[rabbitmq-discuss] error parsing DN

Warren Smith wsmith at tacc.utexas.edu
Wed Apr 10 20:58:38 BST 2013


Hi, I'm getting an error parsing a distinguished name in an X.509 certificate and I'm wondering if this is a bug in the RabbitMQ code. The error in the RabbitMQ log file is:

{handshake_error,opening,0,
                 {error,badarg,'connection.open',
                        [{io_lib,format,
                                 ["\\~2.16.0B",
                                  [[60,60,
                                    ["19",44,"7",44,"99",44,"101",44,"114",44,
                                     "116",44,"109",44,"97",44,"110"],
                                    62,62]]],
                                 [{file,"io_lib.erl"},{line,152}]},
                         {rabbit_misc,format,2,
                                      [{file,"src/rabbit_misc.erl"},
                                       {line,608}]},
                         {rabbit_ssl,escape_rdn_value,2,
                                     [{file,"src/rabbit_ssl.erl"},{line,196}]},
                         {rabbit_ssl,format_rdn,1,
                                     [{file,"src/rabbit_ssl.erl"},{line,149}]},
                         {rabbit_ssl,'-format_complex_rdn/1-lc$^0/1-0-',1,
                                     [{file,"src/rabbit_ssl.erl"},{line,144}]},
                         {rabbit_ssl,format_complex_rdn,1,
                                     [{file,"src/rabbit_ssl.erl"},{line,144}]},
                         {rabbit_ssl,'-format_rdn_sequence/1-lc$^0/1-0-',1,
                                     [{file,"src/rabbit_ssl.erl"},{line,140}]},
                         {rabbit_ssl,'-format_rdn_sequence/1-lc$^0/1-0-',1,
                                     [{file,"src/rabbit_ssl.erl"},
                                      {line,140}]}]}}

It looks like there is a failure to parse either the subject or the issue of the client certificate. The client certificate is:

-----BEGIN CERTIFICATE-----
MIIEWzCCA0OgAwIBAgICB0YwDQYJKoZIhvcNAQEFBQAwZzELMAkGA1UEBhMCVVMx
DTALBgNVBAoTBFNEU0MxEDAOBgNVBAsTB1NEU0MtQ0ExHjAcBgNVBAMTFUNlcnRp
ZmljYXRlIEF1dGhvcml0eTEXMBUGCgmSJomT8ixkAQETB2NlcnRtYW4wHhcNMTIw
NTE0MTYzODQ1WhcNMTMwNTE1MTYzODQ1WjA/MQswCQYDVQQGEwJVUzENMAsGA1UE
ChMEU0RTQzENMAsGA1UECxMEU0RTQzESMBAGA1UEAxMJSW5jYSBJbmNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyKfvUWlReQgoQHhOFskbfaak6Q4y
BkmhCr9XbmDIOLwN7RoUm2/Av+e4kQnjo2fyraUa9Fio7KWWfDaxnIWcS6Rnx+dI
usMvxXgpx0tsCIAAB05QKBF1VuMvT0Hu+MFnkNgeRrbP4hInYPEzt6wuzcG/PTc7
6+zTsZ20xo9vbrV6saALuKaYyMZ/R6UUgHqIDaYiVXd+s2psC2wbgBX44cLvlXK9
cQXKoEHwHE7wWkGplgVRAR2wKSzKQkkRZb4d+BDHUg6+1rHM2rIrPo5MyVK9ZAo8
7cMQQOgiWMF97GDs7Nw9wYWjrAcRkw7iMqAjnz3FqEmFc5Ge8oQVF+OZkQIDAQAB
o4IBNzCCATMwCQYDVR0TBAIwADARBglghkgBhvhCAQEEBAMCBLAwLAYJYIZIAYb4
QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMDIGCWCGSAGG+EIB
BAQlFiNodHRwOi8vd3d3LnNkc2MuZWR1L0NBL1NEU0NfQ1JMLnBlbTAdBgNVHQ4E
FgQUGo1yIlgWwzgzxPKg3dQ+HpnjvD4wgZEGA1UdIwSBiTCBhoAUv6OHLPYNdL1I
bA4nvwHk8k9Guieha6RpMGcxCzAJBgNVBAYTAlVTMQ0wCwYDVQQKEwRTRFNDMRAw
DgYDVQQLEwdTRFNDLUNBMR4wHAYDVQQDExVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkx
FzAVBgoJkiaJk/IsZAEBEwdjZXJ0bWFuggEAMA0GCSqGSIb3DQEBBQUAA4IBAQBv
/3MSvUFWU0oV313RpR7922vnIjzZnuvUDPyTRhfqPpCQ9Yw9CFEsS8rM9xyqJ4wc
eLEB4zFn03DtUF3/5rqRG9KyEh8K8eJt5Ow7tBy6OQzgirZs1jhKL/2Ck6d+Adr8
XtaUy9c3VLYB4sU1yIEjDxD3YkLHZsLEFnfcWWmWr3p629/pEUhk04sUjz8ZUn7k
dlBMiX9nuBFWovpzn0urlqcqYKLqa7g7equH0ToxstABVOuw3e9L0pDQQs+SZZc6
EqwcEnwQ+TnaADGUr821gUaW8pxbpsi53d/0FpwA4Lc9OvCg6EVR2Tr/8p+jnH/v
0opU2WNT6IuglYjI6tvD
-----END CERTIFICATE-----

