New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fixed reading SSL settings from rabbitmqadmin config file #4408
Fixed reading SSL settings from rabbitmqadmin config file #4408
Conversation
Fixed reading boolean values from rabbitmqadmin config file
@fwolfsjaeger Please sign the Contributor License Agreement! Click here to manually synchronize the status of this Pull Request. See the FAQ for frequently asked questions. |
@fwolfsjaeger Thank you for signing the Contributor License Agreement! |
Thank you for taking the time to contribute. The changes look OK. I'll try to reproduce to verify the effectiveness now. |
I QA'ed this PR with the following:
# rabbitmq.conf
management.ssl.port = 15671
management.ssl.cacertfile = /tmp/tmp-tls-gen/basic/result/ca_certificate.pem
management.ssl.certfile = /tmp/tmp-tls-gen/basic/result/server_certificate.pem
management.ssl.keyfile = /tmp/tmp-tls-gen/basic/result/server_key.pem
# management.ssl.versions.1 = tlsv1.3
management.ssl.versions.1 = tlsv1.2
management.ssl.verify = verify_none
management.ssl.fail_if_no_peer_cert = false
## These are TLS 1.3 cipher suites
# management.ssl.ciphers.1 = TLS_AES_256_GCM_SHA384
# management.ssl.ciphers.2 = TLS_AES_128_GCM_SHA256
# management.ssl.ciphers.3 = TLS_CHACHA20_POLY1305_SHA256
# management.ssl.ciphers.4 = TLS_AES_128_CCM_SHA256
# management.ssl.ciphers.5 = TLS_AES_128_CCM_8_SHA256 # rabbitmqadmin.conf
[localhost_https]
hostname = my-hostname
port = 15671
username = guest
password = guest
ssl = True
ssl_key_file = /tmp/tmp-tls-gen2/basic/result/client_key.pem
ssl_cert_file = /tmp/tmp-tls-gen2/basic/result/client_certificate.pem
ssl_insecure = True and while this PR works as expected, so does
since the server certificate is not in the trusted certificate chain.
|
I'm OK with accepting this contribution since the behavior is what we expect but both trying to reproduce the scenario where the key isn't taken from |
Fixed reading SSL settings from rabbitmqadmin config file (backport #4408)
@fwolfsjaeger since |
Sorry for the late reply. Thank you for accepting the changes. I have not set the following 2 settings in management.ssl.verify = verify_none
management.ssl.fail_if_no_peer_cert = false However, the issue for me was the the |
I am using a self-signed certificate for RabbitMQ. In order to connect to the server using rabbitmqadmin I have to set the flag --ssl-insecure. When trying to set this flag in the rabbitmqadmin config file I noticed that it doesn't work.
Proposed Changes
I've extended the python script so that the boolean SSL options can be defined in the config file. It is still possible to override the config values with cli options.
Types of Changes
What types of changes does your code introduce to this project?
Put an
x
in the boxes that applyChecklist
Put an
x
in the boxes that apply.You can also fill these out after creating the PR.
If you're unsure about any of them, don't hesitate to ask on the mailing list.
We're here to help!
This is simply a reminder of what we are going to look for before merging your code.
CONTRIBUTING.md
document