<html><body><div style="color:#000; background-color:#fff; font-family:HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, Sans-Serif;font-size:12pt"><div>Hi,</div><div><br></div><div style="color: rgb(0, 0, 0); font-size: 16px; font-family: HelveticaNeue, 'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif; background-color: transparent; font-style: normal;">Trying to setup rabbit stomp with SSL using existing certificate but keep getting errors. I am using Erlang R14B and RabbitMQ 3.1.5.</div><div style="color: rgb(0, 0, 0); font-size: 16px; font-family: HelveticaNeue, 'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif; background-color: transparent; font-style: normal;"><br></div><div style="color: rgb(0, 0, 0); font-size: 16px; font-family: HelveticaNeue, 'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif; background-color: transparent; font-style: normal;">My rabbit config is
following:</div><div style="background-color: transparent;"><span style="font-family: 'Courier New', courier, monaco, monospace, sans-serif; font-size: 13px;">[</span></div><div style="background-color: transparent;"><span style="font-family: 'Courier New', courier, monaco, monospace, sans-serif; font-size: small;"> {rabbitmq_stomp, [</span></div><div style="background-color: transparent;"><span style="font-family: 'Courier New', courier, monaco, monospace, sans-serif; font-size: small;"> {ssl_listeners, [61614]},</span></div><div style="background-color: transparent;"><span style="font-family: 'Courier New', courier, monaco, monospace, sans-serif; font-size: small;"> {ssl_options, [{cacertfile,"/tmp/ssl/certs/ca.pem"},</span></div><div style="background-color: transparent;"><span style="font-family: 'Courier New', courier, monaco, monospace, sans-serif; font-size: small;">
{certfile,"/tmp/ssl/certs/hostA.pem"},</span></div><div style="background-color: transparent;"><span style="font-family: 'Courier New', courier, monaco, monospace, sans-serif; font-size: small;"> {keyfile,"/tmp/ssl/private_keys/hostA.pem"},</span></div><div style="background-color: transparent;"><span style="font-family: 'Courier New', courier, monaco, monospace, sans-serif; font-size: small;"><span style="background-color: transparent;"> {verify,verify_peer},</span><br></span></div><div style="background-color: transparent;"><span style="font-family: 'Courier New', courier, monaco, monospace, sans-serif; font-size: small;"> {fail_if_no_peer_cert,false}]}</span></div><div style="background-color: transparent;"><span
style="font-family: 'Courier New', courier, monaco, monospace, sans-serif; font-size: small;"> ]}</span></div><div style="background-color: transparent;"><span style="font-family: 'Courier New', courier, monaco, monospace, sans-serif; font-size: small;">].</span></div><div><br></div><div>When doing basic connection test using openssl s_client I get following:</div><div><span style="font-family: 'Courier New', courier, monaco, monospace, sans-serif; font-size: 13px;">openssl s_client -connect localhost:61614 -cert /tmp/ssl/certs/hostA.pem -key /tmp/ssl/private_keys/hostA.pem -CAfile /tmp/ssl/certs/ca.pem<br></span></div><div><span style="font-family: 'Courier New', courier, monaco, monospace, sans-serif; font-size: small;"><br></span></div><div><div><span style="font-family: 'Courier New', courier, monaco, monospace, sans-serif; font-size: small;">CONNECTED(00000003)</span></div><div><span style="font-family: 'Courier New', courier, monaco,
monospace, sans-serif; font-size: small;">139852982814536:error:14094438:SSL routines:SSL3_READ_BYTES:tlsv1 alert internal error:s3_pkt.c:1197:SSL alert number 80</span></div><div><span style="font-family: 'Courier New', courier, monaco, monospace, sans-serif; font-size: 13px;">139852982814536:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:184:</span></div><div><span style="font-family: 'Courier New', courier, monaco, monospace, sans-serif; font-size: small;">---</span></div><div><span style="font-family: 'Courier New', courier, monaco, monospace, sans-serif; font-size: small;">no peer certificate available</span></div><div><span style="font-family: 'Courier New', courier, monaco, monospace, sans-serif; font-size: small;">---</span></div><div><span style="font-family: 'Courier New', courier, monaco, monospace, sans-serif; font-size: 13px;">No client certificate CA names sent</span></div><div><br></div><div>Rabbit log shows
following error:</div><div><div><span style="font-family: 'Courier New', courier, monaco, monospace, sans-serif; font-size: 13px;">=CRASH REPORT==== 14-Nov-2013::02:09:18 ===</span></div><div><span style="font-family: 'Courier New', courier, monaco, monospace, sans-serif; font-size: 13px;"> crasher:</span></div><div><span style="font-family: 'Courier New', courier, monaco, monospace, sans-serif; font-size: 13px;"> initial call: rabbit_stomp_reader:init/2</span></div><div><span style="font-family: 'Courier New', courier, monaco, monospace, sans-serif; font-size: 13px;"> pid: <0.328.0></span></div><div><span style="font-family: 'Courier New', courier, monaco, monospace, sans-serif; font-size: 13px;"> registered_name: []</span></div><div><span style="font-family: 'Courier New', courier, monaco, monospace, sans-serif; font-size: 13px;"> exception error: no match of right hand side
value </span></div><div><span style="font-family: 'Courier New', courier, monaco, monospace, sans-serif; font-size: 13px;"> {error,{ssl_upgrade_error,"internal error"}}</span></div><div><span style="font-family: 'Courier New', courier, monaco, monospace, sans-serif; font-size: 13px;"> in function rabbit_stomp_reader:init/2</span></div><div><span style="font-family: 'Courier New', courier, monaco, monospace, sans-serif; font-size: 13px;"> ancestors: [<0.327.0>,rabbit_stomp_client_sup_sup,rabbit_stomp_sup,</span></div><div><span style="font-family: 'Courier New', courier, monaco, monospace, sans-serif; font-size: 13px;"> <0.287.0>]</span></div><div><span style="font-family: 'Courier New', courier, monaco, monospace, sans-serif; font-size: 13px;">
messages: []</span></div><div><span style="font-family: 'Courier New', courier, monaco, monospace, sans-serif; font-size: 13px;"> links: [<0.327.0>]</span></div><div><span style="font-family: 'Courier New', courier, monaco, monospace, sans-serif; font-size: 13px;"> dictionary: []</span></div><div><span style="font-family: 'Courier New', courier, monaco, monospace, sans-serif; font-size: 13px;"> trap_exit: false</span></div><div><span style="font-family: 'Courier New', courier, monaco, monospace, sans-serif; font-size: 13px;"> status: running</span></div><div><span style="font-family: 'Courier New', courier, monaco, monospace, sans-serif; font-size: 13px;"> heap_size: 377</span></div><div><span style="font-family: 'Courier New', courier, monaco, monospace, sans-serif; font-size: 13px;"> stack_size: 24</span></div><div><span style="font-family: 'Courier New', courier,
monaco, monospace, sans-serif; font-size: 13px;"> reductions: 852</span></div><div><span style="font-family: 'Courier New', courier, monaco, monospace, sans-serif; font-size: 13px;"> neighbours:</span></div><div><br></div></div><div><br></div><div>Note the certificates are correct/valid and I am perfectly able to establish SSL connection with them using openssl s_server + s_client.</div><div><br></div><div>Any idea what's wrong?</div><div><br></div><div>Thanks,</div><div>Antony.</div></div></div></body></html>