[rabbitmq-discuss] SSL between cluster hosts supported ?

Charles cshtreck at yahoo.com
Thu Feb 16 22:17:29 GMT 2012


Furthermore ,I was able to run through the example over here http://www.erlang.org/doc/apps/ssl/ssl_distribution.html
and I was able to start a erl session without the  Protocol: ~p: not supported~n",["inet_tls"]
error using :

erl -boot ./test_ssl   -proto_dist inet_tls -sname test_ssl  -ssl_dist_opt server_certfile "mycert.pem"  -ssl_dist_opt server_secure_renegotiate true client_secure_renegotiate true


When I attempted to test using openssl  via the below command I got the below error and crash reports ... what am I doing wrong ?

openssl s_client -connect localhost:portnumber 


=ERROR REPORT==== 16-Feb-2012::17:11:58 ===
SSL: 1093: error:[] mycert.pem
  [{ssl_connection,init_private_key,5,
                   [{file,"ssl_connection.erl"},{line,1085}]},
   {ssl_connection,ssl_init,2,[{file,"ssl_connection.erl"},{line,1027}]},
   {ssl_connection,init,1,[{file,"ssl_connection.erl"},{line,305}]},
   {gen_fsm,init_it,6,[{file,"gen_fsm.erl"},{line,343}]},
   {proc_lib,init_p_do_apply,3,[{file,"proc_lib.erl"},{line,227}]}]


=CRASH REPORT==== 16-Feb-2012::17:11:58 ===
  crasher:
    initial call: ssl_connection:init/1
    pid: <0.68.0>
    registered_name: []
    exception exit: ekeyfile
      in function  gen_fsm:init_it/6 (gen_fsm.erl, line 353)
    ancestors: [ssl_connection_sup_dist,ssl_dist_sup,net_sup,kernel_sup,
                  <0.9.0>]
    messages: []
    links: [<0.20.0>]
    dictionary: [{ssl_manager,ssl_manager_dist}]
    trap_exit: false
    status: running
    heap_size: 2584
    stack_size: 24
    reductions: 1937
  neighbours:

=SUPERVISOR REPORT==== 16-Feb-2012::17:11:58 ===
     Supervisor: {local,ssl_connection_sup_dist}
     Context:    child_terminated
     Reason:     ekeyfile
     Offender:   [{pid,<0.68.0>},
                  {name,undefined},
                  {mfargs,{ssl_connection,start_link,undefined}},
                  {restart_type,temporary},
                  {shutdown,4000},
                  {child_type,worker}]


----- Original Message -----
From: Charles <cshtreck at yahoo.com>
To: 
Cc: "rabbitmq-discuss at lists.rabbitmq.com" <rabbitmq-discuss at lists.rabbitmq.com>
Sent: Thursday, February 16, 2012 5:03 PM
Subject: Re: [rabbitmq-discuss] SSL between cluster hosts supported ?

Emile,

Thanks for the info. I see ssl now ...

rabbitmqctl report | grep ssl
...
{ssl,"Erlang/OTP SSL application","5.0"}

...

However, rabbit crashes on startup with a 

error_logger,{{2012,2,16},{16,55,24}},"Protocol: ~p: not supported~n",["inet_tls"]}


when I add -proto_dist inet_tls to the erl command line options in the rabbitmq-server startup script . 

Thoughts ?




----- Original Message -----
From: Emile Joubert <emile at rabbitmq.com>
To: Mark Steele <msteele at beringmedia.com>
Cc: "rabbitmq-discuss at lists.rabbitmq.com" <rabbitmq-discuss at lists.rabbitmq.com>
Sent: Thursday, February 16, 2012 10:41 AM
Subject: Re: [rabbitmq-discuss] SSL between cluster hosts supported ?

Hi Mark,

On 15/02/12 20:06, Mark Steele wrote:
> Would be awesome if someone were to put up an example on the rabbitmq
> website with a how-to on getting that up and running, someone with both
> rabbit and erlang experience.... :)

The newest version of Erlang has support for encrypted node
communication built in. For more information see
http://www.erlang.org/doc/apps/ssl/ssl_distribution.html

You will need to modify the startup scripts or supply SSL arguments in
the rabbitmq.config file. You will also need to add "ssl" to the list of
applications in ebin/rabbit_app.in .


-Emile
_______________________________________________
rabbitmq-discuss mailing list
rabbitmq-discuss at lists.rabbitmq.com
https://lists.rabbitmq.com/cgi-bin/mailman/listinfo/rabbitmq-discuss

_______________________________________________
rabbitmq-discuss mailing list
rabbitmq-discuss at lists.rabbitmq.com
https://lists.rabbitmq.com/cgi-bin/mailman/listinfo/rabbitmq-discuss



More information about the rabbitmq-discuss mailing list