Closed prolic closed 7 years ago
Since i currently connect locally I never continued with setting up TLS for this connection. I keep getting "Service with name "amqp-connection" could not be created. Reason: Library e
rror: a socket error occurred - Potential login failure." ... whenever I connect over the TLS port. I haveconfigured rabbitmq with letsencrypt certificates, which works for the admin and the web stomp plugin. (browsers can connect to it websockets over TLS).
I would expect things to work with these settings (using the extension)
Array
(
[host] => 127.0.0.1
[port] => 5671
[login] => api-plhw-client
[password] => ***
[vhost] => api-plhw-development
[persistent] =>
[connect_timeout] => 1
[read_timeout] => 60
[write_timeout] => 2
[heartbeat] => 0
[cacert] => /home-projects/api-plhw-development/deploy/releases/20170210133916UTC/config/autoload/../../data/ssl/ca.pem
[verify] =>
)
where ca.pem contains this: https://letsencrypt.org/certs/lets-encrypt-x3-cross-signed.pem.txt which is the same as cat /etc/rabbitmq/ssl/chain.pem
which is a copy of /etc/letsencrypt/live/mq.plhw.nl/*
. (also tried fullchain.pem and cert.pem) With the following rabbitmq configuration.
cat /etc/rabbitmq/rabbitmq.config
[
{
rabbit,
[
{tcp_listeners, [{"127.0.0.1", 5672}, {"::1", 5672}]},
{ssl_listeners, [5671]},
{
ssl_options, [
{cacertfile, "/etc/rabbitmq/ssl/fullchain.pem"},
{certfile, "/etc/rabbitmq/ssl/cert.pem"},
{keyfile, "/etc/rabbitmq/ssl/privkey.pem"},
{verify, verify_none},
{fail_if_no_peer_cert,false}
]
}
]
},
{
rabbitmq_web_stomp,
[
{
ssl_config, [
{port, 15671},
{backlog, 1024},
{cacertfile, "/etc/rabbitmq/ssl/fullchain.pem"},
{certfile, "/etc/rabbitmq/ssl/cert.pem"},
{keyfile, "/etc/rabbitmq/ssl/privkey.pem"},
{password, ""}
]
}
]
}
].
Please tell me if i'm missing something obvious...
I did noticed this; https://github.com/prolic/HumusAmqp/blob/master/src/ConnectionOptions.php#L264 which means the option given must be like c_a_cert
to camelcase to setCACert
@basz the options class doesn't map to setters but the class properties, that's why I think that c_a_cert
is not your problem. cacert
is correct and should be working.
About your usecase, I need to setup my environment for this specific use case and run some tests on my side to see what's going on. Please give me a couple of days, as I am quite busy these days. I will not forget it! :-)
@basz https://github.com/basz the options class doesn't map to setters but the class properties, that's why I think that c_a_cert is not your problem. cacert is correct and should be working.
ok
About your usecase, I need to setup my environment for this specific use case and run some tests on my side to see what's going on. Please give me a couple of days, as I am quite busy these days. I will not forget it! :-)
nice, but no hurry - as said - connecting locally for the foreseeable future
@basz @dl1ely It's updated and supported by tests now, please check.
resolves https://github.com/prolic/HumusAmqp/issues/9
@basz @dl1ely Can you check if this is working for you?