Skip to content

Commit

Permalink
Merge pull request rabbitmq#11369 from cloudamqp/amqp10_client_ssl_op…
Browse files Browse the repository at this point in the history
…tions

amqp10_client: allow configuring global TLS options
  • Loading branch information
michaelklishin authored Jun 4, 2024
2 parents 45d0672 + 2779bf7 commit 55b38bd
Show file tree
Hide file tree
Showing 2 changed files with 36 additions and 1 deletion.
16 changes: 15 additions & 1 deletion deps/amqp10_client/src/amqp10_client.erl
Original file line number Diff line number Diff line change
Expand Up @@ -107,7 +107,8 @@ open_connection(ConnectionConfig0) ->
notify_when_closed => NotifyWhenClosed
},
Sasl = maps:get(sasl, ConnectionConfig1),
ConnectionConfig = ConnectionConfig1#{sasl => amqp10_client_connection:encrypt_sasl(Sasl)},
ConnectionConfig2 = ConnectionConfig1#{sasl => amqp10_client_connection:encrypt_sasl(Sasl)},
ConnectionConfig = merge_default_tls_options(ConnectionConfig2),
amqp10_client_connection:open(ConnectionConfig).

%% @doc Closes a connection.
Expand Down Expand Up @@ -513,6 +514,19 @@ try_to_existing_atom(L) when is_list(L) ->
ensure_started() ->
_ = application:ensure_all_started(credentials_obfuscation).


-spec merge_default_tls_options(connection_config()) -> connection_config().
merge_default_tls_options(#{tls_opts := {secure_port, TlsOpts0}} = Config) ->
GlobalTlsOpts = application:get_env(amqp10_client, ssl_options, []),
TlsOpts =
orddict:to_list(
orddict:merge(fun (_, _A, B) -> B end,
orddict:from_list(GlobalTlsOpts),
orddict:from_list(TlsOpts0))),
Config#{tls_opts => {secure_port, TlsOpts}};
merge_default_tls_options(Config) ->
Config.

-ifdef(TEST).
-include_lib("eunit/include/eunit.hrl").

Expand Down
21 changes: 21 additions & 0 deletions deps/amqp10_client/test/system_SUITE.erl
Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,7 @@ groups() ->
{activemq, [], shared()},
{rabbitmq_strict, [], [
basic_roundtrip_tls,
roundtrip_tls_global_config,
open_connection_plain_sasl,
open_connection_plain_sasl_failure,
open_connection_plain_sasl_parse_uri
Expand Down Expand Up @@ -269,6 +270,26 @@ basic_roundtrip_tls(Config) ->
sasl => ?config(sasl, Config)},
roundtrip(OpnConf).

%% ssl option validation fails if verify_peer is enabled without cacerts.
%% Test that cacertfile option takes effect taken from the application env.
roundtrip_tls_global_config(Config) ->
Hostname = ?config(rmq_hostname, Config),
Port = rabbit_ct_broker_helpers:get_node_config(Config, 0, tcp_port_amqp_tls),
CACertFile = ?config(rmq_certsdir, Config) ++ "/testca/cacert.pem",
CertFile = ?config(rmq_certsdir, Config) ++ "/client/cert.pem",
KeyFile = ?config(rmq_certsdir, Config) ++ "/client/key.pem",
ok = application:set_env(amqp10_client, ssl_options, [{cacertfile, CACertFile},
{certfile, CertFile},
{keyfile, KeyFile}]),
OpnConf = #{address => Hostname,
port => Port,
tls_opts => {secure_port, [{verify, verify_peer}]},
notify => self(),
container_id => <<"open_connection_tls_container">>,
sasl => ?config(sasl, Config)},
roundtrip(OpnConf),
application:unset_env(amqp10_client, ssl_options).

service_bus_config(Config, ContainerId) ->
Hostname = ?config(sb_endpoint, Config),
Port = ?config(sb_port, Config),
Expand Down

0 comments on commit 55b38bd

Please sign in to comment.