Grokbase Groups RabbitMQ rabbitmq-discuss September 2011
FAQ
Hi,
We are developing a project that uses rabbitmq with ssl. But we are facing
a problem with .Net Client of our project which cannot connect to our
server. But with Java, with the same configurations we have succeeded.
We are getting an error which says "none of the specified end points were
reachable".
Our firewall is off on both server and client so its not a firewall issue.

We are using Windows 7 x64 and .Net Framework 4.0 on our problematic
client.
As i said before our Java publisher and consumer works flawlessly but our
publisher must be on .Net Framework for the sake of our projects.
We were suspecting a certificate problem and tried openssl s_client and
openssl s_server but no problems.
We have already tried cert.pem, cert.cer, cert.p12 files on our windows
client but no success.
Waiting for your help.
Detailed exception outputs are below.
Thanks and regards...

Error : None of the specified endpoints were reachable
Endpoints attempted:
------------------------------------------------
endpoint=amqp-0-9://10.35.110.167:5671, attempts=1
System.IO.IOException: Uzak taraf tama akn kapattndan
kimlik dorulamas
  baarsz oldu.
    konum: System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32
readB
ytes, AsyncProtocolRequest asyncRequest)
    konum: System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer,
AsyncProt
ocolRequest asyncRequest)
    konum:
System.Net.Security.SslState.CheckCompletionBeforeNextReceive(Protocol
Token message, AsyncProtocolRequest asyncRequest)
    konum: System.Net.Security.SslState.StartSendBlob(Byte[] incoming,
Int32 coun
t, AsyncProtocolRequest asyncRequest)
    konum: System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer,
Int32
count, AsyncProtocolRequest asyncRequest)
    konum: System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32
readB
ytes, AsyncProtocolRequest asyncRequest)
    konum: System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer,
AsyncProt
ocolRequest asyncRequest)
    konum:
System.Net.Security.SslState.CheckCompletionBeforeNextReceive(Protocol
Token message, AsyncProtocolRequest asyncRequest)
    konum: System.Net.Security.SslState.StartSendBlob(Byte[] incoming,
Int32 coun
t, AsyncProtocolRequest asyncRequest)
    konum: System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer,
Int32
count, AsyncProtocolRequest asyncRequest)
    konum: System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32
readB
ytes, AsyncProtocolRequest asyncRequest)
    konum: System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer,
AsyncProt
ocolRequest asyncRequest)
    konum:
System.Net.Security.SslState.CheckCompletionBeforeNextReceive(Protocol
Token message, AsyncProtocolRequest asyncRequest)
    konum: System.Net.Security.SslState.StartSendBlob(Byte[] incoming,
Int32 coun
t, AsyncProtocolRequest asyncRequest)
    konum: System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer,
Int32
count, AsyncProtocolRequest asyncRequest)
    konum: System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32
readB
ytes, AsyncProtocolRequest asyncRequest)
    konum: System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer,
AsyncProt
ocolRequest asyncRequest)
    konum:
System.Net.Security.SslState.CheckCompletionBeforeNextReceive(Protocol
Token message, AsyncProtocolRequest asyncRequest)
    konum: System.Net.Security.SslState.StartSendBlob(Byte[] incoming,
Int32 coun
t, AsyncProtocolRequest asyncRequest)
    konum: System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer,
Int32
count, AsyncProtocolRequest asyncRequest)
    konum: System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32
readB
ytes, AsyncProtocolRequest asyncRequest)
    konum: System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer,
AsyncProt
ocolRequest asyncRequest)
    konum:
System.Net.Security.SslState.CheckCompletionBeforeNextReceive(Protocol
Token message, AsyncProtocolRequest asyncRequest)
    konum: System.Net.Security.SslState.StartSendBlob(Byte[] incoming,
Int32 coun
t, AsyncProtocolRequest asyncRequest)
    konum: System.Net.Security.SslState.ForceAuthentication(Boolean
receiveFirst,
  Byte[] buffer, AsyncProtocolRequest asyncRequest)
    konum:
System.Net.Security.SslState.ProcessAuthentication(LazyAsyncResult laz
yResult)
    konum: System.Net.Security.SslStream.AuthenticateAsClient(String
targetHost,
X509CertificateCollection clientCertificates, SslProtocols
enabledSslProtocols,
Boolean checkCertificateRevocation)
    konum: RabbitMQ.Client.SslHelper.TcpUpgrade(Stream tcpStream, SslOption
sslOp
tion)
    konum:
RabbitMQ.Client.Impl.SocketFrameHandler_0_9..ctor(AmqpTcpEndpoint endp
oint)
    konum:
RabbitMQ.Client.Framing.Impl.v0_9_1.ProtocolBase.CreateFrameHandler(Am
qpTcpEndpoint endpoint)
    konum: RabbitMQ.Client.ConnectionFactory.FollowRedirectChain(Int32
maxRedirec
ts, IDictionary connectionAttempts, IDictionary connectionErrors,
AmqpTcpEndpoin
t[]& mostRecentKnownHosts, AmqpTcpEndpoint endpoint)
================================================
Stack trace:
    konum: RabbitMQ.Client.ConnectionFactory.CreateConnection(Int32
maxRedirects)