This certificate (and its CA certificate below) can be parsed by OpenSSL and Erlang.

In case it is helpful, the CA certificate for the above is:

-----BEGIN CERTIFICATE-----
MIIEDjCCAvagAwIBAgIBADANBgkqhkiG9w0BAQQFADBnMQswCQYDVQQGEwJVUzEN
MAsGA1UEChMEU0RTQzEQMA4GA1UECxMHU0RTQy1DQTEeMBwGA1UEAxMVQ2VydGlm
aWNhdGUgQXV0aG9yaXR5MRcwFQYKCZImiZPyLGQBARMHY2VydG1hbjAeFw0wNDA5
MDkwMjQyMjlaFw0xNDA5MDkwMjQyMjlaMGcxCzAJBgNVBAYTAlVTMQ0wCwYDVQQK
EwRTRFNDMRAwDgYDVQQLEwdTRFNDLUNBMR4wHAYDVQQDExVDZXJ0aWZpY2F0ZSBB
dXRob3JpdHkxFzAVBgoJkiaJk/IsZAEBEwdjZXJ0bWFuMIIBIjANBgkqhkiG9w0B
AQEFAAOCAQ8AMIIBCgKCAQEArXaQKLYiWyAq6ywSOAmKnmiV3u6tXCBmOYlF7Pzp
hHssQvgomjeh7H31PLzNlxTy/dXQOeyBaDowAL2kCzgwrh/cUo79tZu77Xzgc9o5
WR+Jq1huI2Au8QEz77PIi2c3fhsWyOYJMvHWXkDXhEr6YxYd1eTaIj435bZOJxVq
ZF6HePoB5cpflx54KkjjoY3Vh0407EUW9kA7Jcx86dIqH7cSupmPTORsAxvYTmwd
1qODvd6i06dBcR9VMCTSA4trJTS6pCodKSjLCR6Ru9dgUpwB65gNwH6AVEmmxVet
oXVsotHTMEghLAp5FBpMNF+s7olt7g19fq8VHnuhRRGkmQIDAQABo4HEMIHBMB0G
A1UdDgQWBBS/o4cs9g10vUhsDie/AeTyT0a6JzCBkQYDVR0jBIGJMIGGgBS/o4cs
9g10vUhsDie/AeTyT0a6J6FrpGkwZzELMAkGA1UEBhMCVVMxDTALBgNVBAoTBFNE
U0MxEDAOBgNVBAsTB1NEU0MtQ0ExHjAcBgNVBAMTFUNlcnRpZmljYXRlIEF1dGhv
cml0eTEXMBUGCgmSJomT8ixkAQETB2NlcnRtYW6CAQAwDAYDVR0TBAUwAwEB/zAN
BgkqhkiG9w0BAQQFAAOCAQEAWExIzttzYctC98r6ZC6h2uXPbyo9bvaU0fxtBrDF
prD23yq8WXClIzKbOxBpRETr1kkeQbzX2R5quFLTTMd6GNqP+I28sklM9FUCLqKV
DD75UjTqa0AVPgbNdRUECrm2wXXWTVpNIzTgX1M/uVX3yyQRHyi5gj7pqsESOTZ1
0xyOx4YnpCjrG9HCWIp0wjigWGw8I/GXe0UEPbAJTcPY844Z7E/PfyZuwcdYQSZF
L030oKjrlWbKm/vGywbqt5QahKM1J60Z6WyIh7VeJV4YuvsP3bT0Sd4FXzmnhybq
ca98K+/TyIvcWUgD/BGv4XYaUTOYWQRWOZGRSgGfwRq0FQ==
-----END CERTIFICATE-----




More information about the rabbitmq-discuss mailing list