yii2-rabbitmq
yii2-rabbitmq copied to clipboard
Issue with release 2.3.1 - Use of AMQPSSLConnection class
Hi,
In the update to version 2.3.1 is a little configuration bug.
Problem:
The validation does not approve of the ssl_options
setting for a connection configured by the AMQPSSLConnection class. (https://github.com/php-amqplib/php-amqplib/blob/v2.9.0/PhpAmqpLib/Connection/AMQPSSLConnection.php)
Validator checks configured connection options against the default connection options set at https://github.com/mikemadisonweb/yii2-rabbitmq/blob/master/Configuration.php#L35
The newly added ssl_options
property misses here.
Solution:
- Add the
ssl_options
property to the default configuration at https://github.com/mikemadisonweb/yii2-rabbitmq/blob/master/Configuration.php#L35. Set to NULL. - The AMQPSSLConnection class extends the AMQPStreamConnection class.
You should still be able to use the AMQPStreamConnection class when setting the
ssl_context
option. This is prevented by the new check now at https://github.com/mikemadisonweb/yii2-rabbitmq/blob/2.3.1/Configuration.php#L279. This check should allow AMQPStreamConnection to be used in combination with thessl_context
option.
Explanation I can see the latest commit was to solve a SSL problem: https://github.com/mikemadisonweb/yii2-rabbitmq/commit/2c5552a1c9e985396a2165b7f5b1356cb2c422fb
This made it mandatory to use the AMQPSSLConnection class. (https://github.com/php-amqplib/php-amqplib/blob/v2.9.0/PhpAmqpLib/Connection/AMQPSSLConnection.php)
Before this update i would set the ssl_context option like so:
return [
'class' => \mikemadisonweb\rabbitmq\Configuration::class,
'auto_declare' => false,
'connections' => [
[
'name' => 'default',
'type' => $amqpConnectionType, // AMQP Lazy connection type
'host' => $amqpHost,
'port' => $amqpPort,
'user' => $amqpUser,
'password' => $amqpPassword,
'vhost' => $amqpVhost,
'ssl_context' => $amqpSslContext,
],
...
This results in the following exception: Now you would get this error first:
Exception 'mikemadisonweb\rabbitmq\exceptions\InvalidConfigException' with message 'If you are using a ssl connection, the connection type must be AMQPSSLConnection::class'
So if i change the configuration to use the AMQPSSLConnection::class
and set the ssl_options
i get the following:
return [
'class' => \mikemadisonweb\rabbitmq\Configuration::class,
'auto_declare' => false,
'connections' => [
[
'name' => 'default',
'type' => $amqpConnectionType, // AMQP SSL connection type
'host' => $amqpHost,
'port' => $amqpPort,
'user' => $amqpUser,
'password' => $amqpPassword,
'vhost' => $amqpVhost,
'ssl_options' => $amqpSslOptions,
],
...
Notice we now have to use ssl_options which will create the context for us instead of making the context ourselves.
Now i get the following error:
Exception 'mikemadisonweb\rabbitmq\exceptions\InvalidConfigException' with message 'Unknown options: {"ssl_options":{"peer_name":"produqt-core.local","verify_peer":true}}'
in /app/vendor/mikemadisonweb/yii2-rabbitmq/Configuration.php:382
Stack trace:
#0 /app/vendor/mikemadisonweb/yii2-rabbitmq/Configuration.php(263): mikemadisonweb\rabbitmq\Configuration->validateArrayFields(Array, Array)
#1 /app/vendor/mikemadisonweb/yii2-rabbitmq/Configuration.php(208): mikemadisonweb\rabbitmq\Configuration->validateRequired()
#2 /app/vendor/mikemadisonweb/yii2-rabbitmq/Configuration.php(140): mikemadisonweb\rabbitmq\Configuration->validate()
#3 /app/vendor/mikemadisonweb/yii2-rabbitmq/DependencyInjection.php(29): mikemadisonweb\rabbitmq\Configuration->getConfig()
Which is to conclude that either the ssl_options
property has to be added to the default configuration (constant DEFAULTS)
Hi! Example configuration connection in my project
...
'connections' => [
[
'type' => $_ENV['RABBITMQ_SSL'] ? AMQPSSLConnection::class : AMQPLazyConnection::class,
'host' => $_ENV['RABBITMQ_HOST'],
'port' => $_ENV['RABBITMQ_PORT'],
'user' => $_ENV['RABBITMQ_USER'],
'password' => $_ENV['RABBITMQ_PASSWD'],
'vhost' => $_ENV['RABBITMQ_VHOST'],
'ssl_context' => $_ENV['RABBITMQ_SSL'] ? [
'capath' => null,
'cafile' => null,
'verify_peer' => false,
] : null
],
],
...
It's work
If you are using a secure connection, then it is logical to assume that you configure the connection context yourself