    konum: RabbitMQ.Client.ConnectionFactory.CreateConnection()
    konum: RConsole.SendString.CreateStructure()
C:Usershasanfidandocumentsvi
sual studio 2010ProjectsRConsoleRConsoleSendPacket.cs i?inde: satr 64

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rabbitmq.com/pipermail/rabbitmq-discuss/attachments/20110909/bbaf3628/attachment.htm>

Search Discussions

  • Alexandru Scvorţov at Sep 9, 2011 at 12:33 pm
    Hi,

    We haven't had any reported issues with that configuration, so it
    should probably work. Is there anything in the broker logs about this?
    endpoint=amqp-0-9://10.35.110.167:5671, attempts=1
    System.IO.IOException: Uzak taraf tama akn kapattndan
    kimlik dorulamas
    I don't suppose you could get an English version of the error, could
    you? The Google Translation doesn't sound familiar.

    Also, 1) is the CA's certificate in the Trusted Root Certificate
    Authorities store? 2) does the server's hostname match the common name
    on the certificate?
    We have already tried cert.pem, cert.cer, cert.p12 files on our windows
    client but no success.
    Unless you somehow modified the .NET client, the p12 is the only one
    that's usable.

    Cheers,
    Alex
    On Fri, Sep 09, 2011 at 01:45:58PM +0200, umut.sahin at vigasis.com wrote:
    Hi,
    We are developing a project that uses rabbitmq with ssl. But we are facing
    a problem with .Net Client of our project which cannot connect to our
    server. But with Java, with the same configurations we have succeeded.
    We are getting an error which says "none of the specified end points were
    reachable".
    Our firewall is off on both server and client so its not a firewall issue.

    We are using Windows 7 x64 and .Net Framework 4.0 on our problematic
    client.
    As i said before our Java publisher and consumer works flawlessly but our
    publisher must be on .Net Framework for the sake of our projects.
    We were suspecting a certificate problem and tried openssl s_client and
    openssl s_server but no problems.
    We have already tried cert.pem, cert.cer, cert.p12 files on our windows
    client but no success.
    Waiting for your help.
    Detailed exception outputs are below.
    Thanks and regards...

