I want to add TLS for my app, what should I do?

[ttxoox]

I want to add TLS for my app.

I have two certificates now, they are truststore.jks and client.p12. What should I do next?

I use RMQConnection * connection = [[RMQConnection alloc] initWithUri:@"amqps://wubb:123456@192.168.1.102:5671/" tlsOptions:tlsOp delegate:[RMQConnectionDelegateLogger new]];, but I don't know how to fill in tlsOptions.

I try to use RMQTLSOptions * tlsOp = [[RMQTLSOptions alloc] initWithPeerName:@"192.168.1.102" verifyPeer:YES pkcs12:p12_data pkcs12Password:@"123456"]; to solve this problem, and I also use client.p12 to get p12_data and fill in property pkcs12. However, it doesn't work.

My code below:

Console log below:

2017-11-20 16:36:45.725694+0800 RMQDemo[19127:318001] Received connection: <RMQConnection: 0x60c0002e2480> disconnectedWithError: Error Domain=kCFStreamErrorDomainSSL Code=-9807 "(null)" UserInfo={NSLocalizedRecoverySuggestion=Error code definition can be found in Apple's SecureTransport.h}
2017-11-20 16:36:47.732901+0800 RMQDemo[19127:319749] Received connection: <RMQConnection: 0x6000002e5500> disconnectedWithError: Error Domain=kCFStreamErrorDomainSSL Code=-9807 "(null)" UserInfo={NSLocalizedRecoverySuggestion=Error code definition can be found in Apple's SecureTransport.h}
2017-11-20 16:36:47.788578+0800 RMQDemo[19127:318001] Received connection: <RMQConnection: 0x6040002e5c00> disconnectedWithError: Error Domain=kCFStreamErrorDomainSSL Code=-9807 "(null)" UserInfo={NSLocalizedRecoverySuggestion=Error code definition can be found in Apple's SecureTransport.h}
2017-11-20 16:36:55.719831+0800 RMQDemo[19127:318001] Received connection: <RMQConnection: 0x60c0002e2480> failedToConnectWithError: Error Domain=com.rabbitmq.rabbitmq-objc-client Code=1 "Handshake timed out." UserInfo={NSLocalizedDescription=Handshake timed out.}

[michaelklishin]

Thank you for your time.

Team RabbitMQ uses GitHub issues for specific actionable items engineers can work on. This assumes two things:

1. GitHub issues are not used for questions, investigations, root cause analysis, discussions of potential issues, etc (as defined by this team)
2. We have a certain amount of information to work with

We get at least a dozen of questions through various venues every single day, often quite light on details. At that rate GitHub issues can very quickly turn into a something impossible to navigate and make sense of even for our team. Because of that questions, investigations, root cause analysis, discussions of potential features are all considered to be mailing list material by our team. Please post this to rabbitmq-users.

Getting all the details necessary to reproduce an issue, make a conclusion or even form a hypothesis about what's happening can take a fair amount of time. Our team is multiple orders of magnitude smaller than the RabbitMQ community. Please help others help you by providing a way to reproduce the behavior you're observing, or at least sharing as much relevant information as possible on the list:

• Server, client library and plugin (if applicable) versions used
• Server logs
• A code example or terminal transcript that can be used to reproduce
• Full exception stack traces (not a single line message)
• rabbitmqctl status (and, if possible, rabbitmqctl environment output)
• Other relevant things about the environment and workload, e.g. a traffic capture

Feel free to edit out hostnames and other potentially sensitive information.

When/if we have enough details and evidence we'd be happy to file a new issue.

Thank you.

[michaelklishin]

See server logs. There is a TLS troubleshooting guide which uses PEM certificates. PKCS12 can be converted to PEM to perform the steps listed there.

Integration tests of this client contain TLS connection tests that can serve as examples.