-
-
Notifications
You must be signed in to change notification settings - Fork 119
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Implement SSL support #118
Comments
No plans yet, but it would make sense. Thing is, it’s not trivial to get SSL right. A rough list of features we should support:
Getting SSL implemented is already hard, because of the available APIs. Getting SSL right (and with the right features) is significantly harder. I would not trust myself doing it and I would like to have somebody doing it who really understands the whole SSL stack. As long as we don’t have that, I am rather not supporting it than supporting it badly. |
Thanks for the feedback. |
You should actually care, otherwise SSL doesn’t make much sense 😃. For the verification: it’s not about the client cert, but about the server certificate for which you need some kind of validation. That is either the typical certificate authority based one or alternative approaches for self-signed certificates. |
Actually, rabbitmq-c has some ssl support with all that checks, so we can just rely on underlying library, don't we? |
+1 |
1 similar comment
+1 |
Any takers welcome, as I personally lack the time and especially the knowledge on how to properly implement SSL support using OpenSSL and I rather not support it and have a broken implementation than support it badly. |
rabbitmq-c has already SSL support, so for us it should not be a problem. I propose to pass key and cert path inside with other config parameters in |
@pinepain do you know anything about the implementation with regards to how they handle certificates? |
rabbitmq-c uses OpenSSL (by default, there are other SSL implementations support too). I'm not into crypto, incluting TLS/SSL internals, but from rabbitmq-c activity (I keep eye on it) and it examples, it is not necessary to dive into internals, while you just have to create SSL socket (in terms of rabbitmq-c library) and then use it instead of tcp one. If interface I proposed fits php-amqp extension needs, I can try to play with SSL implementation when I will have some free time (beta ETA from 2 days to about 2 weeks). |
+1 for this feature. |
+1, the only reason I'm not using this yet. |
@d3xt3r01 Couldn't you overcome the lack of SSL support by using a SSH tunnel? |
I'm not in full control over all consumers. |
SSL connection support added in PR #205. Please, give it a look and test a bit. I would really appreciate any feedback you can provide. |
Can be closed? |
Indeed. |
Hi,
Either https://github.com/BraveSirRobin/amqphp or https://github.com/videlalvaro/php-amqplib implements a way to connect to RabbitMQ through SSL.
Do you plan to add this kind of feature ?
Thanks !
Jocelyn
The text was updated successfully, but these errors were encountered: