Hi.
Bunny::Transport with TLS enabled using the same host for verification as which it connects:
@socket.post_connection_check(host) if @verify_peer |
I our case we use static common name when generating RabbitMq certificate like mq
, but often this is not resolvable hostname and we need t connect to bare IP in internal network.
So we need to be able to provide custom peer name to bunny for tls verification:
bunny = Bunny.new({ hostname: '172.22.22.22', tls: true, options[:tls_cert] ||= 'config/keys/cert.pem', options[:tls_key] ||= 'config/keys/key.pem', options[:tls_ca_certificates] ||= ['config/keys/cacert.pem'], # HERE "mq" in certificate attrs options[:verify_peer_name] = 'mq' # we need somthing like this })
What you think about it?
This is not a common scenario but then again, the whole SAN/CN comparison verification doesn't offer much protection anyway, only peer certificate chain traversal does. You can use
|