[rabbitmq-discuss] error parsing DN

Thu Apr 11 10:34:54 BST 2013

Wow, you wait ages for a bug and then two come along at once. This was 
just reported a few days ago [1]. We're already working on a fix, which 
will be in the next release.

[1] 
http://lists.rabbitmq.com/pipermail/rabbitmq-discuss/2013-April/026415.html

Cheers, Simon

On 10/04/13 20:58, Warren Smith wrote:
>
> Hi, I'm getting an error parsing a distinguished name in an X.509 certificate and I'm wondering if this is a bug in the RabbitMQ code. The error in the RabbitMQ log file is:
>
> {handshake_error,opening,0,
>                   {error,badarg,'connection.open',
>                          [{io_lib,format,
>                                   ["\\~2.16.0B",
>                                    [[60,60,
>                                      ["19",44,"7",44,"99",44,"101",44,"114",44,
>                                       "116",44,"109",44,"97",44,"110"],
>                                      62,62]]],
>                                   [{file,"io_lib.erl"},{line,152}]},
>                           {rabbit_misc,format,2,
>                                        [{file,"src/rabbit_misc.erl"},
>                                         {line,608}]},
>                           {rabbit_ssl,escape_rdn_value,2,
>                                       [{file,"src/rabbit_ssl.erl"},{line,196}]},
>                           {rabbit_ssl,format_rdn,1,
>                                       [{file,"src/rabbit_ssl.erl"},{line,149}]},
>                           {rabbit_ssl,'-format_complex_rdn/1-lc$^0/1-0-',1,
>                                       [{file,"src/rabbit_ssl.erl"},{line,144}]},
>                           {rabbit_ssl,format_complex_rdn,1,
>                                       [{file,"src/rabbit_ssl.erl"},{line,144}]},
>                           {rabbit_ssl,'-format_rdn_sequence/1-lc$^0/1-0-',1,
>                                       [{file,"src/rabbit_ssl.erl"},{line,140}]},
>                           {rabbit_ssl,'-format_rdn_sequence/1-lc$^0/1-0-',1,
>                                       [{file,"src/rabbit_ssl.erl"},
>                                        {line,140}]}]}}
>
> It looks like there is a failure to parse either the subject or the issue of the client certificate. The client certificate is:
>
> -----BEGIN CERTIFICATE-----
> MIIEWzCCA0OgAwIBAgICB0YwDQYJKoZIhvcNAQEFBQAwZzELMAkGA1UEBhMCVVMx
> DTALBgNVBAoTBFNEU0MxEDAOBgNVBAsTB1NEU0MtQ0ExHjAcBgNVBAMTFUNlcnRp
> ZmljYXRlIEF1dGhvcml0eTEXMBUGCgmSJomT8ixkAQETB2NlcnRtYW4wHhcNMTIw
> NTE0MTYzODQ1WhcNMTMwNTE1MTYzODQ1WjA/MQswCQYDVQQGEwJVUzENMAsGA1UE
> ChMEU0RTQzENMAsGA1UECxMEU0RTQzESMBAGA1UEAxMJSW5jYSBJbmNhMIIBIjAN
> BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyKfvUWlReQgoQHhOFskbfaak6Q4y
> BkmhCr9XbmDIOLwN7RoUm2/Av+e4kQnjo2fyraUa9Fio7KWWfDaxnIWcS6Rnx+dI
> usMvxXgpx0tsCIAAB05QKBF1VuMvT0Hu+MFnkNgeRrbP4hInYPEzt6wuzcG/PTc7
> 6+zTsZ20xo9vbrV6saALuKaYyMZ/R6UUgHqIDaYiVXd+s2psC2wbgBX44cLvlXK9
