[rabbitmq-discuss] RabbitMQ - Erlang AMQP client - mutual SSL authentication problem

Skorepa, Michal Michal.Skorepa at Honeywell.com
Tue Sep 17 13:36:09 BST 2013


Ok, I just fixed it!
It was a well hidden bug. In the "connector" module of my app I had an extra pair {}. Unfortunately, the Erlang AMQP client did not complain and silently ignored it.

Instead of:
#amqp_params_network{ssl_options = [{cacertfile, xxx},																{certfile, xxx},
						{keyfile, xxx},
						{verify, verify_peer},
						{fail_if_no_peer_cert, true}]}
I had:
#amqp_params_network{ssl_options = [{{cacertfile, xxx},																{certfile, xxx},
						{keyfile, xxx},
						{verify, verify_peer},
						{fail_if_no_peer_cert, true}}]}

Thank you for your effort, Michael, and sorry for wasting your time.
Michal




-----Original Message-----
From: rabbitmq-discuss-bounces at lists.rabbitmq.com [mailto:rabbitmq-discuss-bounces at lists.rabbitmq.com] On Behalf Of Skorepa, Michal
Sent: 17. září 2013 12:10
To: Discussions about RabbitMQ
Subject: Re: [rabbitmq-discuss] RabbitMQ - Erlang AMQP client - mutual SSL authentication problem

Michael,

I have tried that. The result on the s_client side is:

CONNECTED(00000003)
depth=1 /C=CZ/ST=xxx/O=xxx/OU=xxx/CN=xxx/emailAddress=xxx
verify return:1
depth=0 /C=CZ/ST=xxx/L=xxx/O=xxx/OU=xxx/CN=xxx/emailAddress=xxx
verify return:1
---
Certificate chain
 0 s:/C=CZ/ST=xxx/L=xxx/O=xxx/OU=xxx/CN=xxx/emailAddress=xxx
   i:/C=CZ/ST=xxx/O=xxx/OU=xxx/CN=xxx/emailAddress=xxx
 1 s:/C=CZ/ST=xxx/O=xxx/OU=xxx/CN=xxx/emailAddress=xxx
   i:/C=CZ/ST=xxx/O=xxx/OU=xxx/CN=xxx/emailAddress=xxx
---
Server certificate
-----BEGIN CERTIFICATE-----
...
<removed>
...
-----END CERTIFICATE-----
subject=/C=CZ/ST=xxx/L=xxx/O=xxx/OU=xxx/CN=xxx/emailAddress=xxx
issuer=/C=CZ/ST=xxx/O=xxx/OU=xxx/CN=xxx/emailAddress=xxx
---
Acceptable client certificate CA names
/C=CZ/ST=xxx/O=xxx/OU=xxx/CN=xxx/emailAddress=xxx
---
SSL handshake has read 3083 bytes and written 2794 bytes
---
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA Server public key is 2048 bit Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1
    Cipher    : DHE-RSA-AES256-SHA
    Session-ID: ...846934772...
    Session-ID-ctx:
    Master-Key: ...486DA2264...
    Key-Arg   : None
    Start Time: 1379411799
    Timeout   : 300 (sec)
    Verify return code: 0 (ok)
----------

The broker log says:

=INFO REPORT==== 17-Sep-2013::11:56:39 === accepting AMQP connection <0.11493.1> (158.138.138.17:62047 -> 192.168.0.21:5677)

=ERROR REPORT==== 17-Sep-2013::11:56:59 === closing AMQP connection <0.11493.1> (158.138.138.17:62047 -> 192.168.0.21:5677):
{handshake_timeout,handshake}
------------



More information about the rabbitmq-discuss mailing list