search

ibm-messaging / mq-golang

Calling IBM MQ from Go applications
Apache License 2.0
167 stars 60 forks source link

How to disable cert revocation check? [9.2.3] #182

Closed irl-segfault closed 2 years ago

irl-segfault commented 2 years ago

Hi all,

I would like to disable certificate revocation checks on the client side, meaning I would like my golang client to not check the revocation status of the queue manager's certificate. Which flag do I use for this? I was looking at these docs https://www.ibm.com/docs/en/ibm-mq/9.0?topic=file-ssl-stanza-client-configuration but cannot map the configuration parameters to anything in the cmqc files. Any help would be appreciated. Thanks!

irl-segfault commented 2 years ago

I'm actually seeing this for the first time https://www.ibm.com/docs/en/ibm-mq/9.0?topic=file-which-mq-clients-can-read-each-attribute

which details which MQ clients can read which configuration attributes. Notably, Go is missing, but I'm assuming that for the ClientRevocationChecks field, it is also unsupported. What is not clear is what the actual value ends up being in this case... Assuming it's REQUIRED but can't really verify that. Any help is much appreciated! Thanks

ibmmqmet commented 2 years ago

This package is built on top of the C client. Which is why it has to be installed to use the Go bindings. So all the documented attributes for the C client that can be put in the mqclient.ini file apply just as well here.

irl-segfault commented 2 years ago

I see, so how can I configure the ClientRevocationChecks? I don't see properties for that anywhere.

ibmmqmet commented 2 years ago

The mqclient.ini file is described in the parent topic at https://www.ibm.com/docs/en/ibm-mq/9.2?topic=client-configuring-using-configuration-file in particular the SSL stanza

irl-segfault commented 1 year ago

Hoping to re-open this -- I'd like to understand how I can configure the MQ golang client to have some of the properties available in the mqclient.ini file. Is there a way to load such an ini file into the Golang client, or is each field exposed in the Go struct on a one-off basis?

zemlya25 commented 7 months ago

Hoping to re-open this -- I'd like to understand how I can configure the MQ golang client to have some of the properties available in the mqclient.ini file. Is there a way to load such an ini file into the Golang client, or is each field exposed in the Go struct on a one-off basis?

Hi! how is your cert battle? Have the same issue during integration with data provider. Have vpn tunnel to ibm, but cert revocation failed during connection. And can't setup extra connection to their server

Checked conn status with mqclient.ini and amqsgetc and it works and validateion can be suppresed according to options in ini

zemlya25 commented 7 months ago

Hoping to re-open this -- I'd like to understand how I can configure the MQ golang client to have some of the properties available in the mqclient.ini file. Is there a way to load such an ini file into the Golang client, or is each field exposed in the Go struct on a one-off basis?

PS. Solved this issue - just set MQCLNTCF env var with path to client config ini file before your app call or simply in pod envs. This seting will be applied on client connect, library connection bindings will use it too/ I suppose it just wraps client calls