    Error : None of the specified endpoints were reachable
    Endpoints attempted:
    ------------------------------------------------
    endpoint=amqp-0-9://10.35.110.167:5671, attempts=1
    System.IO.IOException: Uzak taraf tama akn kapattndan
    kimlik dorulamas
    baarsz oldu.
    konum: System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32
    readB
    ytes, AsyncProtocolRequest asyncRequest)
    konum: System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer,
    AsyncProt
    ocolRequest asyncRequest)
    konum:
    System.Net.Security.SslState.CheckCompletionBeforeNextReceive(Protocol
    Token message, AsyncProtocolRequest asyncRequest)
    konum: System.Net.Security.SslState.StartSendBlob(Byte[] incoming,
    Int32 coun
    t, AsyncProtocolRequest asyncRequest)
    konum: System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer,
    Int32
    count, AsyncProtocolRequest asyncRequest)
    konum: System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32
    readB
    ytes, AsyncProtocolRequest asyncRequest)
    konum: System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer,
    AsyncProt
    ocolRequest asyncRequest)
    konum:
    System.Net.Security.SslState.CheckCompletionBeforeNextReceive(Protocol
    Token message, AsyncProtocolRequest asyncRequest)
    konum: System.Net.Security.SslState.StartSendBlob(Byte[] incoming,
    Int32 coun
    t, AsyncProtocolRequest asyncRequest)
    konum: System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer,
    Int32
    count, AsyncProtocolRequest asyncRequest)
    konum: System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32
    readB
    ytes, AsyncProtocolRequest asyncRequest)
    konum: System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer,
    AsyncProt
    ocolRequest asyncRequest)
    konum:
    System.Net.Security.SslState.CheckCompletionBeforeNextReceive(Protocol
    Token message, AsyncProtocolRequest asyncRequest)
    konum: System.Net.Security.SslState.StartSendBlob(Byte[] incoming,
    Int32 coun
    t, AsyncProtocolRequest asyncRequest)
    konum: System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer,
    Int32
    count, AsyncProtocolRequest asyncRequest)
    konum: System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32
    readB
    ytes, AsyncProtocolRequest asyncRequest)
    konum: System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer,
    AsyncProt
    ocolRequest asyncRequest)
    konum:
    System.Net.Security.SslState.CheckCompletionBeforeNextReceive(Protocol
    Token message, AsyncProtocolRequest asyncRequest)
    konum: System.Net.Security.SslState.StartSendBlob(Byte[] incoming,
    Int32 coun
    t, AsyncProtocolRequest asyncRequest)
    konum: System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer,
    Int32
    count, AsyncProtocolRequest asyncRequest)
    konum: System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32
    readB
    ytes, AsyncProtocolRequest asyncRequest)
    konum: System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer,
    AsyncProt
    ocolRequest asyncRequest)
    konum:
    System.Net.Security.SslState.CheckCompletionBeforeNextReceive(Protocol
    Token message, AsyncProtocolRequest asyncRequest)
    konum: System.Net.Security.SslState.StartSendBlob(Byte[] incoming,
    Int32 coun
    t, AsyncProtocolRequest asyncRequest)
    konum: System.Net.Security.SslState.ForceAuthentication(Boolean
    receiveFirst,
    Byte[] buffer, AsyncProtocolRequest asyncRequest)
    konum:
    System.Net.Security.SslState.ProcessAuthentication(LazyAsyncResult laz
    yResult)
    konum: System.Net.Security.SslStream.AuthenticateAsClient(String
    targetHost,
    X509CertificateCollection clientCertificates, SslProtocols
    enabledSslProtocols,
    Boolean checkCertificateRevocation)
    konum: RabbitMQ.Client.SslHelper.TcpUpgrade(Stream tcpStream, SslOption
    sslOp
    tion)
    konum:
    RabbitMQ.Client.Impl.SocketFrameHandler_0_9..ctor(AmqpTcpEndpoint endp
    oint)
    konum:
    RabbitMQ.Client.Framing.Impl.v0_9_1.ProtocolBase.CreateFrameHandler(Am
    qpTcpEndpoint endpoint)
    konum: RabbitMQ.Client.ConnectionFactory.FollowRedirectChain(Int32
    maxRedirec
    ts, IDictionary connectionAttempts, IDictionary connectionErrors,
    AmqpTcpEndpoin
    t[]& mostRecentKnownHosts, AmqpTcpEndpoint endpoint)
    ================================================
    Stack trace:
    konum: RabbitMQ.Client.ConnectionFactory.CreateConnection(Int32
    maxRedirects)

    konum: RabbitMQ.Client.ConnectionFactory.CreateConnection()
    konum: RConsole.SendString.CreateStructure()
    C:Usershasanfidandocumentsvi
    sual studio 2010ProjectsRConsoleRConsoleSendPacket.cs i?inde: satr 64
    _______________________________________________
    rabbitmq-discuss mailing list
    rabbitmq-discuss at lists.rabbitmq.com
    https://lists.rabbitmq.com/cgi-bin/mailman/listinfo/rabbitmq-discuss
  • Umut Sahin at Sep 9, 2011 at 1:31 pm

    We haven't had any reported issues with that configuration, so it
    should probably work. Is there anything in the broker logs about this?
      =INFO REPORT==== 9-Sep-2011::16:12:44 ===
      accepted TCP connection on [::]:5671 from 10.35.110.131:4712
      =INFO REPORT==== 9-Sep-2011::16:12:44 ===
      starting TCP connection from 10.35.110.131:4712
      =ERROR REPORT==== 9-Sep-2011::16:12:49 ===
      error on TCP connection :{ssl_upgrade_error,timeout}
      =INFO REPORT==== 9-Sep-2011::16:12:49 ===
      closing TCP connection
      Broker logs are above...
      >
    endpoint=amqp-0-9://10.35.110.167:5671, attempts=1
    System.IO.IOException: Uzak taraf tama akn kapattndan
    kimlik dorulamas
      >
    I don't suppose you could get an English version of the error, could
    you? The Google Translation doesn't sound familiar.
      "Authentication failed as remote party has closed the transport stream"
    is the translation
      >
    Also, 1) is the CA's certificate in the Trusted Root Certificate
    Authorities store? 2) does the server's hostname match the common name
    on the certificate?
      >
      1) Yes, it is
      2) Yes it does match CN=hostname O=server (like
    http://www.rabbitmq.com/ssl.html (http://www.rabbitmq.com/ssl.html)
    examples..)
      Thnx in advance,
      Umut
    -------------- next part --------------
    An HTML attachment was scrubbed...
    URL: <http://lists.rabbitmq.com/pipermail/rabbitmq-discuss/attachments/20110909/1d8601ee/attachment.htm>
  • Umut Sahin at Sep 12, 2011 at 8:34 am
    We still need your help.
    Regards,
    Umut

