:51689 to SSL:
{eoptions,{cacertfile,[]}}

I'm creating an ordinary TCP socket and then using  
OpenSSL::SSL::SSLSocket.new to create the SSL socket like this -

@socket = OpenSSL::SSL::SSLSocket.new(@socket)
@socket.sync_close = true
@socket.connect

The connect call is the one that is failing. This code works when  
connecting via stunnel.

Any help would be greatly appreciated.

Regards,

Chris






More information about the rabbitmq-discuss mailing list