[rabbitmq-discuss] Fwd: SSL upgrade error cacrtfile

Narayan Reddy bvnr.mail at gmail.com
Wed Jun 4 13:20:12 BST 2014


Hi Michael,
                Thanks for your reply, Please help me out to fix this issue.

*What client do you use?*
I needs to use the cpp client, but the ssl connection is not happening even
with openssl util (in s_client mode)
*Do you configure SSL to any specific version?*
No, Not aware of this how can i check that can you give me command to check

*# erl*
*Erlang R16B (erts-5.10.1) [source] [smp:8:8] [async-threads:10] [hipe]
[kernel-poll:false]*

*Eshell V5.10.1  (abort with ^G)*
*1> ssl:versions().*
*[{ssl_app,"5.2.1"},*
* {supported,['tlsv1.2','tlsv1.1',tlsv1,sslv3]},*
* {available,['tlsv1.2','tlsv1.1',tlsv1,sslv3]}]*
*2>*
*2>*


*What OS does your client and RabbitMQ run on?*
# cat /etc/redhat-release
Red Hat Enterprise Linux Server release 6.2 (Santiago)

My Rabbitmq.config file

*# cat /etc/rabbitmq/rabbitmq.config*
*[*
*  {rabbit, [*
*     {ssl_listeners, [5671]},*
*     {ssl_options, [{cacertfile,"/home/prime/SSL/testca/cacert.pem"},*
*                    {certfile,"/home/prime/SSL/server/cert.pem"},*
*                    {keyfile,"/home/prime/SSL/server/key.pem"},*
*                    {verify,verify_peer},*
*                    {fail_if_no_peer_cert,true}]},*

*  {loopback_users, []}*
*   ]}*
*].*

Openssl client output:

*$ openssl s_client -connect localhost:5671 -cert client/cert.pem  -key
client/key.pem  -CAfile testca/cacert.pem*
*CONNECTED(00000003)*
*write:errno=104*
*---*
*no peer certificate available*
*---*
*No client certificate CA names sent*
*---*
*SSL handshake has read 0 bytes and written 113 bytes*
*---*
*New, (NONE), Cipher is (NONE)*
*Secure Renegotiation IS NOT supported*
*Compression: NONE*
*Expansion: NONE*
*---*


rabbitmq broker.log

 *=INFO REPORT==== 4-Jun-2014::17:27:17 ===*
*accepting AMQP connection <0.951.0> (127.0.0.1:38486
<http://127.0.0.1:38486> -> 127.0.0.1:5671 <http://127.0.0.1:5671>)*

*=ERROR REPORT==== 4-Jun-2014::17:27:22 ===*
*error on AMQP connection <0.951.0>:
{ssl_upgrade_error,{options,{cacertfile,[47,104,111,109,101,47,112,114,105,109,101,47,83,83,76,47...*


--
Thanks & Regards
Narayan


On 4 June 2014 13:37, Michael Klishin <mklishin at gopivotal.com> wrote:

>  On 4 June 2014 at 12:00:48, Narayan (bvnr.mail at gmail.com) wrote:
> > > * Check SSL support in Erlang ----- SUCCESS
> > ssl:versions().
> > SSL version: [{ssl_app,"5.3"},
> > {supported,['tlsv1.2','tlsv1.1',tlsv1,sslv3]},
> > {available,['tlsv1.2','tlsv1.1',tlsv1,sslv3]}]
> > RabbitMQ 3.3.0, Erlang R16B01
>
> What client do you use? Do you configure SSL to any specific version?
> What OS does your client and RabbitMQ run on?
> --
> MK
>
> Software Engineer, Pivotal/RabbitMQ
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rabbitmq.com/pipermail/rabbitmq-discuss/attachments/20140604/67d0497d/attachment.html>


More information about the rabbitmq-discuss mailing list