[rabbitmq-discuss] rabbit_stomp_reader ssl_upgrade_error

Antony Mayi antonymayi at yahoo.com
Thu Nov 14 03:09:13 GMT 2013 

btw. just upgraded to erlang R16B02 and rabbitmq 3.2.1 but still getting the same error...
A.



On Thursday, 14 November 2013, 3:28, Antony Mayi <antonymayi at yahoo.com> wrote:
 
Hi,
>
>
>Trying to setup rabbit stomp with SSL using existing certificate but keep getting errors. I am using Erlang R14B and RabbitMQ 3.1.5.
>
>
>My rabbit config is following:
>[
>  {rabbitmq_stomp, [
>     {ssl_listeners, [61614]},
>     {ssl_options, [{cacertfile,"/tmp/ssl/certs/ca.pem"},
>                    {certfile,"/tmp/ssl/certs/hostA.pem"},
>                    {keyfile,"/tmp/ssl/private_keys/hostA.pem"},
>                    {verify,verify_peer},
>
>                    {fail_if_no_peer_cert,false}]}
>  ]}
>].
>
>
>When doing basic connection test using openssl s_client I get following:
>openssl s_client -connect localhost:61614 -cert /tmp/ssl/certs/hostA.pem -key /tmp/ssl/private_keys/hostA.pem -CAfile /tmp/ssl/certs/ca.pem
>
>
>
>CONNECTED(00000003)
>139852982814536:error:14094438:SSL routines:SSL3_READ_BYTES:tlsv1 alert internal error:s3_pkt.c:1197:SSL alert number 80
>139852982814536:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:184:
>---
>no peer certificate available
>---
>No client certificate CA names sent
>
>
>Rabbit log shows following error:
>=CRASH REPORT==== 14-Nov-2013::02:09:18 ===
>  crasher:
>    initial call: rabbit_stomp_reader:init/2
>    pid: <0.328.0>
>    registered_name: []
>    exception error: no match of right hand side value 
>                     {error,{ssl_upgrade_error,"internal error"}}
>      in function  rabbit_stomp_reader:init/2
>    ancestors: [<0.327.0>,rabbit_stomp_client_sup_sup,rabbit_stomp_sup,
>                  <0.287.0>]
>    messages: []
>    links: [<0.327.0>]
>    dictionary: []
>    trap_exit: false
>    status: running
>    heap_size: 377
>    stack_size: 24
>    reductions: 852
>  neighbours:
>
>
>
>
>Note the certificates are correct/valid and I am perfectly able to establish SSL connection with them using openssl s_server + s_client.
>
>
>Any idea what's wrong?
>
>
>Thanks,
>Antony.
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rabbitmq.com/pipermail/rabbitmq-discuss/attachments/20131114/5d9f99cb/attachment.htm>

More information about the rabbitmq-discuss mailing list