yii2-rabbitmq icon indicating copy to clipboard operation
yii2-rabbitmq copied to clipboard

Published 20 hours ago verified publisher icon mikemadisonweb

Issue with release 2.3.1 - Use of AMQPSSLConnection class

Open lucasweijers opened this issue 3 years ago • 1 comments

Hi,

In the update to version 2.3.1 is a little configuration bug.

Problem: The validation does not approve of the ssl_options setting for a connection configured by the AMQPSSLConnection class. (https://github.com/php-amqplib/php-amqplib/blob/v2.9.0/PhpAmqpLib/Connection/AMQPSSLConnection.php)

Validator checks configured connection options against the default connection options set at https://github.com/mikemadisonweb/yii2-rabbitmq/blob/master/Configuration.php#L35

The newly added ssl_options property misses here.

Solution:

  1. Add the ssl_options property to the default configuration at https://github.com/mikemadisonweb/yii2-rabbitmq/blob/master/Configuration.php#L35. Set to NULL.
  2. The AMQPSSLConnection class extends the AMQPStreamConnection class. You should still be able to use the AMQPStreamConnection class when setting the ssl_context option. This is prevented by the new check now at https://github.com/mikemadisonweb/yii2-rabbitmq/blob/2.3.1/Configuration.php#L279. This check should allow AMQPStreamConnection to be used in combination with the ssl_context option.

Explanation I can see the latest commit was to solve a SSL problem: https://github.com/mikemadisonweb/yii2-rabbitmq/commit/2c5552a1c9e985396a2165b7f5b1356cb2c422fb

This made it mandatory to use the AMQPSSLConnection class. (https://github.com/php-amqplib/php-amqplib/blob/v2.9.0/PhpAmqpLib/Connection/AMQPSSLConnection.php)

Before this update i would set the ssl_context option like so:

return [
    'class' => \mikemadisonweb\rabbitmq\Configuration::class,
    'auto_declare' => false,
    'connections' => [
        [
            'name'        => 'default',
            'type'        => $amqpConnectionType, // AMQP Lazy connection type
            'host'        => $amqpHost,
            'port'        => $amqpPort,
            'user'        => $amqpUser,
            'password'    => $amqpPassword,
            'vhost'       => $amqpVhost,
            'ssl_context' => $amqpSslContext,
        ],
...

This results in the following exception: Now you would get this error first:

Exception 'mikemadisonweb\rabbitmq\exceptions\InvalidConfigException' with message 'If you are using a ssl connection, the connection type must be AMQPSSLConnection::class'

So if i change the configuration to use the AMQPSSLConnection::class and set the ssl_options i get the following:

return [
    'class' => \mikemadisonweb\rabbitmq\Configuration::class,
    'auto_declare' => false,
    'connections' => [
        [
            'name'        => 'default',
            'type'        => $amqpConnectionType, // AMQP SSL connection type
            'host'        => $amqpHost,
            'port'        => $amqpPort,
            'user'        => $amqpUser,
            'password'    => $amqpPassword,
            'vhost'       => $amqpVhost,
            'ssl_options' => $amqpSslOptions,
        ],
...

Notice we now have to use ssl_options which will create the context for us instead of making the context ourselves.

Now i get the following error:

Exception 'mikemadisonweb\rabbitmq\exceptions\InvalidConfigException' with message 'Unknown options: {"ssl_options":{"peer_name":"produqt-core.local","verify_peer":true}}'

in /app/vendor/mikemadisonweb/yii2-rabbitmq/Configuration.php:382

Stack trace:
#0 /app/vendor/mikemadisonweb/yii2-rabbitmq/Configuration.php(263): mikemadisonweb\rabbitmq\Configuration->validateArrayFields(Array, Array)
#1 /app/vendor/mikemadisonweb/yii2-rabbitmq/Configuration.php(208): mikemadisonweb\rabbitmq\Configuration->validateRequired()
#2 /app/vendor/mikemadisonweb/yii2-rabbitmq/Configuration.php(140): mikemadisonweb\rabbitmq\Configuration->validate()
#3 /app/vendor/mikemadisonweb/yii2-rabbitmq/DependencyInjection.php(29): mikemadisonweb\rabbitmq\Configuration->getConfig()

Which is to conclude that either the ssl_options property has to be added to the default configuration (constant DEFAULTS)

lucasweijers avatar Oct 26 '20 15:10 lucasweijers

Hi! Example configuration connection in my project

...
    'connections' => [
        [
            'type' => $_ENV['RABBITMQ_SSL'] ? AMQPSSLConnection::class : AMQPLazyConnection::class,
            'host' => $_ENV['RABBITMQ_HOST'],
            'port' => $_ENV['RABBITMQ_PORT'],
            'user' => $_ENV['RABBITMQ_USER'],
            'password' => $_ENV['RABBITMQ_PASSWD'],
            'vhost' => $_ENV['RABBITMQ_VHOST'],
            'ssl_context' => $_ENV['RABBITMQ_SSL'] ? [
                'capath' => null,
                'cafile' => null,
                'verify_peer' => false,
            ] : null
        ],
    ],
...

It's work

If you are using a secure connection, then it is logical to assume that you configure the connection context yourself

ale10257 avatar Oct 27 '20 08:10 ale10257