Skip to content

ConnectionFactory#setUri overwrites the SSLContext setup by the #useSslProtocol #297

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
msarto opened this issue Sep 5, 2017 · 0 comments
Closed

ConnectionFactory#setUri overwrites the SSLContext setup by the #useSslProtocol #297

msarto opened this issue Sep 5, 2017 · 0 comments
Assignees
@acogoluegnes
Labels
bug effort-tiny
Milestone
4.2.1

Comments

@msarto
Copy link

msarto commented Sep 5, 2017
edited
Loading

Hi guys,

We are trying to setup the com.rabbitmq.client.ConnectionFactory with

private val factory = new ConnectionFactory()
 factory.useSslProtocol(MY_SSLContext_WithMyCertificate)
factory.setUri("amqps://...")

(Scala code, but goes the same in Java)

but the ConnectionFactory#setUri resets the context by calling useSslProtocol(); that defaults the trust mgr to TrustEverythingTrustManager.

That would produce the warn message:
WARN |com.rabbitmq.client.TrustEverythingTrustManager.(TrustEverythingTrustManager.java:31)|main|This trust manager trusts every certificate, effectively disabling peer verification. This is convenient for local development but prone to man-in-the-middle attacks. Please see http://www.rabbitmq.com/ssl.html#validating-cerficates to learn more about peer certificate validation.

I could setup my SSLContext after the #setUri invocation but the setUri will still warn like above.

Regards,
Mihai Sarto
@acogoluegnes acogoluegnes self-assigned this Sep 5, 2017
@acogoluegnes acogoluegnes added this to the 4.2.1 milestone Sep 5, 2017
acogoluegnes added a commit that referenced this issue Sep 5, 2017
@acogoluegnes
Don't blindly overwrite SSLContext when specifying URI
c239177 
ConnectionFactory#setUri always set up the default SSLContext
when a secured AMQP URI is passed in. Now, it only does so
if the sslContext property hasn't been set yet.

Fixes #297
@acogoluegnes acogoluegnes mentioned this issue Sep 5, 2017
Merged
acogoluegnes added a commit that referenced this issue Sep 5, 2017
@acogoluegnes
Change condition to check SSLContext
1ccadd2 
The other way around :-)

References #297
acogoluegnes added a commit that referenced this issue Sep 6, 2017
@acogoluegnes
Check SslContextFactory, not SSLContext property
dd555b7 
References #297
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@acogoluegnes acogoluegnes

Labels
bug effort-tiny
Projects
None yet
Milestone
4.2.1
Development

No branches or pull requests
3 participants
@michaelklishin @acogoluegnes @msarto