    -------------- next part --------------
    An HTML attachment was scrubbed...
    URL: <http://lists.rabbitmq.com/pipermail/rabbitmq-discuss/attachments/20110912/3431403f/attachment.htm>
  • Alexandru Scvorţov at Sep 12, 2011 at 10:18 am

    =ERROR REPORT==== 9-Sep-2011::16:12:49 ===
    error on TCP connection <0.605.0>:{ssl_upgrade_error,timeout}
    I've looked into this and, as far as I can tell, the only way to get
    that error is if the client connects successfully, but takes too long to
    complete the SSL handshake.

    Just to confirm, you've tried to connect the .NET client to an s_server
    running on the same machine as the broker and it worked?

    Cheers,
    Alex
    On Fri, Sep 09, 2011 at 03:22:43PM +0200, umut.sahin at vigasis.com wrote:
    We haven't had any reported issues with that configuration, so it
    should probably work. Is there anything in the broker logs about this?
    =INFO REPORT==== 9-Sep-2011::16:12:44 ===
    accepted TCP connection on [::]:5671 from 10.35.110.131:4712

    =INFO REPORT==== 9-Sep-2011::16:12:44 ===
    starting TCP connection <0.605.0> from 10.35.110.131:4712

    =ERROR REPORT==== 9-Sep-2011::16:12:49 ===
    error on TCP connection <0.605.0>:{ssl_upgrade_error,timeout}

    =INFO REPORT==== 9-Sep-2011::16:12:49 ===
    closing TCP connection <0.605.0>

    Broker logs are above...

    endpoint=amqp-0-9://10.35.110.167:5671, attempts=1
    System.IO.IOException: Uzak taraf tama akn kapattndan
    kimlik dorulamas
    I don't suppose you could get an English version of the error, could
    you? The Google Translation doesn't sound familiar.
    "Authentication failed as remote party has closed the transport stream" is the translation
    Also, 1) is the CA's certificate in the Trusted Root Certificate
    Authorities store? 2) does the server's hostname match the common name
    on the certificate?
    1) Yes, it is
    2) Yes it does match CN=hostname O=server (like http://www.rabbitmq.com/ssl.html examples..)

    Thnx in advance,
    Umut
  • Umut Sahin at Sep 12, 2011 at 11:12 am
    The broker was not running while we were trying.
    We tried openssl s_client and s_server just to check the certificates on
    the same machine and no problems.
    And also we tried Java client on windows machine and Rabbitmq Server on
    debian and no problems.


    -------------- next part --------------
    An HTML attachment was scrubbed...
    URL: <http://lists.rabbitmq.com/pipermail/rabbitmq-discuss/attachments/20110912/bacfc70b/attachment.htm>
  • Alexandru Scvorţov at Sep 12, 2011 at 11:36 am

    We tried openssl s_client and s_server just to check the certificates on
    the same machine and no problems.
    Ok, the certificates are fine. But the problem sounds like the .NET
    client is not completing the SSL handshake, so could you try the .NET
    client with s_server on the broker machine (if everything is fine, it
    should fail with an AMQP error and not a connection error)?

    So, 1) start s_server on the broker machine with the server certificate
    listening on 5671 and 2) connect to it with the .NET client.

    The point of this is to ensure that the .NET client is doing its part of
    the SSL handshake.

    Alex
    On Mon, Sep 12, 2011 at 01:12:33PM +0200, Umut Sahin wrote:
    The broker was not running while we were trying.
    We tried openssl s_client and s_server just to check the certificates on
    the same machine and no problems.
    And also we tried Java client on windows machine and Rabbitmq Server on
    debian and no problems.

