search

streadway / amqp

Go client for AMQP 0.9.1
http://godoc.org/github.com/streadway/amqp
BSD 2-Clause "Simplified" License
4.88k stars 621 forks source link

Enabling TLS: DialTLS gives "EOF" error, no other information #454

Closed J7mbo closed 4 years ago

J7mbo commented 4 years ago

Certs are generated for "localhost", and "rabbitmq".

Using docker-compose, the certs are mounted in the container correctly and rabbitmq is running successfully. amqp:// works, but amqps:// gives "EOF" on connect.

I have tried both with the more complex NewCertPool etc, and without, with just a simple DialTLS call, I still get the same error with no other information.

Simple usage:

conn, err := amqp.DialTLS(
    fmt.Sprintf("amqps://guest:guest@localhost:5671"), nil,
)
if err != nil {
    panic(err)
}

Error:

panic: EOF

NewCertPool usage (removed error checking for ease of grokking):

caCert, _ := ioutil.ReadFile("ca_certificate.pem")
serverCert, _ := ioutil.ReadFile("server_certificate.pem")
serverKey, _ := ioutil.ReadFile("server_key.pem")

cfg := new(tls.Config)
cfg.ClientCAs = x509.NewCertPool()
cfg.ClientCAs.AppendCertsFromPEM([]byte(caCert))

cert, _ := tls.X509KeyPair([]byte(serverCert), []byte(serverKey))

cfg.Certificates = append(cfg.Certificates, cert)
cfg.ClientAuth = tls.RequireAndVerifyClientCert

conn, err := amqp.DialTLS("amqps://guest:guest@localhost:5671", &cfg)
if err != nil {
    panic(err)
}

Error:

panic: EOF

I traced it through to // Read header, payload. in conn.go. Why is reading the header failing? Debugging shows the TLS conn isConnected to be true, if that helps...

image

What am I doing wrong? Docker-compose is below:

rabbitmq:
        container_name: rabbitmq
        image: rabbitmq:3.8.4-management-alpine
        environment:
            RABBITMQ_MANAGEMENT_SSL_CACERTFILE: /ca_certificate.pem
            RABBITMQ_MANAGEMENT_SSL_CERTFILE: /server_certificate.pem
            RABBITMQ_MANAGEMENT_SSL_KEYFILE: /server_key.pem
        ports:
            - 5671:5671
            - 15671:15671
        volumes:
            - ./ca_certificate.pem:/ca_certificate.pem:ro
            - ./server_certificate.pem:/server_certificate.pem:ro
            - ./server_key.pem:/server_key.pem:ro
J7mbo commented 4 years ago

I will close this and open another issue as now it's a handshake error that doesn't seem related to docker-compose :)