[rabbitmq-discuss] SSL client error after upgrade to 2.3.1

Robin Harvey harvey.robin at gmail.com
Sat Feb 5 11:36:44 GMT 2011 

Hi,

I'm experiencing RabbitMQ server faults when connecting over SSL following
an upgrade to server version 2.3.1.  I have previously had this working fine
using version 2.2.0, if I downgrade my server to this version the SSL starts
working again using the same configuration and client program.

When I try to make an SSL connection, I see the following in the server
logs:

=INFO REPORT==== 5-Feb-2011::11:29:01 ===
accepted TCP connection on 0.0.0.0:5671 from 127.0.0.1:33683

=INFO REPORT==== 5-Feb-2011::11:29:01 ===
starting TCP connection <0.1043.0> from 127.0.0.1:33683

=INFO REPORT==== 5-Feb-2011::11:29:01 ===
upgraded TCP connection <0.1043.0> to SSL

=ERROR REPORT==== 5-Feb-2011::11:29:05 ===
exception on TCP connection <0.1043.0> from 127.0.0.1:33683
{channel0_error,opening,
    {error,function_clause,'connection.open',
        [{rabbit_reader,'-i/2-fun-5-',
             [{tlsv1,{rsa,'3des_ede_cbc',sha,no_export}}]},
         {rabbit_reader,'-infos/2-lc$^0/1-0-',2},
         {rabbit_reader,'-infos/2-lc$^0/1-0-',2},
         {rabbit_reader,handle_method0,2},
         {rabbit_reader,handle_method0,3},
         {rabbit_reader,mainloop,2},
         {rabbit_reader,start_connection,7},
         {proc_lib,init_p_do_apply,3}]}}

=INFO REPORT==== 5-Feb-2011::11:29:05 ===
closing TCP connection <0.1043.0> from 127.0.0.1:33683


My SSL configuration is as follows:

robin at robin-desktop:~$ cat /etc/rabbitmq/rabbitmq.config
[
  {rabbit, [
     {ssl_listeners, [{"0.0.0.0",5671}]},
     {ssl_options, [{cacertfile,"/home/robin/rmq-ssl/testca/cacert.pem"},
                    {certfile,"/home/robin/rmq-ssl/server/cert.pem"},
                    {keyfile,"/home/robin/rmq-ssl/server/key.pem"},
                    {verify,verify_peer},
                    {fail_if_no_peer_cert,true}]}
   ]}
].


I'm using rabbitmq-server_2.3.1-1_all.deb on Ubuntu 10.10, 64 bit.  When
installing the server I'm using "dpkg -i <server deb file>" and to remove
I'm using "dpkg --purge <server deb file>".  I originally set up the SSL
certificates by following the RabbitMQ documentation here:
http://www.rabbitmq.com/ssl.html


Is there a problem with my RMQ SSL config, or has anything changed with
RMQ/SSL in the 2.3.1 version?

Thanks,
--Robin
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rabbitmq.com/pipermail/rabbitmq-discuss/attachments/20110205/96789fc6/attachment-0001.htm>

More information about the rabbitmq-discuss mailing list