    _______________________________________________
    rabbitmq-discuss mailing list
    rabbitmq-discuss at lists.rabbitmq.com
    https://lists.rabbitmq.com/cgi-bin/mailman/listinfo/rabbitmq-discuss
  • Umut Sahin at Sep 12, 2011 at 1:32 pm

  • Umut Sahin at Sep 12, 2011 at 1:36 pm

  • Umut Sahin at Sep 12, 2011 at 1:42 pm
    When we tried s_server with .net client we get the following output after 30-45 secs

    Using default temp DH parameters
    Using default temp ECDH parameters
    ACCEPT
    bad gethostbyaddr
    SSL_accept:before/accept initialization
    SSL_accept:SSLv3 read client hello A
    SSL_accept:SSLv3 write server hello A
    SSL_accept:SSLv3 write certificate A
    SSL_accept:SSLv3 write server done A
    SSL_accept:SSLv3 flush data
    SSL_accept:SSLv3 read client key exchange A
    SSL_accept:SSLv3 read finished A
    SSL_accept:SSLv3 write change cipher spec A
    SSL_accept:SSLv3 write finished A
    SSL_accept:SSLv3 flush data
    -----BEGIN SSL SESSION PARAMETERS-----
    MHUCAQECAgMABAIABQQgltrToe1RJu++iBFcCse8XKjq8yXWNlEsenPThIArR2EE
    MPzUavjQnj3OQWCDfwCaHG6ljCyE8Z8SxCHrl5CIZkKwDdIYwJugeVjPVA2d8AzN
    TKEGAgRObfaoogQCAgEspAYEBAEAAAA=
    -----END SSL SESSION PARAMETERS-----
    Shared ciphers:RC4-SHA:DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:RC4-MD5
    CIPHER is RC4-SHA
    Secure Renegotiation IS supported
    AMQP ERROR
    shutting down SSL
    CONNECTION CLOSED
    ACCEPT

    But when we tried it with java client we get this,

    Using default temp DH parameters
    Using default temp ECDH parameters
    ACCEPT
    SSL_accept:before/accept initialization
    SSL_accept:SSLv3 read client hello A
    SSL_accept:SSLv3 write server hello A
    SSL_accept:SSLv3 write certificate A
    SSL_accept:SSLv3 write server done A
    SSL_accept:SSLv3 flush data
    SSL_accept:SSLv3 read client key exchange A
    SSL_accept:SSLv3 read finished A
    SSL_accept:SSLv3 write change cipher spec A
    SSL_accept:SSLv3 write finished A
    SSL_accept:SSLv3 flush data
    -----BEGIN SSL SESSION PARAMETERS-----
    MHUCAQECAgMBBAIABAQgkb4gmKK2OH5YE1CtMEY/eXKu7g1LvuVslOLiZ96HRJ4E
    MKhdg8gX4qe7TAMI3TJVz807gzk+X8LMyYeI45vqI0zaH/cvoSDL+Zx1VnDvkKdR
    EqEGAgRObfZcogQCAgEspAYEBAEAAAA=
    -----END SSL SESSION PARAMETERS-----
    Shared ciphers:RC4-MD5:RC4-SHA:AES128-SHA:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:DES-CBC-SHA:EDH-RSA-DES-CBC-SHA:EDH-DSS-DES-CBC-SHA:EXP-RC4-MD5:EXP-DES-CBC-SHA:EXP-EDH-RSA-DES-CBC-SHA:EXP-EDH-DSS-DES-CBC-SHA
    CIPHER is RC4-MD5
    Secure Renegotiation IS supported
    AMQP

    Regards,
    Umut
  • Dan B at Sep 12, 2011 at 2:04 pm
    endpoint=amqp-0-9://10.35.110.167:5671, attempts=1
    Try using the FQDN that matches the SSL cert.
    -------------- next part --------------
    An HTML attachment was scrubbed...
    URL: <http://lists.rabbitmq.com/pipermail/rabbitmq-discuss/attachments/20110912/1d724214/attachment.htm>
  • Alexandru Scvorţov at Sep 12, 2011 at 2:25 pm

    Dan's right. The problem is this:

    When we tried s_server with .net client we get the following output
    after 30-45 secs
    Using default temp DH parameters
    Using default temp ECDH parameters
    ACCEPT
    bad gethostbyaddr
    and this
    endpoint=amqp-0-9://10.35.110.167:5671, attempts=1
    So, if the certificate is issued for "host1", you need to connect to the
    machine with something like:

       ConnectionFactory factory = new ConnectionFactory();
       factory.HostName = "host1";
       ...

    I suppose our documentation could be clearer on that point.

