Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Issue with release 2.3.1 - Use of AMQPSSLConnection class #55

Open
lucasweijers opened this issue Oct 26, 2020 · 1 comment
Open

Issue with release 2.3.1 - Use of AMQPSSLConnection class #55

lucasweijers opened this issue Oct 26, 2020 · 1 comment

Comments

@lucasweijers
Copy link

Hi,

In the update to version 2.3.1 is a little configuration bug.

Problem:
The validation does not approve of the ssl_options setting for a connection configured by the AMQPSSLConnection class. (https://github.com/php-amqplib/php-amqplib/blob/v2.9.0/PhpAmqpLib/Connection/AMQPSSLConnection.php)

Validator checks configured connection options against the default connection options set at https://github.com/mikemadisonweb/yii2-rabbitmq/blob/master/Configuration.php#L35

The newly added ssl_options property misses here.

Solution:

  1. Add the ssl_options property to the default configuration at https://github.com/mikemadisonweb/yii2-rabbitmq/blob/master/Configuration.php#L35. Set to NULL.
  2. The AMQPSSLConnection class extends the AMQPStreamConnection class.
    You should still be able to use the AMQPStreamConnection class when setting the ssl_context option. This is prevented by the new check now at https://github.com/mikemadisonweb/yii2-rabbitmq/blob/2.3.1/Configuration.php#L279. This check should allow AMQPStreamConnection to be used in combination with the ssl_context option.

Explanation
I can see the latest commit was to solve a SSL problem:
2c5552a

This made it mandatory to use the AMQPSSLConnection class. (https://github.com/php-amqplib/php-amqplib/blob/v2.9.0/PhpAmqpLib/Connection/AMQPSSLConnection.php)

Before this update i would set the ssl_context option like so:

return [
    'class' => \mikemadisonweb\rabbitmq\Configuration::class,
    'auto_declare' => false,
    'connections' => [
        [
            'name'        => 'default',
            'type'        => $amqpConnectionType, // AMQP Lazy connection type
            'host'        => $amqpHost,
            'port'        => $amqpPort,
            'user'        => $amqpUser,
            'password'    => $amqpPassword,
            'vhost'       => $amqpVhost,
            'ssl_context' => $amqpSslContext,
        ],
...

This results in the following exception:
Now you would get this error first:

Exception 'mikemadisonweb\rabbitmq\exceptions\InvalidConfigException' with message 'If you are using a ssl connection, the connection type must be AMQPSSLConnection::class'

So if i change the configuration to use the AMQPSSLConnection::class and set the ssl_options i get the following:

return [
    'class' => \mikemadisonweb\rabbitmq\Configuration::class,
    'auto_declare' => false,
    'connections' => [
        [
            'name'        => 'default',
            'type'        => $amqpConnectionType, // AMQP SSL connection type
            'host'        => $amqpHost,
            'port'        => $amqpPort,
            'user'        => $amqpUser,
            'password'    => $amqpPassword,
            'vhost'       => $amqpVhost,
            'ssl_options' => $amqpSslOptions,
        ],
...

Notice we now have to use ssl_options which will create the context for us instead of making the context ourselves.

Now i get the following error:

Exception 'mikemadisonweb\rabbitmq\exceptions\InvalidConfigException' with message 'Unknown options: {"ssl_options":{"peer_name":"produqt-core.local","verify_peer":true}}'

in /app/vendor/mikemadisonweb/yii2-rabbitmq/Configuration.php:382

Stack trace:
#0 /app/vendor/mikemadisonweb/yii2-rabbitmq/Configuration.php(263): mikemadisonweb\rabbitmq\Configuration->validateArrayFields(Array, Array)
#1 /app/vendor/mikemadisonweb/yii2-rabbitmq/Configuration.php(208): mikemadisonweb\rabbitmq\Configuration->validateRequired()
#2 /app/vendor/mikemadisonweb/yii2-rabbitmq/Configuration.php(140): mikemadisonweb\rabbitmq\Configuration->validate()
#3 /app/vendor/mikemadisonweb/yii2-rabbitmq/DependencyInjection.php(29): mikemadisonweb\rabbitmq\Configuration->getConfig()

Which is to conclude that either the ssl_options property has to be added to the default configuration (constant DEFAULTS)
@ale10257
Copy link

ale10257 commented Oct 27, 2020
edited

Hi! Example configuration connection in my project

...
    'connections' => [
        [
            'type' => $_ENV['RABBITMQ_SSL'] ? AMQPSSLConnection::class : AMQPLazyConnection::class,
            'host' => $_ENV['RABBITMQ_HOST'],
            'port' => $_ENV['RABBITMQ_PORT'],
            'user' => $_ENV['RABBITMQ_USER'],
            'password' => $_ENV['RABBITMQ_PASSWD'],
            'vhost' => $_ENV['RABBITMQ_VHOST'],
            'ssl_context' => $_ENV['RABBITMQ_SSL'] ? [
                'capath' => null,
                'cafile' => null,
                'verify_peer' => false,
            ] : null
        ],
    ],
...

It's work

If you are using a secure connection, then it is logical to assume that you configure the connection context yourself

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ale10257 @lucasweijers