Federation broken after upgrade to 3.12

[pfri...@gmail.com]

Greetings,

I'm encountering an issue where my downstream servers can't reestablish federation after upgrading from RabbitMQ version 3.11.18 to 3.12.2  (and erlang 25.3.2.2 to 26.0.2). The upstream servers handle the upgrade just fine and process normally, but the downstream servers fail to reestablish federation with this message:

{option,server_only,fail_if_no_peer_cert}

I assume that means that the downstream servers can't pick up the certificate from the upstream servers, but this was working just fine before the upgrade and my SSL configuration hasn't changed. I did have to enable a bunch of feature flags to facilitate the upgrade, which would seem to be a likely cause of the issue I'm encountering. I can establish federation if I remove the verify=verify_peer and fail_if_no_peer_cert=true options from the federation upstream URI. Does anyone have any insight to why this might be happening?

[Michal Kuratczyk]

Hi,

It's due to the Erlang 25->26 change. There are many changes to the TLS implementation in Erlang 26, including more strict option validation.

fail_if_no_peer_cert is a server-only option. In previous Erlang versions, if you set it on the client side, it'd be ignored. In Erlang 26, it's an error.

You can read more about it here https://github.com/erlang/otp/issues/7497

The solution is indeed to remove it from your client-side configuration.

Best,

--
You received this message because you are subscribed to the Google Groups "rabbitmq-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to rabbitmq-user...@googlegroups.com.
To view this discussion on the web, visit https://groups.google.com/d/msgid/rabbitmq-users/f707cf36-52e3-4c94-8ef0-360029ebcf7dn%40googlegroups.com.

--

Michał

RabbitMQ team