    Alex
    On Mon, Sep 12, 2011 at 07:04:30AM -0700, Dan B wrote:
    endpoint=amqp-0-9://10.35.110.167:5671, attempts=1
    Try using the FQDN that matches the SSL cert.
    _______________________________________________
    rabbitmq-discuss mailing list
    rabbitmq-discuss at lists.rabbitmq.com
    https://lists.rabbitmq.com/cgi-bin/mailman/listinfo/rabbitmq-discuss
  • Umut Sahin at Sep 12, 2011 at 3:02 pm

    endpoint=amqp-0-9://10.35.110.167:5671, attempts=1
    Try using the FQDN that matches the SSL cert.
    We tried CN=server-PC and CN.35.110.167 for our certs
    and added "server-PC 10.35.110.167" to hosts file on our windows machine

    We must install a DNS server or something to use FQDN ?

    Regards,
    Umut
  • Alexandru Scvorţov at Sep 12, 2011 at 3:09 pm
    If the certificate is issued for "host1" and that machine has address
    10.35.110.167, it should be enough to add "host1 10.35.110.167" to the
    hosts on the Windows machine and to tell the .NET client to connect to
    "host1" (and not to the IP address).

    Does anything change if you try this?

    Also, when you reply, could you please reply to this email and not start
    a new thread?

    Cheers,
    Alex
    On Mon, Sep 12, 2011 at 05:02:44PM +0200, Umut Sahin wrote:
    endpoint=amqp-0-9://10.35.110.167:5671, attempts=1
    Try using the FQDN that matches the SSL cert.
    We tried CN=server-PC and CN.35.110.167 for our certs
    and added "server-PC 10.35.110.167" to hosts file on our windows machine

    We must install a DNS server or something to use FQDN ?

    Regards,
    Umut


    _______________________________________________
    rabbitmq-discuss mailing list
    rabbitmq-discuss at lists.rabbitmq.com
    https://lists.rabbitmq.com/cgi-bin/mailman/listinfo/rabbitmq-discuss
  • Umut Sahin at Sep 12, 2011 at 3:25 pm
    As I said before we tried CN=server-PC for our certs
    and added "server-PC 10.35.110.167" to hosts file on our windows machine.

    And when we check we still get "bad gethostbyaddr" from openssl s_server
    also .net client crashes,
    and problem continues...

    Regards,
    Umut
  • Alexandru Scvorţov at Sep 12, 2011 at 4:22 pm

    As I said before we tried CN=server-PC for our certs
    and added "server-PC 10.35.110.167" to hosts file on our windows machine. Ok.
    And when we check we still get "bad gethostbyaddr" from openssl s_server
    also .net client crashes,
    and problem continues...
    Turns out that's because the client's IP isn't in the server's hosts
    file. Should be harmless and works fine without that.

    The output from s_client is perfectly fine and shows that the .NET can
    connect to the server machine via SSL.

    Is there any chance you could try running your .NET program from a different
    machine? In particular, could you run under Mono on the same machine as
    the broker?

    Please reply to this message and don't start a new thread.

    Cheers,
    Alex
    On Mon, Sep 12, 2011 at 05:25:47PM +0200, Umut Sahin wrote:
    As I said before we tried CN=server-PC for our certs
    and added "server-PC 10.35.110.167" to hosts file on our windows machine.

    And when we check we still get "bad gethostbyaddr" from openssl s_server
    also .net client crashes,
    and problem continues...

    Regards,
    Umut


    _______________________________________________
    rabbitmq-discuss mailing list
    rabbitmq-discuss at lists.rabbitmq.com
    https://lists.rabbitmq.com/cgi-bin/mailman/listinfo/rabbitmq-discuss
  • Yoda Meng at Mar 14, 2014 at 1:08 pm
    Hi Alex.
    I follow and read through the thread carefully because I ran into almost
    exactly the same problem when trying to use SSL to authenticate my .NET
    client. Both broker and client sit on the same machine. The only advertised
    working example
    in http://blog.johnruiz.com/2011/12/establishing-ssl-connection-to-rabbitmq.html
    does not work for me for some reason.


    So I follow all the suggested route and start up s_server and ran my .net
    client to it as suggested. this is what I got:
    openssl s_server -accept 5671 -cert SSLserver/cert.pem -key
    SSLserver/key.pem \
    -CAfile SSLCA/cacert.pem
    Using default temp DH parameters
    Using default temp ECDH parameters
    ACCEPT
    -----BEGIN SSL SESSION PARAMETERS-----
    MHUCAQECAgMABAIABQQg2uALybqAbk6tXfkSN/Pypg4kqeosku2CdlyFiQj9gGcE
    MI0tXD4TyV/YWyqUB8gTnOc/Scx3hLJYG1dxGbDalzDg/Vz9BOSGBqfkvCYAERLq
    CKEGAgRTIvxuogQCAgEspAYEBAEAAAA=
    -----END SSL SESSION PARAMETERS-----
    Shared ciphers:RC4-SHA:DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:RC4-MD5
    CIPHER is RC4-SHA
    Secure Renegotiation IS supported
    AMQP ERROR
    shutting down SSL
    CONNECTION CLOSED
    ACCEPT


    and the .NET errors displays:




