1 year ago

#354683

test-img

Antonin

go-amqp TLS client connection fails

I am trying to connect to an AMQP 1.0 broker (activemq 5.17) using https://github.com/Azure/go-amqp (compatible with AMQP 1.0).

I get the following error from my client :

Dialing AMQP server:remote error: tls: bad certificate

It seems like the client certificate verification from the server fails.

On the server side (I have no access to the server) my colleague has this error :

WARN Transport Connection to: tcp://X.X.X.X:34058 failed: javax.net.ssl.SSLHandshakeException: null cert chain

Here is the relevant go client source code (full test client code):


func main() {
    tlsConf, err := NewTLSConfig("client.cer.pem", "client.key.pem","server.cer.pem")
    tlsConf.ServerName = "server-url.fr"
    tlsConf.InsecureSkipVerify = true
    amqp.Dial(*amqpEndpoint, amqp.ConnTLSConfig(tlsConf),
    amqp.ConnSASLPlain("admin", "admin"),
    amqp.ConnConnectTimeout(5*time.Second))
}

func NewTLSConfig(clientCertFile, clientKeyFile, caCertFile string) (*tls.Config, error) {
    tlsConfig := tls.Config{}

    // Load client cert
    cert, err := tls.LoadX509KeyPair(clientCertFile, clientKeyFile)
    if err != nil {
        return &tlsConfig, err
    }
    tlsConfig.Certificates = []tls.Certificate{cert}

    // Load CA cert
    caCert, err := ioutil.ReadFile(caCertFile)
    if err != nil {
        return &tlsConfig, err
    }
    caCertPool := x509.NewCertPool()
    caCertPool.AppendCertsFromPEM(caCert)
    tlsConfig.RootCAs = caCertPool

    return &tlsConfig, err
}

Note : I can make this connection work with exactly the same certificate files using this simplistic python client (full python code):


from proton.handlers import MessagingHandler
from proton.reactor import Container
from proton import SSLDomain

    def on_start(self, event):
        """"""
        print("start connection to server-url.fr")
        ssl_domain = SSLDomain(mode=SSLDomain.MODE_CLIENT)
        ssl_domain.set_credentials("client.cer.pem", "client.key.pem", None)
        ssl_domain.set_trusted_ca_db("server.cer.pem")
        self.container = event.container
        self.conn = event.container.connect("amqps://server-url.fr:5671", ssl_domain=ssl_domain, sni="gateway.ccs.swim.dsna.fr")
        self.receiver = self.container.create_receiver(self.conn, self.queue)

def main():
    print("start connection to gateway.ccs.swim.dsna.fr")
    url = "amqps://server-url.fr:5671"
    eaman_handler = Container(EamanHandler(url, "test.queue")).run()

Has anyone encountered such issue ? Do you see something obvious that I am missing ? Thanks in advance.

go

ssl

amqp

0 Answers

Your Answer

Accepted video resources

Posts

Questions

Blogs

Jobs