<html><head><meta http-equiv="Content-Type" content="text/html charset=us-ascii"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;">So I've tried the workaround.<div><br></div><div>The good: there's no crash</div><div><br></div><div>The less good:</div><div><br></div><div>I see the SSL listeners now at ports 5761 (amqp) and 0.0.0.0:15671 (web-stomp)</div><div><br></div><div>But web connections fail with <span style="color: rgb(255, 0, 0); font-family: Menlo, monospace; font-size: 11.111111640930176px; line-height: 11.999999046325684px; white-space: pre-wrap; background-color: rgb(255, 255, 255);">ERR_SSL_CLIENT_AUTH_SIGNATURE_FAILED</span><br><div><div><br></div><div>I've tried</div><div><br></div><div><div>[</div><div>{rabbit, [</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>{loopback_users, []},</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>{ssl_listeners, [5761]},</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>{ssl_options, [</div><div> {certfile, "/etc/rabbitmq/certs/cert.pem"},</div><div> {keyfile, "/etc/rabbitmq/certs/key.pem"},</div><div> {cacertfile, "/etc/rabbitmq/certs/cacerts.pem"},</div><div><span class="Apple-tab-span" style="white-space:pre"> </span> {password, "changeme"},</div><div><span class="Apple-tab-span" style="white-space:pre"> </span> {verify, verify_none},</div><div><span class="Apple-tab-span" style="white-space:pre"> </span> {fail_if_no_peer_cert, false}</div><div><span class="Apple-tab-span" style="white-space:pre"> </span> ]</div><div>}]},</div><div>{rabbitmq_web_stomp,</div><div> [{ssl_config, [{port, 15671},</div><div> {backlog, 1024},</div><div> {certfile, "/etc/rabbitmq/certs/cert.pem"},</div><div> {keyfile, "/etc/rabbitmq/certs/key.pem"},</div><div> {cacertfile, "/etc/rabbitmq/certs/cacerts.pem"},</div><div> {password, "changeme"}</div><div>]}]}</div><div>].</div></div><div><br></div><div>and I've tried</div><div><br></div><div><br></div><div><div>[</div><div>{rabbit, [</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>{loopback_users, []},</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>{ssl_listeners, [5761]},</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>{ssl_options, [</div><div> {certfile, "/etc/rabbitmq/certs/cert.pem"},</div><div> {keyfile, "/etc/rabbitmq/certs/key.pem"},</div><div> {cacertfile, "/etc/rabbitmq/certs/cacerts.pem"},</div><div><span class="Apple-tab-span" style="white-space:pre"> </span> {password, "changeme"},</div><div><span class="Apple-tab-span" style="white-space:pre"> </span> {verify, verify_none},</div><div><span class="Apple-tab-span" style="white-space:pre"> </span> {fail_if_no_peer_cert, false}</div><div><span class="Apple-tab-span" style="white-space:pre"> </span> ]</div><div>}]},</div><div>{rabbitmq_web_stomp,</div><div> [{ssl_config, [{port, 15671},</div><div> {backlog, 1024},</div><div> {certfile, "/etc/rabbitmq/certs/cert.pem"},</div><div> {keyfile, "/etc/rabbitmq/certs/key.pem"},</div><div> {cacertfile, "/etc/rabbitmq/certs/cacerts.pem"},</div><div> {password, "changeme"},</div><div><span class="Apple-tab-span" style="white-space:pre"> </span> {fail_if_no_peer_cert, false}</div><div>]}]}</div><div>].</div></div><div><br></div><div>and</div><div><br></div><div><div>[</div><div>{rabbit, [</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>{loopback_users, []},</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>{ssl_listeners, [5761]},</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>{ssl_options, [</div><div> {certfile, "/etc/rabbitmq/certs/cert.pem"},</div><div> {keyfile, "/etc/rabbitmq/certs/key.pem"},</div><div> {cacertfile, "/etc/rabbitmq/certs/cacerts.pem"},</div><div><span class="Apple-tab-span" style="white-space:pre"> </span> {password, "changeme"},</div><div><span class="Apple-tab-span" style="white-space:pre"> </span> {verify, verify_none},</div><div><span class="Apple-tab-span" style="white-space:pre"> </span> {fail_if_no_peer_cert, false}</div><div><span class="Apple-tab-span" style="white-space:pre"> </span> ]</div><div>}]},</div><div>{rabbitmq_web_stomp,</div><div> [{ssl_config, [{port, 15671},</div><div> {backlog, 1024},</div><div> {certfile, "/etc/rabbitmq/certs/cert.pem"},</div><div> {keyfile, "/etc/rabbitmq/certs/key.pem"},</div><div> {cacertfile, "/etc/rabbitmq/certs/cacerts.pem"},</div><div> {password, "changeme"},</div><div><span class="Apple-tab-span" style="white-space:pre"> </span> {verify, verify_none},</div><div><span class="Apple-tab-span" style="white-space:pre"> </span> {fail_if_no_peer_cert, false}</div><div>]}]}</div><div>].</div></div><div>Same result either way.</div><div><br></div><div>If I understand what's going on, rabbit wants the browser to present a certificate. But I thought the {fail_if_no_peer_cert, false} was supposed to turn that off.</div><div><br></div><div><br></div><div><br></div><div><br></div><div>On Jun 18, 2014, at 7:48 AM, Michael Klishin <<a href="mailto:mklishin@gopivotal.com">mklishin@gopivotal.com</a>> wrote:</div><br class="Apple-interchange-newline"><blockquote type="cite"><br><br>On 18 June 2014 at 18:20:46, Michael Klishin (<a href="mailto:mklishin@gopivotal.com">mklishin@gopivotal.com</a>) wrote:<br><blockquote type="cite"><blockquote type="cite"><a href="http://hg.rabbitmq.com/rabbitmq-web-stomp/rev/6d26ad85f65f">http://hg.rabbitmq.com/rabbitmq-web-stomp/rev/6d26ad85f65f</a> <br></blockquote><br>Will be in 3.3.4.<br></blockquote><br>Also, while investigating and verifying a fix, I discovered a workaround:<br>add an SSL listener to your rabbitmq.config (even if you're not going to use<br>SSL with AMQP 0-9-1), that will start asn1 and other dependencies before<br>Web STOMP is even started.<br><br>So, the problem manifests itself only when you have Web STOMP configured to<br>use SSL but not AMQP 0-9-1.<br><br>HTH. <br>-- <br>MK <br><br>Software Engineer, Pivotal/RabbitMQ<br><br><br></blockquote></div><br></div></body></html>