    None of the specified endpoints were reachable
    Endpoints attempted:
    ------------------------------------------------
    endpoint=amqp-0-9://MM181938-PC:5671, attempts=1
    RabbitMQ.Client.Exceptions.ProtocolVersionMismatchException: AMQP server
    protoc
    l negotiation failure: server version unknown-unknown, client version 0-9
        at RabbitMQ.Client.Impl.ConnectionBase.StartAndTune()
        at RabbitMQ.Client.Framing.Impl.v0_9_1.Connection.Open(Boolean insist)
        at RabbitMQ.Client.Impl.ConnectionBase..ctor(ConnectionFactory factory,
    Bool
    an insist, IFrameHandler frameHandler)
        at
    RabbitMQ.Client.Framing.Impl.v0_9_1.Connection..ctor(ConnectionFactory fa
    tory, Boolean insist, IFrameHandler frameHandler)
        at
    RabbitMQ.Client.Framing.Impl.v0_9_1.ProtocolBase.CreateConnection(Connect
    onFactory factory, Boolean insist, IFrameHandler frameHandler)
        at RabbitMQ.Client.ConnectionFactory.FollowRedirectChain(Int32
    maxRedirects,
    IDictionary`2 connectionAttempts, IDictionary`2 connectionErrors,
    AmqpTcpEndpoi
    t[]& mostRecentKnownHosts, AmqpTcpEndpoint endpoint)
    ================================================
    Stack trace:
        at RabbitMQ.Client.ConnectionFactory.CreateConnection(Int32 maxRedirects)
        at RabbitMQ.Client.ConnectionFactory.CreateConnection()
        at RabbitSslTest.Program.Start() in c:\Users\meng\Documents\Visual
    Studio 20
    2\Projects\testCert\testCert\Program.cs:line 59




    please help.
    Yours,
    yoda



    On Monday, 12 September 2011 12:22:33 UTC-4, Alexandru Scvor?ov wrote:

    As I said before we tried CN=server-PC for our certs
    and added "server-PC 10.35.110.167" to hosts file on our windows machine. Ok.
    And when we check we still get "bad gethostbyaddr" from openssl s_server
    also .net client crashes,
    and problem continues...
    Turns out that's because the client's IP isn't in the server's hosts
    file. Should be harmless and works fine without that.

    The output from s_client is perfectly fine and shows that the .NET can
    connect to the server machine via SSL.

    Is there any chance you could try running your .NET program from a
    different
    machine? In particular, could you run under Mono on the same machine as
    the broker?

    Please reply to this message and don't start a new thread.

    Cheers,
    Alex
    On Mon, Sep 12, 2011 at 05:25:47PM +0200, Umut Sahin wrote:
    As I said before we tried CN=server-PC for our certs
    and added "server-PC 10.35.110.167" to hosts file on our windows machine.

    And when we check we still get "bad gethostbyaddr" from openssl s_server
    also .net client crashes,
    and problem continues...

    Regards,
    Umut


    _______________________________________________
    rabbitmq-discuss mailing list
    rabbitmq... at lists.rabbitmq.com <javascript:>
    https://lists.rabbitmq.com/cgi-bin/mailman/listinfo/rabbitmq-discuss
    _______________________________________________
    rabbitmq-discuss mailing list
    rabbitmq... at lists.rabbitmq.com <javascript:>
    https://lists.rabbitmq.com/cgi-bin/mailman/listinfo/rabbitmq-discuss
    -------------- next part --------------
    An HTML attachment was scrubbed...
    URL: <http://lists.rabbitmq.com/pipermail/rabbitmq-discuss/attachments/20140314/99f8278e/attachment.html>
  • Michael Klishin at Mar 14, 2014 at 2:18 pm

