[rabbitmq-discuss] [SPAM] Re: [SPAM] Re: Certificate with more than one intermediate CA

Karras, Thomas KarrasT at Pragmatics.com
Wed May 7 14:33:46 BST 2014


Yes, the s_client is able to connect to the rabbit server. It will take me some time to add the option to set ssl_options since I have no experience with Erlang and am also busy with some other tasks. We currently have a workaround by using an ssh tunnel to secure the connections between rabbit servers but it would be nice to use built in configuration instead. If someone else can test it out that would be great but otherwise I will see what I can do about testing it out with the depth option set on the client. This issue can actually be reproduced with a standard single intermediary cert by setting the depth setting to 0 in the ssl_options in rabbitmq.config.

Thanks,

Thomas

-----Original Message-----
From: Matthias Radestock [mailto:matthias at rabbitmq.com] 
Sent: Wednesday, May 07, 2014 9:23 AM
To: Discussions about RabbitMQ
Cc: Karras, Thomas
Subject: Re: [SPAM] Re: [rabbitmq-discuss] [SPAM] Re: Certificate with more than one intermediate CA

On 07/05/14 14:10, Karras, Thomas wrote:
> The standard openssl s_client and s_server work without problem with 
> these certificates.

Can s_client connect to the rabbit server?

> This problem I believe comes from the Erlang ssl library having 
> default values set on properties that cannot be set through the uri 
> query params. ...{depth, integer()}

I hear you, but I want to make sure that is really the issue here. If you don't mind writing a little bit of Erlang, you could try connecting to the upstream with the Erlang client, which *does* permit arbitrary ssl_options? It would be informative to know whether that works.

Matthias.


More information about the rabbitmq-discuss mailing list