[rabbitmq-discuss] RabbitMQ - Erlang AMQP client - mutual SSL authentication problem
Skorepa, Michal
Michal.Skorepa at Honeywell.com
Tue Sep 17 13:36:09 BST 2013
Ok, I just fixed it!
It was a well hidden bug. In the "connector" module of my app I had an extra pair {}. Unfortunately, the Erlang AMQP client did not complain and silently ignored it.
Instead of:
#amqp_params_network{ssl_options = [{cacertfile, xxx}, {certfile, xxx},
{keyfile, xxx},
{verify, verify_peer},
{fail_if_no_peer_cert, true}]}
I had:
#amqp_params_network{ssl_options = [{{cacertfile, xxx}, {certfile, xxx},
{keyfile, xxx},
{verify, verify_peer},
{fail_if_no_peer_cert, true}}]}
Thank you for your effort, Michael, and sorry for wasting your time.
Michal
-----Original Message-----
From: rabbitmq-discuss-bounces at lists.rabbitmq.com [mailto:rabbitmq-discuss-bounces at lists.rabbitmq.com] On Behalf Of Skorepa, Michal
Sent: 17. září 2013 12:10
To: Discussions about RabbitMQ
Subject: Re: [rabbitmq-discuss] RabbitMQ - Erlang AMQP client - mutual SSL authentication problem
Michael,
I have tried that. The result on the s_client side is:
CONNECTED(00000003)
depth=1 /C=CZ/ST=xxx/O=xxx/OU=xxx/CN=xxx/emailAddress=xxx
verify return:1
depth=0 /C=CZ/ST=xxx/L=xxx/O=xxx/OU=xxx/CN=xxx/emailAddress=xxx
verify return:1
---
Certificate chain
0 s:/C=CZ/ST=xxx/L=xxx/O=xxx/OU=xxx/CN=xxx/emailAddress=xxx
i:/C=CZ/ST=xxx/O=xxx/OU=xxx/CN=xxx/emailAddress=xxx
1 s:/C=CZ/ST=xxx/O=xxx/OU=xxx/CN=xxx/emailAddress=xxx
i:/C=CZ/ST=xxx/O=xxx/OU=xxx/CN=xxx/emailAddress=xxx
---
Server certificate
-----BEGIN CERTIFICATE-----
...
<removed>
...
-----END CERTIFICATE-----
subject=/C=CZ/ST=xxx/L=xxx/O=xxx/OU=xxx/CN=xxx/emailAddress=xxx
issuer=/C=CZ/ST=xxx/O=xxx/OU=xxx/CN=xxx/emailAddress=xxx
---
Acceptable client certificate CA names
/C=CZ/ST=xxx/O=xxx/OU=xxx/CN=xxx/emailAddress=xxx
---
SSL handshake has read 3083 bytes and written 2794 bytes
---
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA Server public key is 2048 bit Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1
Cipher : DHE-RSA-AES256-SHA
Session-ID: ...846934772...
Session-ID-ctx:
Master-Key: ...486DA2264...
Key-Arg : None
Start Time: 1379411799
Timeout : 300 (sec)
Verify return code: 0 (ok)
----------
The broker log says:
=INFO REPORT==== 17-Sep-2013::11:56:39 === accepting AMQP connection <0.11493.1> (158.138.138.17:62047 -> 192.168.0.21:5677)
=ERROR REPORT==== 17-Sep-2013::11:56:59 === closing AMQP connection <0.11493.1> (158.138.138.17:62047 -> 192.168.0.21:5677):
{handshake_timeout,handshake}
------------
More information about the rabbitmq-discuss
mailing list