RabbitMQ's Erlang 17.4 doesn't include SSL support

235 views
Skip to first unread message

Adam Fedor

unread,
Aug 18, 2015, 8:49:19 PM8/18/15
to rabbitmq-users
I tried installing the erlang rpm provided by rabbitmq (http://www.rabbitmq.com/releases/erlang/)  but it doesn't seem to support SSL - following the troubleshooting tips on the rabbitmq.com site, erl 'ssl:version().' produces an error, and none of the other trouble-shooting exercises work.  Am I wrong about that or is there another way to get erlang with SSL? 

I'm trying to install RabbitMQ on an Amazon EC2 server.  The package that comes with amazon is very old (R14 I think), and I can't seem to install from the other options provided (http://www.rabbitmq.com/install-rpm.html) due to various yum errors.

Adam

Michael Klishin

unread,
Aug 18, 2015, 8:53:37 PM8/18/15
to rabbitm...@googlegroups.com, Adam Fedor
I’m not sure what package you are trying to use but there are CentOS
packages from Erlang Solutions:
https://www.erlang-solutions.com/downloads/download-erlang-otp

(you can use 18.0 or 17.5, if 17.4 is no longer available)

Package maintainers sometimes love slicing and dicing things so much
that they exclude things like TLS support. I don’t know why that is
but this is very common in the Debian land. Perhaps some yum packagers
do the same.

I cannot comment on “various yum errors” as you haven’t posted any. 
--
MK

Staff Software Engineer, Pivotal/RabbitMQ


Michael Klishin

unread,
Aug 18, 2015, 8:56:20 PM8/18/15
to rabbitm...@googlegroups.com, Adam Fedor
On 19 Aug 2015 at 03:49:22, Adam Fedor (adam....@gmail.com) wrote:
> erl 'ssl:version().' produces an error,

Adam,

Please do post error messages . It is absolutely impossible to help you otherwise.

Adam Fedor

unread,
Aug 18, 2015, 10:01:24 PM8/18/15
to rabbitmq-users, adam....@gmail.com


On Tuesday, August 18, 2015 at 6:56:20 PM UTC-6, Michael Klishin wrote:
On 19 Aug 2015 at 03:49:22, Adam Fedor (adam....@gmail.com) wrote:
> erl 'ssl:version().' produces an error,

Adam,

Please do post error messages . It is absolutely impossible to help you otherwise.


Well here's some trouble shooting with RabbtMQ's elang:

$ erl

Erlang/OTP 17 [erts-6.3] [source] [64-bit] [async-threads:10] [kernel-poll:false]


Eshell V6.3  (abort with ^G)

1> ssl:version().

* 2: syntax error before: ssl

 
I generated the certs exactly as shown on the SSL support page. The openssl test with a server and a client works fine, so the certs must be OK. 

But trying openssl to 5671 gives this:

openssl s_client -connect localhost:5671 

socket: Bad file descriptor

connect:errno=9


And this in the rabbit.log file:

=ERROR REPORT==== 19-Aug-2015::01:55:07 ===

Error on AMQP connection <0.316.0>:

{ssl_upgrade_error,

    {options,{cacertfile,"/home/ec2-user/testca/cacert.pem",{error,eacces}}}}



Also tried to install the CentOS RPM directly and get tones of errors, here's an abbreviated list:

# yum install esl-erlang_18.0-1~centos~6_amd64.rpm 

Loaded plugins: priorities, update-motd, upgrade-helper

Examining esl-erlang_18.0-1~centos~6_amd64.rpm: esl-erlang-18.0-1.x86_64

Marking esl-erlang_18.0-1~centos~6_amd64.rpm to be installed

Resolving Dependencies

amzn-main/latest                                         | 2.1 kB     00:00     

amzn-updates/latest                                      | 2.3 kB     00:00     

--> Running transaction check

---> Package esl-erlang.x86_64 0:18.0-1 will be installed

--> Processing Dependency: libwx_baseu-2.8.so.0(WXU_2.8)(64bit) for package: esl-erlang-18.0-1.x86_64

980 packages excluded due to repository priority protections

--> Processing Dependency: libwx_gtk2u_adv-2.8.so.0(WXU_2.8)(64bit) for package: esl-erlang-18.0-1.x86_64

--> Processing Dependency: libgdk_pixbuf-2.0.so.0()(64bit) for package: wxGTK-gl-2.8.12-1.el6.x86_64

--> Processing Dependency: libgdk-x11-2.0.so.0()(64bit) for package: wxGTK-gl-2.8.12-1.el6.x86_64

--> Processing Dependency: libatk-1.0.so.0()(64bit) for package: wxGTK-gl-2.8.12-1.el6.x86_64

--> Finished Dependency Resolution

Error: Package: wxGTK-gl-2.8.12-1.el6.x86_64 (epel)

