[rabbitmq-discuss] mazy behavior of rabbitmq-c in same ip case

Rohit Patle Rohit.Patle at techmahindra.com
Wed Jun 18 07:28:06 BST 2014


Hi Michael,

The outcome of openssl tool is different in different scenarios, when I assign the the client dynamic ip the outcome of : "openssl s_client -host ms501.xxxxx.com -port 5671 -quiet -state"  is as follows

SSL_connect:before/connect initialization
SSL_connect:unknown state
SSL_connect:SSLv3 read server hello A
depth=1 CN = xxxxxxxx
verify error:num=19:self signed certificate in certificate chain
verify return:0
SSL_connect:SSLv3 read server certificate A
SSL_connect:SSLv3 read server certificate request A
SSL_connect:SSLv3 read server done A
SSL_connect:SSLv3 write client certificate A
SSL_connect:SSLv3 write client key exchange A
SSL_connect:SSLv3 write change cipher spec A
SSL_connect:SSLv3 write finished A
SSL_connect:SSLv3 flush data
SSL3 alert read:fatal:handshake failure
SSL_connect:failed in SSLv3 read finished A
3074099400:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure:s3_pkt.c:1260:SSL alert number 40
3074099400:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:177:

And when I assigned static ip the outcome of openssl tool  for the command :"openssl s_client -host ms501.xxxxx.com -port 5671 -quiet -state" is as:

gethostbyname failure
connect : errno=11

In both cases communication happens as expected. But the issue comes when I use the single static ip for two consumers.

Please advise.

Thanks & Regards,
Rohit

________________________________________
From: Michael Klishin [mklishin at gopivotal.com]
Sent: Tuesday, June 17, 2014 3:20 PM
To: Rohit Patle
Cc: rabbitmq-discuss at lists.rabbitmq.com
Subject: RE: [rabbitmq-discuss] mazy behavior of rabbitmq-c in same ip case

 On 17 June 2014 at 13:47:26, Rohit Patle (rohit.patle at techmahindra.com) wrote:
> > I believe it is not SSL handshake issue, because the connection
> is getting establish successfully, for both the connection
> I am getting comments in Rabbitmq log as "accepting AMQP connection"
> for the same ip's, but after some time like in a minute I am getting
> "AMQP_STATUS_SSL_ERROR" in my clients.

AMQP_STATUS_SSL_ERROR is very generic and without getting
more info from OpenSSL it's not really possible to tell what the problem is:

http://lists.rabbitmq.com/pipermail/rabbitmq-discuss/2013-September/030459.html

Try openssl s_client, it usually produces better error messages
and displays more info than almost any other tool out there.
--
MK

Software Engineer, Pivotal/RabbitMQ

________________________________

DISCLAIMER:
This email (including any attachments) is intended for the sole use of the intended recipient/s and may contain material that is CONFIDENTIAL AND PRIVATE COMPANY INFORMATION. Any review or reliance by others or copying or distribution or forwarding of any or all of the contents in this message is STRICTLY PROHIBITED. If you are not the intended recipient, please contact the sender by email and delete all copies; your cooperation in this regard is appreciated.


More information about the rabbitmq-discuss mailing list