RabbitMQ + TLS + default Erlang with Ubuntu 14.04

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

RabbitMQ + TLS + default Erlang with Ubuntu 14.04

carlhoerberg
Seems to be a problem with the default erlang coming with ubuntu 14.04, rabbitmq and TLS.

When enabling TLS it causes problems with some TLS clients.

Firefox:
Secure Connection Failed
An error occurred during a connection to purple-fawn.rmq.cloudamqp.com. The key does not support the requested operation. (Error code: sec_error_invalid_key)

Chrome:
Error code: ERR_SSL_CLIENT_AUTH_SIGNATURE_FAILED

Safari: Works

Java: sun.security.pkcs11.wrapper.PKCS11Exception: CKR_DOMAIN_PARAMS_INVALID

When installing Erlang R17 from erlang-solutions it works fine. Erlang R16B3-1 (the version coming with ubutu 14.04) from erlang-solutions on ubuntu 12.04 works fine too.

RabbitMQ logs:

2014-05-14 11:38:45 UTC ERROR
SSL: certify: tls_connection.erl:375:Fatal error: unexpected message

2014-05-14 11:38:45 UTC ERROR
** gen_event handler rabbit_sasl_report_file_h crashed.
** Was installed in error_logger
** Last event was: {error_report,<0.339.0>,
                       {<0.348.0>,std_error,
                        {mochiweb_socket_server,295,
                            {acceptor_error,{error,accept_failed}}}}}
** When handler state == {<0.47.0>,
                          "/var/log/rabbitmq/rabbit@purple-fawn-01-sasl.log",
                          error}
** Reason == {function_clause,
                 [{truncate,'-report/2-lc$^0/1-0-',
                      [{mochiweb_socket_server,295,
                           {acceptor_error,{error,accept_failed}}},
                       {2000,100,50,5}],
                      []},
                  {truncate,log_event,2,[]},
                  {rabbit_sasl_report_file_h,handle_event,2,[]},
                  {gen_event,server_update,4,
                      [{file,"gen_event.erl"},{line,522}]},
                  {gen_event,server_notify,4,
                      [{file,"gen_event.erl"},{line,504}]},
                  {gen_event,server_notify,4,
                      [{file,"gen_event.erl"},{line,506}]},
                  {gen_event,handle_msg,5,[{file,"gen_event.erl"},{line,266}]},
                  {proc_lib,init_p_do_apply,3,
                      [{file,"proc_lib.erl"},{line,239}]}]}

2014-05-14 11:38:45 UTC ERROR
** gen_event handler rabbit_error_logger_file_h crashed.
** Was installed in error_logger
** Last event was: {error_report,<0.339.0>,
                       {<0.348.0>,std_error,
                        {mochiweb_socket_server,295,
                            {acceptor_error,{error,accept_failed}}}}}
** When handler state == {<0.46.0>,
                          "/var/log/rabbitmq/rabbit@purple-fawn-01.log",[]}
** Reason == {function_clause,
                 [{truncate,'-report/2-lc$^0/1-0-',
                      [{mochiweb_socket_server,295,
                           {acceptor_error,{error,accept_failed}}},
                       {2000,100,50,5}],
                      []},
                  {truncate,log_event,2,[]},
                  {rabbit_error_logger_file_h,handle_event,2,[]},
                  {gen_event,server_update,4,
                      [{file,"gen_event.erl"},{line,522}]},
                  {gen_event,server_notify,4,
                      [{file,"gen_event.erl"},{line,504}]},
                  {gen_event,server_notify,4,
                      [{file,"gen_event.erl"},{line,506}]},
                  {gen_event,handle_msg,5,[{file,"gen_event.erl"},{line,266}]},
                  {proc_lib,init_p_do_apply,3,
                      [{file,"proc_lib.erl"},{line,239}]}]}

2014-05-14 11:38:59 UTC ERROR
SSL: certify: tls_connection.erl:375:Fatal error: unexpected message

2014-05-14 11:39:14 UTC ERROR
SSL: certify: tls_connection.erl:375:Fatal error: unexpected message
Reply | Threaded
Open this post in threaded view
|

Re: RabbitMQ + TLS + default Erlang with Ubuntu 14.04

Michael Klishin-2
On 14 May 2014 at 15:55:56, carlhoerberg ([hidden email]) wrote:
> > When installing Erlang R17 from erlang-solutions it works  
> fine. Erlang
> R16B3-1 (the version coming with ubutu 14.04) from erlang-solutions  
> on
> ubuntu 12.04 works fine too.

Have you tried openssl s_client? It's hard to tell what's going on.
There's a bunch of ssl app fixes in R17:
http://www.erlang.org/download/otp_src_17.0.readme

but I'm not sure why 2 different packages of R16B03-1 behave differently.
Can they use different OpenSSL versions? 
--  
MK  

Software Engineer, Pivotal/RabbitMQ
_______________________________________________
rabbitmq-discuss mailing list
[hidden email]
https://lists.rabbitmq.com/cgi-bin/mailman/listinfo/rabbitmq-discuss