           Requires: libgdk-x11-2.0.so.0()(64bit)

Error: Package: wxGTK-gl-2.8.12-1.el6.x86_64 (epel)

           Requires: libatk-1.0.so.0()(64bit)

Error: Package: wxGTK-gl-2.8.12-1.el6.x86_64 (epel)

           Requires: libgtk-x11-2.0.so.0()(64bit)

Error: Package: wxGTK-2.8.12-1.el6.x86_64 (epel)

           Requires: libgdk-x11-2.0.so.0()(64bit)

Error: Package: wxGTK-gl-2.8.12-1.el6.x86_64 (epel)

           Requires: libgdk_pixbuf-2.0.so.0()(64bit)

Error: Package: wxGTK-2.8.12-1.el6.x86_64 (epel)

           Requires: libSDL-1.2.so.0()(64bit)

Error: Package: wxGTK-2.8.12-1.el6.x86_64 (epel)

           Requires: libatk-1.0.so.0()(64bit)

Error: Package: wxGTK-2.8.12-1.el6.x86_64 (epel)

           Requires: libgdk_pixbuf-2.0.so.0()(64bit)

Error: Package: wxGTK-2.8.12-1.el6.x86_64 (epel)

           Requires: libgtk-x11-2.0.so.0()(64bit)

 You could try using --skip-broken to work around the problem

 You could try running: rpm -Va --nofiles --nodigest



Adam Fedor

unread,
Aug 18, 2015, 10:02:53 PM8/18/15
to rabbitmq-users, adam....@gmail.com


On Tuesday, August 18, 2015 at 8:01:24 PM UTC-6, Adam Fedor wrote:


On Tuesday, August 18, 2015 at 6:56:20 PM UTC-6, Michael Klishin wrote:
On 19 Aug 2015 at 03:49:22, Adam Fedor (adam....@gmail.com) wrote:
> erl 'ssl:version().' produces an error,

Adam,

Please do post error messages . It is absolutely impossible to help you otherwise.


Well here's some trouble shooting with RabbtMQ's elang:

$ erl

Erlang/OTP 17 [erts-6.3] [source] [64-bit] [async-threads:10] [kernel-poll:false]


Eshell V6.3  (abort with ^G)

1> ssl:version().

* 2: syntax error before: ssl

 

Just realized it was ssl:versions(). not version(), and that works, so it must be something else I've configured incorrectly.  At least I'm getting somewhere... 

Michael Klishin

unread,
Aug 18, 2015, 10:05:15 PM8/18/15
to rabbitm...@googlegroups.com, Adam Fedor
On 19 Aug 2015 at 05:01:27, Adam Fedor (adam....@gmail.com) wrote:
> Eshell V6.3 (abort with ^G)
>
> 1> ssl:version().
>
> * 2: syntax error before: ssl

This does not mean that the ssl module is not available. The REPL couldn’t
parse the input: is something wrong with the shell? Are there any non-printable characters
involved?

> And this in the rabbit.log file:
>
>
> =ERROR REPORT==== 19-Aug-2015::01:55:07 ===
>
>
> Error on AMQP connection <0.316.0>:
>
>
> {ssl_upgrade_error,
>
>
> {options,{cacertfile,"/home/ec2-user/testca/cacert.pem",{error,eacces}}}}

EACCESS is pretty unambiguous: RabbitMQ process couldn’t read
/home/ec2-user/testca/cacert.pem.

Michael Klishin

unread,
Aug 18, 2015, 10:07:15 PM8/18/15
to rabbitm...@googlegroups.com, Adam Fedor
On 19 Aug 2015 at 05:01:27, Adam Fedor (adam....@gmail.com) wrote:
> You could try running: rpm -Va --nofiles —nodigest

With full OTP distributed you need GTK to be provided, because
some GUI tools use it.

That’s why we have built a stripped down RPM package which only includes
OTP bits necessary to run RabbitMQ:
http://www.rabbitmq.com/releases/erlang/ 

Adam Fedor

unread,
Aug 18, 2015, 10:12:52 PM8/18/15
to rabbitmq-users, adam....@gmail.com


On Tuesday, August 18, 2015 at 8:05:15 PM UTC-6, Michael Klishin wrote:
> {options,{cacertfile,"/home/ec2-user/testca/cacert.pem",{error,eacces}}}}  

EACCESS is pretty unambiguous: RabbitMQ process couldn’t read
/home/ec2-user/testca/cacert.pem.
--  


Ah! That's helpful!   I moved the cert to somewhere more accessible and the openssl test worked:

openssl s_client -connect localhost:5671 

CONNECTED(00000003)

depth=1 CN = MyTestCA

verify error:num=19:self signed certificate in certificate chain

verify return:0

---

Certificate chain

[... etc...]


Thanks for the help.
Adam 
Reply all
Reply to author
Forward
0 new messages