> cQXKoEHwHE7wWkGplgVRAR2wKSzKQkkRZb4d+BDHUg6+1rHM2rIrPo5MyVK9ZAo8
> 7cMQQOgiWMF97GDs7Nw9wYWjrAcRkw7iMqAjnz3FqEmFc5Ge8oQVF+OZkQIDAQAB
> o4IBNzCCATMwCQYDVR0TBAIwADARBglghkgBhvhCAQEEBAMCBLAwLAYJYIZIAYb4
> QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMDIGCWCGSAGG+EIB
> BAQlFiNodHRwOi8vd3d3LnNkc2MuZWR1L0NBL1NEU0NfQ1JMLnBlbTAdBgNVHQ4E
> FgQUGo1yIlgWwzgzxPKg3dQ+HpnjvD4wgZEGA1UdIwSBiTCBhoAUv6OHLPYNdL1I
> bA4nvwHk8k9Guieha6RpMGcxCzAJBgNVBAYTAlVTMQ0wCwYDVQQKEwRTRFNDMRAw
> DgYDVQQLEwdTRFNDLUNBMR4wHAYDVQQDExVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkx
> FzAVBgoJkiaJk/IsZAEBEwdjZXJ0bWFuggEAMA0GCSqGSIb3DQEBBQUAA4IBAQBv
> /3MSvUFWU0oV313RpR7922vnIjzZnuvUDPyTRhfqPpCQ9Yw9CFEsS8rM9xyqJ4wc
> eLEB4zFn03DtUF3/5rqRG9KyEh8K8eJt5Ow7tBy6OQzgirZs1jhKL/2Ck6d+Adr8
> XtaUy9c3VLYB4sU1yIEjDxD3YkLHZsLEFnfcWWmWr3p629/pEUhk04sUjz8ZUn7k
> dlBMiX9nuBFWovpzn0urlqcqYKLqa7g7equH0ToxstABVOuw3e9L0pDQQs+SZZc6
> EqwcEnwQ+TnaADGUr821gUaW8pxbpsi53d/0FpwA4Lc9OvCg6EVR2Tr/8p+jnH/v
> 0opU2WNT6IuglYjI6tvD
> -----END CERTIFICATE-----
>
> This certificate (and its CA certificate below) can be parsed by OpenSSL and Erlang.
>
> In case it is helpful, the CA certificate for the above is:
>
> -----BEGIN CERTIFICATE-----
> MIIEDjCCAvagAwIBAgIBADANBgkqhkiG9w0BAQQFADBnMQswCQYDVQQGEwJVUzEN
> MAsGA1UEChMEU0RTQzEQMA4GA1UECxMHU0RTQy1DQTEeMBwGA1UEAxMVQ2VydGlm
> aWNhdGUgQXV0aG9yaXR5MRcwFQYKCZImiZPyLGQBARMHY2VydG1hbjAeFw0wNDA5
> MDkwMjQyMjlaFw0xNDA5MDkwMjQyMjlaMGcxCzAJBgNVBAYTAlVTMQ0wCwYDVQQK
> EwRTRFNDMRAwDgYDVQQLEwdTRFNDLUNBMR4wHAYDVQQDExVDZXJ0aWZpY2F0ZSBB
> dXRob3JpdHkxFzAVBgoJkiaJk/IsZAEBEwdjZXJ0bWFuMIIBIjANBgkqhkiG9w0B
> AQEFAAOCAQ8AMIIBCgKCAQEArXaQKLYiWyAq6ywSOAmKnmiV3u6tXCBmOYlF7Pzp
> hHssQvgomjeh7H31PLzNlxTy/dXQOeyBaDowAL2kCzgwrh/cUo79tZu77Xzgc9o5
> WR+Jq1huI2Au8QEz77PIi2c3fhsWyOYJMvHWXkDXhEr6YxYd1eTaIj435bZOJxVq
> ZF6HePoB5cpflx54KkjjoY3Vh0407EUW9kA7Jcx86dIqH7cSupmPTORsAxvYTmwd
> 1qODvd6i06dBcR9VMCTSA4trJTS6pCodKSjLCR6Ru9dgUpwB65gNwH6AVEmmxVet
> oXVsotHTMEghLAp5FBpMNF+s7olt7g19fq8VHnuhRRGkmQIDAQABo4HEMIHBMB0G
> A1UdDgQWBBS/o4cs9g10vUhsDie/AeTyT0a6JzCBkQYDVR0jBIGJMIGGgBS/o4cs
> 9g10vUhsDie/AeTyT0a6J6FrpGkwZzELMAkGA1UEBhMCVVMxDTALBgNVBAoTBFNE
> U0MxEDAOBgNVBAsTB1NEU0MtQ0ExHjAcBgNVBAMTFUNlcnRpZmljYXRlIEF1dGhv
> cml0eTEXMBUGCgmSJomT8ixkAQETB2NlcnRtYW6CAQAwDAYDVR0TBAUwAwEB/zAN
> BgkqhkiG9w0BAQQFAAOCAQEAWExIzttzYctC98r6ZC6h2uXPbyo9bvaU0fxtBrDF
> prD23yq8WXClIzKbOxBpRETr1kkeQbzX2R5quFLTTMd6GNqP+I28sklM9FUCLqKV
> DD75UjTqa0AVPgbNdRUECrm2wXXWTVpNIzTgX1M/uVX3yyQRHyi5gj7pqsESOTZ1
> 0xyOx4YnpCjrG9HCWIp0wjigWGw8I/GXe0UEPbAJTcPY844Z7E/PfyZuwcdYQSZF
> L030oKjrlWbKm/vGywbqt5QahKM1J60Z6WyIh7VeJV4YuvsP3bT0Sd4FXzmnhybq
> ca98K+/TyIvcWUgD/BGv4XYaUTOYWQRWOZGRSgGfwRq0FQ==
> -----END CERTIFICATE-----
>
>
> _______________________________________________
> rabbitmq-discuss mailing list
> rabbitmq-discuss at lists.rabbitmq.com
> https://lists.rabbitmq.com/cgi-bin/mailman/listinfo/rabbitmq-discuss
>

-- 
Simon MacMullen
RabbitMQ, VMware