search

ruby-amqp / bunny

Bunny is a popular, easy to use, mature Ruby client for RabbitMQ
Other
1.39k stars 304 forks source link

Fix CA cert regexp #609

Closed sharshenov closed 3 years ago

sharshenov commented 3 years ago

The regex /^([a-z]:?)?\//i introduced in 334e98c59f85b1b25152ae988ccb170666ced365 is intended to pick Windows file paths (C:/whatever). But ^ matcher stands for "start of line", which leads to false-positive matches when inline certificate has a char with slash at the begginning of a some line.

Certs like this one

-----BEGIN CERTIFICATE-----
whatever
U/whatever
whatever
-----END CERTIFICATE-----

are treated as a file path.

As result Bunny is unable to connect to the RMQ server with self signed certificate and prints an error:

OpenSSL::SSL::SSLError: SSL_connect returned=1 errno=0 state=error: certificate verify failed (self signed certificate in certificate chain)

A regexp matcher \A stands for "Start of string" and resolves false-positive match.