Rabbitmq: supporting depth in ssl_options

Created on 3 Apr 2017  路  6Comments  路  Source: docker-library/rabbitmq

Hello!

I'm trying to use ssl in container from your image rabbitmq:3-management-alpine.
Client sends both cert and key, but rabbit answers:
SSL: certify: ssl_handshake.erl:1606:Fatal error: unknown ca
Client's and server's certs are signed by the same intermediate CA.

Server's container starts with following settings:
RABBITMQ_SSL_CERTFILE: /etc/pki/tls/certs/rabbit-01.mydomain.org.pem RABBITMQ_SSL_KEYFILE: /etc/pki/tls/private/rabbit-01.mydomain.org-key.pem RABBITMQ_SSL_CACERTFILE: /etc/pki/tls/certs/ca.bundle.pem

ca.bundle.pem contains root CA cert and intermediate CA.

If I create a chain from client cert and CA bundle - it works. But I need to send only certificate from the client.
I think, that I need 'depth' setting, but there is no way to add it to config file in container.
Please, can you add it?

Most helpful comment

Me to

All 6 comments

I have the same problem.

Me to

hm, looks suspicious...

The above comments and reactions do seem staged and produced by a group of coworkers or similar upvoting each other. That's not how you make changes happen in open source projects. Contributing and submitting pull request for consideration is.

@tianon @yosifkit just a bit of perspective from the RabbitMQ team. Supporting TLS verification depth is essential as peer verification in some cases cannot be used without modifying the depth. So even if we ignore the upvoting fest above this is a high priority issue if you ask me.

Appologies for this stuff from the team. The problem is really urgent and important for me

@michaelklishin thanks :heart:

I'll make a PR shortly to add depth. :+1:

Was this page helpful?
0 / 5 - 0 ratings

Related issues

Thubo picture Thubo  路  6Comments

fanhualei picture fanhualei  路  4Comments

ash9002 picture ash9002  路  5Comments

556u5ut picture 556u5ut  路  5Comments

LanceGG picture LanceGG  路  5Comments