Implement SSL support

[jocel1]

Hi,

Either https://github.com/BraveSirRobin/amqphp or https://github.com/videlalvaro/php-amqplib implements a way to connect to RabbitMQ through SSL.

Do you plan to add this kind of feature ?

Thanks !
Jocelyn

[lstrojny]

No plans yet, but it would make sense. Thing is, it’s not trivial to get SSL right. A rough list of features we should support:

• Peer and host validation against a CA certificate (for semi-public installations)
• Hardcoding the expected remote certificate to a specific certificate (for a tightly controlled private installation)
• Hardcoding the expected remote CA to a specific certificate (for a slightly less tightly controlled private installation)
• Fixating the list of applicable ciphers from the client side as well and ruling out insecure ciphers

Getting SSL implemented is already hard, because of the available APIs. Getting SSL right (and with the right features) is significantly harder. I would not trust myself doing it and I would like to have somebody doing it who really understands the whole SSL stack. As long as we don’t have that, I am rather not supporting it than supporting it badly.

[jocel1]

Thanks for the feedback.
On my side, so far, I don't care about certificates, I plan to make a simple SSL connection that doesn't use either client certificates or peer verification. (pehaps this kind of implementation would be easier ?)

[lstrojny]

You should actually care, otherwise SSL doesn’t make much sense 😃. For the verification: it’s not about the client cert, but about the server certificate for which you need some kind of validation. That is either the typical certificate authority based one or alternative approaches for self-signed certificates.

[pinepain]

Actually, rabbitmq-c has some ssl support with all that checks, so we can just rely on underlying library, don't we?

[blaugueux]

+1

[ThisIsAreku]

+1

[lstrojny]

Any takers welcome, as I personally lack the time and especially the knowledge on how to properly implement SSL support using OpenSSL and I rather not support it and have a broken implementation than support it badly.

[pinepain]

rabbitmq-c has already SSL support, so for us it should not be a problem. I propose to pass key and cert path inside with other config parameters in $credentials argument to AMQPConnection::__construct() and also add getters and setters for key and cert ({get,set}SecureKey, {get,set}SecureCert?). There should be method to check whether established connection is secure one (isSecure?). Setting key or cert when connection already established should fail.

[lstrojny]

@pinepain do you know anything about the implementation with regards to how they handle certificates?

[pinepain]

rabbitmq-c uses OpenSSL (by default, there are other SSL implementations support too). I'm not into crypto, incluting TLS/SSL internals, but from rabbitmq-c activity (I keep eye on it) and it examples, it is not necessary to dive into internals, while you just have to create SSL socket (in terms of rabbitmq-c library) and then use it instead of tcp one.

If interface I proposed fits php-amqp extension needs, I can try to play with SSL implementation when I will have some free time (beta ETA from 2 days to about 2 weeks).

[digipigeon]

+1 for this feature.

[d3xt3r01]

+1, the only reason I'm not using this yet.

[EagleEyeJohn]

@d3xt3r01 Couldn't you overcome the lack of SSL support by using a SSH tunnel?

[d3xt3r01]

I'm not in full control over all consumers.

[pinepain]

SSL connection support added in PR #205.

Please, give it a look and test a bit. I would really appreciate any feedback you can provide.

[pinepain]

ping @lstrojny in case #205 fits our needs this can be closed, I guess.

[prolic]

Can be closed?

[lstrojny]

Indeed.