amqp icon indicating copy to clipboard operation
amqp copied to clipboard

Published 20 hours ago verified publisher icon ruby-amqp

Client connections to RabbitMQ do not verify the server's certificate or hostname

Open mdrozdo opened this issue 6 years ago • 1 comments

Originally reported under the sensu repo. You can see https://github.com/sensu/sensu/issues/1310 for details.

The callback functionality in eventmachine for verifying the certificate (it's not done automatically) isn't being used by ruby-amqp, so client connections to RabbitMQ do not verify the server's certificate or hostname.

We've verified that when running the client on Windows, any server certificate is automatically accepted without verifying the CA.

mdrozdo avatar Oct 04 '18 07:10 mdrozdo

This client has been out of development for years. Sensu really should switch to Bunny.

Assuming that EventMachine peer verification isn't too different from what most TLS implementations do it should be easy to add.

michaelklishin avatar Oct 04 '18 08:10 michaelklishin