mbedtls support to rabbitmq-c-0.11.0

47 views
Skip to first unread message

slk1kor

unread,
Dec 9, 2021, 11:32:58 AM12/9/21
to rabbitmq-c-users

Hi ,
I have attempted to add mbedtls support to rabbitmq-c-0.11.0
Attached are the two files I have added into librabbitmq.
 

I am able to create connection and open the socket but amqp_login_with_properties() always fails .

I am using mbedtls-2.26.0 version on client side.
Erlang details: OTP version: 24.1.4
Erlang emulator version 12.1.4
I am trying to establish the communication with rabbitmq broker version 3.9.8 with ssl using the below config.
[
{rabbit, [
{ssl_listeners, [5671]},
{ssl_options, [{cacertfile, "c:\ca_certificate.pem"},
{certfile, "c:\server_certificate.pem"},
{keyfile, "c:\server_key.pem"},
{verify, verify_peer},
{versions, ['tlsv1.2']},
{fail_if_no_peer_cert, true}]}
]}
].

After the certificate is verified the broker resets the connection
TCP 60271 → 5671 [SYN] Seq=0 Win=65535 Len=0 MSS=65475 WS=256 SACK_PERM=1
TCP 5671 → 60271 [SYN, ACK] Seq=0 Ack=1 Win=65535 Len=0 MSS=65475 WS=256 SACK_PERM=1
TCP 60271 → 5671 [ACK] Seq=1 Ack=1 Win=2618880 Len=0
TLSv1.2 Client Hello
TCP 5671 → 60271 [ACK] Seq=1 Ack=305 Win=2618880 Len=0
TLSv1.2 Server Hello, Certificate, Server Key Exchange, Certificate Request, Server Hello Done
TCP 60271 → 5671 [ACK] Seq=305 Ack=1976 Win=2616832 Len=0
TLSv1.2 Certificate
TCP 5671 → 60271 [ACK] Seq=1976 Ack=945 Win=2618112 Len=0
TLSv1.2 Client Key Exchange
TCP 5671 → 60271 [ACK] Seq=1976 Ack=1088 Win=2618112 Len=0
TLSv1.2 Certificate Verify
TCP 5671 → 60271 [ACK] Seq=1976 Ack=1173 Win=2618112 Len=0
TLSv1.2 Change Cipher Spec
TCP 5671 → 60271 [ACK] Seq=1976 Ack=1179 Win=2618112 Len=0
TLSv1.2 Encrypted Handshake Message
TCP 5671 → 60271 [ACK] Seq=1976 Ack=1216 Win=2617856 Len=0
TLSv1.2 Change Cipher Spec, Encrypted Handshake Message
TCP 60271 → 5671 [ACK] Seq=1216 Ack=2019 Win=2616832 Len=0
TLSv1.2 Application Data
TCP 5671 → 60271 [ACK] Seq=2019 Ack=1245 Win=2617856 Len=0
TLSv1.2 Application Data
TCP 60271 → 5671 [ACK] Seq=1245 Ack=2048 Win=2616832 Len=0
TLSv1.2 Encrypted Alert
TCP 60271 → 5671 [ACK] Seq=1245 Ack=2071 Win=2616832 Len=0
TCP 5671 → 60271 [RST, ACK] Seq=2071 Ack=1245 Win=0 Len=0

If I switch the client to amqp ssl connection, the communication works fine.
But in my project I cannot use openssl client hence adding mbedtls support.
I am trying to understand what is that i am missing in mbedtls client thats causing the broker to reset the connection.
Could you please help.

amqp_mbedtls.zip
Reply all
Reply to author
Forward
0 new messages