Kevin Au created PROTON-2408:
--------------------------------
Summary: Using SASL EXTERNAL in Go using qpid-proton client
library to connect to AMQP 1.0 RabbitMQ
Key: PROTON-2408
URL: https://issues.apache.org/jira/browse/PROTON-2408
Project: Qpid Proton
Issue Type: Bug
Components: go-binding
Affects Versions: proton-c-0.35.0
Environment: Ubuntu 20.04, Kubernetes
Reporter: Kevin Au
Assignee: Alan Conway
I am trying to make a TLS connection to RabbitMQ with authentication provided
by self-signed certificates through the SASL EXTERNAL mechanism using the go
binding for Qpid Proton. The goal is to be able to connect to RabbitMQ without
specifying the username and password in the URI.
RabbitMQ is running with the following configuration:
{{ auth_mechanisms.1 = EXTERNAL
auth_mechanisms.2 = PLAIN
auth_mechanisms.3 = AMQPLAIN}}
and plugins:
* rabbitmq_amqp1_0
* rabbitmq_auth_mechanism_ssl
I have confirmed that I am able to connect with SASL EXTERNAL using a Node.js
library ([https://github.com/amqp/rhea]) and I have confirmed that connecting
with PLAIN and ANONYMOUS works with Go in the Qpid Proton library but have been
unable to connect with SASL EXTERNAL with Go.
My client code does not return any errors, but the RabbitMQ error logs tell me
that the client closed the TCP connection
{{2021-06-24 18:57:22.029 [info] <0.16358.106> accepting AMQP connection
<0.16358.106> (127.0.0.1:50610 -> 127.0.0.1:5671)2021-06-24 18:57:23.030
[warning] <0.16358.106> closing AMQP connection <0.16358.106> (127.0.0.1:50610
-> 127.0.0.1:5671):
client unexpectedly closed TCP connection}}
My client code is as follows:
{{package mainimport (
"fmt""github.com/apache/qpid-proton/go/pkg/amqp""github.com/apache/qpid-proton/go/pkg/electron""os""crypto/tls""io/ioutil""crypto/x509""time")func
main() {
keyPair, err := tls.LoadX509KeyPair("client.crt", "client.key")
if err != nil {
fmt.Println("Failed to load certificate:", err)
os.Exit(1)
}
rootCa, err := ioutil.ReadFile("rootCA.crt") if err != nil {
fmt.Println("Failed to read root CA:", err)
os.Exit(1)
}
certPool := x509.NewCertPool()
certPool.AppendCertsFromPEM(rootCa)
tlsConfig := &tls.Config{
RootCAs: certPool,
InsecureSkipVerify: true,
Certificates: []tls.Certificate\{keyPair},
}
container := electron.NewContainer("myContainer")
tlsConn, err := tls.Dial("tcp",
"rabbitmq.default.svc.cluster.local:5671", tlsConfig) if err != nil {
fmt.Println("Failed to open TLS connection:", err)
os.Exit(1)
} defer tlsConn.Close()
conn, err := container.Connection(
tlsConn,
electron.SASLEnable(),
electron.SASLAllowedMechs("EXTERNAL"),
) defer conn.Close(err) if err != nil {
fmt.Println("Failed to open AMQP connection", err)
os.Exit(1)
}
sess, err := conn.Session()
sender, err := sess.Sender(electron.Target("demo-queue")) if err
!= nil {
fmt.Println("Creating sender failed:", err)
os.Exit(1)
} for i := int64(0); i < 100000 ; i++ {
msg := amqp.NewMessage()
body := fmt.Sprintf("Test message %d", i)
msg.Marshal(body)
sender.SendSync(msg)
time.Sleep(1*time.Second)
}
}}}
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
