[rabbitmq-discuss] mazy behavior of rabbitmq-c in same ip case
Rohit.Patle at techmahindra.com
Wed Jun 18 07:28:06 BST 2014
The outcome of openssl tool is different in different scenarios, when I assign the the client dynamic ip the outcome of : "openssl s_client -host ms501.xxxxx.com -port 5671 -quiet -state" is as follows
SSL_connect:SSLv3 read server hello A
depth=1 CN = xxxxxxxx
verify error:num=19:self signed certificate in certificate chain
SSL_connect:SSLv3 read server certificate A
SSL_connect:SSLv3 read server certificate request A
SSL_connect:SSLv3 read server done A
SSL_connect:SSLv3 write client certificate A
SSL_connect:SSLv3 write client key exchange A
SSL_connect:SSLv3 write change cipher spec A
SSL_connect:SSLv3 write finished A
SSL_connect:SSLv3 flush data
SSL3 alert read:fatal:handshake failure
SSL_connect:failed in SSLv3 read finished A
3074099400:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure:s3_pkt.c:1260:SSL alert number 40
3074099400:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:177:
And when I assigned static ip the outcome of openssl tool for the command :"openssl s_client -host ms501.xxxxx.com -port 5671 -quiet -state" is as:
connect : errno=11
In both cases communication happens as expected. But the issue comes when I use the single static ip for two consumers.
Thanks & Regards,
From: Michael Klishin [mklishin at gopivotal.com]
Sent: Tuesday, June 17, 2014 3:20 PM
To: Rohit Patle
Cc: rabbitmq-discuss at lists.rabbitmq.com
Subject: RE: [rabbitmq-discuss] mazy behavior of rabbitmq-c in same ip case
On 17 June 2014 at 13:47:26, Rohit Patle (rohit.patle at techmahindra.com) wrote:
> > I believe it is not SSL handshake issue, because the connection
> is getting establish successfully, for both the connection
> I am getting comments in Rabbitmq log as "accepting AMQP connection"
> for the same ip's, but after some time like in a minute I am getting
> "AMQP_STATUS_SSL_ERROR" in my clients.
AMQP_STATUS_SSL_ERROR is very generic and without getting
more info from OpenSSL it's not really possible to tell what the problem is:
Try openssl s_client, it usually produces better error messages
and displays more info than almost any other tool out there.
Software Engineer, Pivotal/RabbitMQ
This email (including any attachments) is intended for the sole use of the intended recipient/s and may contain material that is CONFIDENTIAL AND PRIVATE COMPANY INFORMATION. Any review or reliance by others or copying or distribution or forwarding of any or all of the contents in this message is STRICTLY PROHIBITED. If you are not the intended recipient, please contact the sender by email and delete all copies; your cooperation in this regard is appreciated.
More information about the rabbitmq-discuss