[rabbitmq-discuss] Not able to get ssl working with rabbitMQ server

Kausik Chattopadhyay connect_kausik at yahoo.com
Mon Jan 27 11:01:41 GMT 2014


Hi Michael,
So far I  was working with SelectConnection using pika and it is good.
Today I tried to get a publisher working with BlockingConnection with SSL. Normal connection works however failing with SSL. The same setup works with SelectConnection. Any idea ?

My publisher code is as follows:

 parameters = ConnectionParameters(HOST, PORT,
                                              ssl=True,
                                              ssl_options=ssl_options)
connection = pika.BlockingConnection(parameters)




I am getting the following error:

------------------------------------------
DEBUG      2014-01-27 16:25:27,901 pika.callback                  add                                  161 : Added: {'callback': <bound method BlockingConnection._on_connection_error of <pika.adapters.blocking_connection.BlockingConnection object at 0x2d6be90>>, 'only': None, 'one_shot': False, 'arguments': None}

DEBUG      2014-01-27 16:25:27,901 pika.callback                  add                                  161 : Added: {'callback': <bound method BlockingConnection._on_connection_start of <pika.adapters.blocking_connection.BlockingConnection object at 0x2d6be90>>, 'only': None, 'one_shot': True, 'arguments': None, 'calls': 1}
INFO       2014-01-27 16:25:27,901 pika.adapters.base_connection  _create_and_connect_to_socket        164 : Connecting to 172.16.47.133:5671 with SSL
DEBUG      2014-01-27 16:25:27,925 pika.callback                  process                              217 : Processing 0:Connection.Start
DEBUG      2014-01-27 16:25:27,925 pika.callback                  _use_one_shot_callback               390 : Processing use of oneshot callback
DEBUG      2014-01-27 16:25:27,925 pika.callback                  _use_one_shot_callback               392 : 0 registered uses left
DEBUG      2014-01-27 16:25:27,925 pika.callback                  remove                               260 : Removing callback #0: {'callback': <bound method BlockingConnection._on_connection_start of <pika.adapters.blocking_connection.BlockingConnection object at 0x2d6be90>>, 'only': None, 'one_shot': True, 'arguments': None, 'calls': 0}
DEBUG      2014-01-27 16:25:27,926 pika.callback                  process                              231 : Calling <bound method BlockingConnection._on_connection_start of <pika.adapters.blocking_connection.BlockingConnection object at 0x2d6be90>> for "0:Connection.Start"
DEBUG      2014-01-27 16:25:27,926 pika.callback                  add                                  161 : Added: {'callback': <bound method BlockingConnection._on_connection_tune of <pika.adapters.blocking_connection.BlockingConnection object at 0x2d6be90>>, 'only': None, 'one_shot': True, 'arguments': None, 'calls': 1}
DEBUG      2014-01-27 16:25:27,926 pika.callback                  process                              217 : Processing 0:Connection.Tune
DEBUG      2014-01-27 16:25:27,926 pika.callback                  _use_one_shot_callback               390 : Processing use of oneshot callback
DEBUG      2014-01-27 16:25:27,926 pika.callback                  _use_one_shot_callback               392 : 0 registered uses left
DEBUG      2014-01-27 16:25:27,926 pika.callback                  remove                               260 : Removing callback #0: {'callback': <bound method BlockingConnection._on_connection_tune of <pika.adapters.blocking_connection.BlockingConnection object at 0x2d6be90>>, 'only': None, 'one_shot': True, 'arguments': None, 'calls': 0}
DEBUG      2014-01-27 16:25:27,926 pika.callback                  process                              231 : Calling <bound method BlockingConnection._on_connection_tune of <pika.adapters.blocking_connection.BlockingConnection object at 0x2d6be90>> for "0:Connection.Tune"
DEBUG      2014-01-27 16:25:27,926 pika.connection                _create_heartbeat_checker            946 : Creating a HeartbeatChecker: 600
DEBUG      2014-01-27 16:25:27,926 pika.callback                  add                                  161 : Added: {'callback': <bound method BlockingConnection._on_connection_open of <pika.adapters.blocking_connection.BlockingConnection object at 0x2d6be90>>, 'only': None, 'one_shot': True, 'arguments': None, 'calls': 1}
DEBUG      2014-01-27 16:25:27,927 pika.callback                  process                              217 : Processing 0:Connection.OpenOk
DEBUG      2014-01-27 16:25:27,927 pika.callback                  _use_one_shot_callback               390 : Processing use of oneshot callback
DEBUG      2014-01-27 16:25:27,927 pika.callback                  _use_one_shot_callback               392 : 0 registered uses left
DEBUG      2014-01-27 16:25:27,927 pika.callback                  remove                               260 : Removing callback #0: {'callback': <bound method BlockingConnection._on_connection_open of <pika.adapters.blocking_connection.BlockingConnection object at 0x2d6be90>>, 'only': None, 'one_shot': True, 'arguments': None, 'calls': 0}
DEBUG      2014-01-27 16:25:27,927 pika.callback                  process                              231 : Calling <bound method BlockingConnection._on_connection_open of <pika.adapters.blocking_connection.BlockingConnection object at 0x2d6be90>> for "0:Connection.OpenOk"
DEBUG      2014-01-27 16:25:27,927 pika.callback                  add                                  161 : Added: {'callback': <bound method BlockingConnection._on_connection_closed of <pika.adapters.blocking_connection.BlockingConnection object at 0x2d6be90>>, 'only': None, 'one_shot': True, 'arguments': None, 'calls': 1}

--------------------------------------- 


Serverside log shows:

=INFO REPORT==== 27-Jan-2014::05:55:47 ===
accepting AMQP connection <0.6427.1> (172.16.47.1:56458 -> 172.16.47.133:5671)

=WARNING REPORT==== 27-Jan-2014::05:55:47 ===
closing AMQP connection <0.6427.1> (172.16.47.1:56458 -> 172.16.47.133:5671):
connection_closed_abruptly





On Wednesday, January 22, 2014 8:07 PM, Kausik Chattopadhyay <connect_kausik at yahoo.com> wrote:
 
Hi Michael,
Thanks.
 Actually the certificates were owned by root. 
I tried the followings:
1. Adding user rabbitmq to group root  --- didnt work
2. Changing the ownership of all the certficates to rabbitmq:rabbitmq --- didnt work

Finally I tried this. Created a "rabbitmq" sudoer. Installing rabbitmq server. Generating the certificates as a "rabbitmq" user --> this worked

Thanks
Kausik



On Wednesday, January 22, 2014 4:54 PM, Michael Klishin <mklishin at gopivotal.com> wrote:
 

On 22 Jan 2014, at 14:59, Kausik Chattopadhyay <connect_kausik at yahoo.com> wrote:

> Interestingly, this is the log from rabbit at master1-sasl.log

There is nothing new in the SASL log.

ecacertfile indicates there was an issue with the CA certificate, which cannot
be loaded due to eaccess (according to the other log file).

--
MK

Software Engineer, Pivotal/RabbitMQ
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rabbitmq.com/pipermail/rabbitmq-discuss/attachments/20140127/f215467c/attachment.html>


More information about the rabbitmq-discuss mailing list