search

prolic / HumusAmqp

PHP 7.4 AMQP library
https://humusamqp.readthedocs.io/
MIT License
76 stars 17 forks source link

fix ssl connection for php amqplib #35

Closed prolic closed 7 years ago

prolic commented 7 years ago

resolves https://github.com/prolic/HumusAmqp/issues/9

@basz @dl1ely Can you check if this is working for you?

coveralls commented 7 years ago

Coverage Status

Coverage increased (+0.2%) to 95.113% when pulling 6de10cc60daf20e46d1c0577d4341c2f201edd02 on phpamqplib-ssl-connection into eb023f4207ab99bd21c83f8ef64928012e24c91c on master.

basz commented 7 years ago

Since i currently connect locally I never continued with setting up TLS for this connection. I keep getting "Service with name "amqp-connection" could not be created. Reason: Library e
rror: a socket error occurred - Potential login failure." ... whenever I connect over the TLS port. I haveconfigured rabbitmq with letsencrypt certificates, which works for the admin and the web stomp plugin. (browsers can connect to it websockets over TLS).

I would expect things to work with these settings (using the extension)

Array
(
    [host] => 127.0.0.1
    [port] => 5671
    [login] => api-plhw-client
    [password] => ***
    [vhost] => api-plhw-development
    [persistent] => 
    [connect_timeout] => 1
    [read_timeout] => 60
    [write_timeout] => 2
    [heartbeat] => 0
    [cacert] => /home-projects/api-plhw-development/deploy/releases/20170210133916UTC/config/autoload/../../data/ssl/ca.pem
    [verify] => 
)

where ca.pem contains this: https://letsencrypt.org/certs/lets-encrypt-x3-cross-signed.pem.txt which is the same as cat /etc/rabbitmq/ssl/chain.pem which is a copy of /etc/letsencrypt/live/mq.plhw.nl/*. (also tried fullchain.pem and cert.pem) With the following rabbitmq configuration.

cat /etc/rabbitmq/rabbitmq.config 
[
  {
    rabbit,
    [
            {tcp_listeners, [{"127.0.0.1", 5672}, {"::1", 5672}]},
            {ssl_listeners, [5671]},
            {
              ssl_options, [
                           {cacertfile, "/etc/rabbitmq/ssl/fullchain.pem"},
                           {certfile,   "/etc/rabbitmq/ssl/cert.pem"},
                           {keyfile,    "/etc/rabbitmq/ssl/privkey.pem"},
                           {verify,     verify_none},
                           {fail_if_no_peer_cert,false}
                           ]
            }
    ]
  },
  {
    rabbitmq_web_stomp,
    [
            {
              ssl_config, [
                          {port,       15671},
                          {backlog,    1024},
                          {cacertfile, "/etc/rabbitmq/ssl/fullchain.pem"},
                          {certfile,   "/etc/rabbitmq/ssl/cert.pem"},
                          {keyfile,    "/etc/rabbitmq/ssl/privkey.pem"},
                          {password,   ""}
                          ]
            }
    ]
  }
].

Please tell me if i'm missing something obvious...

I did noticed this; https://github.com/prolic/HumusAmqp/blob/master/src/ConnectionOptions.php#L264 which means the option given must be like c_a_cert to camelcase to setCACert

prolic commented 7 years ago

@basz the options class doesn't map to setters but the class properties, that's why I think that c_a_cert is not your problem. cacert is correct and should be working.

About your usecase, I need to setup my environment for this specific use case and run some tests on my side to see what's going on. Please give me a couple of days, as I am quite busy these days. I will not forget it! :-)

basz commented 7 years ago

@basz https://github.com/basz the options class doesn't map to setters but the class properties, that's why I think that c_a_cert is not your problem. cacert is correct and should be working.

ok

About your usecase, I need to setup my environment for this specific use case and run some tests on my side to see what's going on. Please give me a couple of days, as I am quite busy these days. I will not forget it! :-)

nice, but no hurry - as said - connecting locally for the foreseeable future

prolic commented 7 years ago

@basz @dl1ely It's updated and supported by tests now, please check.

coveralls commented 7 years ago

Coverage Status

Coverage decreased (-3.9%) to 90.941% when pulling b739c1e99fd66f21aa55bd9d3b3e955f9e01c06b on phpamqplib-ssl-connection into eb023f4207ab99bd21c83f8ef64928012e24c91c on master.

coveralls commented 7 years ago

Coverage Status

Coverage increased (+0.4%) to 91.117% when pulling 145be4773e0145d6dbb19ac7b3375d968a7ff616 on phpamqplib-ssl-connection into 8b2eac8808428e22723169820902eec77d8f9e62 on master.

coveralls commented 7 years ago

Coverage Status

Coverage increased (+0.07%) to 90.959% when pulling 0e2f05d5e98b5b18eb01e14affc9073322cfc065 on phpamqplib-ssl-connection into 32741c1e1b8666ebf56c6ee4584f6772fdf3cb2f on master.

coveralls commented 7 years ago

Coverage Status

Coverage increased (+0.07%) to 90.959% when pulling 0e2f05d5e98b5b18eb01e14affc9073322cfc065 on phpamqplib-ssl-connection into 32741c1e1b8666ebf56c6ee4584f6772fdf3cb2f on master.

coveralls commented 7 years ago

Coverage Status

Coverage increased (+0.07%) to 90.959% when pulling 0e2f05d5e98b5b18eb01e14affc9073322cfc065 on phpamqplib-ssl-connection into 32741c1e1b8666ebf56c6ee4584f6772fdf3cb2f on master.