[rabbitmq-discuss] rabbit_stomp_reader ssl_upgrade_error
Antony Mayi
antonymayi at yahoo.com
Thu Nov 14 02:28:36 GMT 2013
Hi,
Trying to setup rabbit stomp with SSL using existing certificate but keep getting errors. I am using Erlang R14B and RabbitMQ 3.1.5.
My rabbit config is following:
[
{rabbitmq_stomp, [
{ssl_listeners, [61614]},
{ssl_options, [{cacertfile,"/tmp/ssl/certs/ca.pem"},
{certfile,"/tmp/ssl/certs/hostA.pem"},
{keyfile,"/tmp/ssl/private_keys/hostA.pem"},
{verify,verify_peer},
{fail_if_no_peer_cert,false}]}
]}
].
When doing basic connection test using openssl s_client I get following:
openssl s_client -connect localhost:61614 -cert /tmp/ssl/certs/hostA.pem -key /tmp/ssl/private_keys/hostA.pem -CAfile /tmp/ssl/certs/ca.pem
CONNECTED(00000003)
139852982814536:error:14094438:SSL routines:SSL3_READ_BYTES:tlsv1 alert internal error:s3_pkt.c:1197:SSL alert number 80
139852982814536:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:184:
---
no peer certificate available
---
No client certificate CA names sent
Rabbit log shows following error:
=CRASH REPORT==== 14-Nov-2013::02:09:18 ===
crasher:
initial call: rabbit_stomp_reader:init/2
pid: <0.328.0>
registered_name: []
exception error: no match of right hand side value
{error,{ssl_upgrade_error,"internal error"}}
in function rabbit_stomp_reader:init/2
ancestors: [<0.327.0>,rabbit_stomp_client_sup_sup,rabbit_stomp_sup,
<0.287.0>]
messages: []
links: [<0.327.0>]
dictionary: []
trap_exit: false
status: running
heap_size: 377
stack_size: 24
reductions: 852
neighbours:
Note the certificates are correct/valid and I am perfectly able to establish SSL connection with them using openssl s_server + s_client.
Any idea what's wrong?
Thanks,
Antony.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rabbitmq.com/pipermail/rabbitmq-discuss/attachments/20131114/6d3c3f26/attachment.htm>
More information about the rabbitmq-discuss
mailing list