Ruby-friendly fine tuned TLS connections support

[michaelklishin]

It's currently far from easy to set up all the certificates/keys/etc. This needs to be both easier and better documented (e.g. JVM keytool is used to import CA certificates, as opposed to OpenSSL default CA certificate path which Bunny relies on).

[michaelklishin]

I will move this to 2.1 because it turns out to be a lot hairier than I thought. Also, Langohr and March Hare share this problem so perhaps simplifying common TLS setups with a small Java library both can use is a good way to go about it.

[geauxvirtual]

Just wanted to leave a comment on this issue or feature.

When we were looking at implementing HB, and now March Hare once 2.0 is released, I looked at integrating SSL support into our application. You are correct, it's a not simple task when dealing with Java, as it took importing three Java libraries to just load the truststore and return it for the connection to work properly for trusting both the server and client. It would be nice if this could be made simpler by adding the required behavior to the code.

[whithajess]

Any updates on this? I would like to use TLS but have no idea what to do as http://rubymarchhare.info/articles/tls.html just gives a 404. I have it working fine using Bunny gem

[michaelklishin]

Currently you have to build a TLS context and pass it to MH, see rabbitmq.com/ssl.html.

On 17/8/2015, at 7:17, Jesse [email protected] wrote:

Any updates on this? I would like to use TLS but have no idea what to do as http://rubymarchhare.info/articles/tls.html just gives a 404. I have it working fine using Bunny gem

— Reply to this email directly or view it on GitHub.

[jsvd]

Isn't this done now in https://github.com/ruby-amqp/march_hare/blob/ffa01c25c69a7b4077092963b5f8960184884f39/lib/march_hare/session.rb#L72-L104?

[michaelklishin]

@jsvd I'm afraid this is far from "Ruby developer-friendly" (which is a high bar)