    On 14 Mar 2014, at 17:08, Yoda Meng wrote:


    openssl s_server -accept 5671 -cert SSLserver/cert.pem -key SSLserver/key.pem \
    -CAfile SSLCA/cacert.pem
    Using default temp DH parameters
    Using default temp ECDH parameters
    ACCEPT
    -----BEGIN SSL SESSION PARAMETERS-----
    MHUCAQECAgMABAIABQQg2uALybqAbk6tXfkSN/Pypg4kqeosku2CdlyFiQj9gGcE
    MI0tXD4TyV/YWyqUB8gTnOc/Scx3hLJYG1dxGbDalzDg/Vz9BOSGBqfkvCYAERLq
    CKEGAgRTIvxuogQCAgEspAYEBAEAAAA=
    -----END SSL SESSION PARAMETERS-----
    Shared ciphers:RC4-SHA:DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:RC4-MD5
    CIPHER is RC4-SHA
    Secure Renegotiation IS supported
    AMQP ERROR
    shutting down SSL
    CONNECTION CLOSED
    ACCEPT

    and the .NET errors displays:


    None of the specified endpoints were reachable
    Endpoints attempted:
    ------------------------------------------------
    endpoint=amqp-0-9://MM181938-PC:5671, attempts=1
    RabbitMQ.Client.Exceptions.ProtocolVersionMismatchException: AMQP server protoc
    l negotiation failure: server version unknown-unknown, client version 0-9
    at RabbitMQ.Client.Impl.ConnectionBase.StartAndTune()
    at RabbitMQ.Client.Framing.Impl.v0_9_1.Connection.Open(Boolean insist)

    .NET client complains that the server does not perform AMQP 0.9.1 protocol
    negotiation, which is expected if you connect to openssl s_server.


    I don?t see any TLS errors in this output.


    MK


    Software Engineer, Pivotal/RabbitMQ
  • Umut Sahin at Sep 13, 2011 at 11:37 am

    Is there any chance you could try running your .NET program from a different
    machine? In particular, could you run under Mono on the same machine as
    the broker?
    Alex, we finally made it but i think we find a bug,
    on our machine with specs .Net v4.0 with RabbitMQ-Client 2.6.0 on Windows7 x64,

    Our .Net code was
    ------------------------------------------------------------------
    cf.Ssl.ServerName = "server-PC";
    cf.Ssl.CertPath = "./clientkeycert.p12";
    cf.Ssl.CertPassphrase = "testing";
    cf.Ssl.Enabled = true;
    cf.Ssl.Version = System.Security.Authentication.SslProtocols.Ssl3;
    cf.Address ="10.35.110.167";
    cf.HostName = "server-PC";
    cf.UserName ="guest";
    cf.Password = "guest";
    cf.Port = 5671;
    ------------------------------------------------------------------
    this code crashes all the time...

    but when we take the #cf.Address ="10.35.110.167";# line to the bottom it works like a dream...
    so the working code is below:
    ------------------------------------------------------------------
    cf.Ssl.ServerName = "server-PC";
    cf.Ssl.CertPath = "./clientkeycert.p12";
    cf.Ssl.CertPassphrase = "testing";
    cf.Ssl.Enabled = true;
    cf.Ssl.Version = System.Security.Authentication.SslProtocols.Ssl3;
    cf.HostName = "server-PC";
    cf.UserName ="guest";
    cf.Password = "guest";
    cf.Port = 5671;
    cf.Address ="10.35.110.167";
    ------------------------------------------------------------------
    Thanks for your endless helps and Regards,
    Umut
  • Emile Joubert at Sep 16, 2011 at 1:02 pm
    Hi Umut,

    Op 13/09/11 12:37, het Umut Sahin geskryf:
    cf.Address ="10.35.110.167";
    cf.HostName = "server-PC";
    this code crashes all the time...

    but when we take the #cf.Address ="10.35.110.167";# line to the bottom it works like a dream...
    so the working code is below:
    cf.HostName = "server-PC";
    cf.Address ="10.35.110.167";
    ConnectionFactory.Address is a convenience for setting multiple other
    properties simultaneously, including hostname. In your case you already
    set those properties, therefore also setting Address is superfluous.

    If using an IP address is the only option that works then your name
    resolution is not working. Check your hosts file (typically
    C:\WINDOWS\system32\drivers\etc\hosts) or your DNS.

    (If you do choose to reply to this message please don't start a new thread.)


    Regards

    Emile

Related Discussions

Discussion Navigation
viewthread | post
Discussion Overview
grouprabbitmq-discuss @
categoriesrabbitmq
postedSep 9, '11 at 11:45a
activeMar 14, '14 at 2:18p
posts20
users6
websiterabbitmq.com
irc#rabbitmq

6 users in discussion

Umut Sahin: 10 posts Alexandru Scvorţov: 6 posts Emile Joubert: 1 post Michael Klishin: 1 post Yoda Meng: 1 post Dan B: 1 post

Content

People

Support

Translate

site design / logo © 2023 Grokbase