Additional RabbitMQ SSL fixes
This patch fixes two problems with RabbitMQ's SSL/TLS listener. * When self-signed certificates are used, the CA cert isn't created, but it's included with the RabbitMQ server config anyway (bug 1507364). * Self-signed certificates are owned by root within RabbitMQ's configuration directory and are unreadable by RabbitMQ. User-provided certificates aren't affected (bug 1506992). Closes-bug: 1506992 Closes-bug: 1507364 Change-Id: If4f6a325eea4772f2fad4604785241b67adfaaf6
This commit is contained in:
Major Hayden
parent
617f44170b
commit
d7031f954d
|
|
@ -35,3 +35,14 @@
|
|||
creates={{ rabbitmq_ssl_cert }}
|
||||
tags:
|
||||
- rabbitmq-ssl
|
||||
|
||||
- name: Ensure rabbitmq user owns the self-signed key and certificate
|
||||
file:
|
||||
path: "{{ item }}"
|
||||
owner: rabbitmq
|
||||
group: rabbitmq
|
||||
with_items:
|
||||
- "{{ rabbitmq_ssl_key }}"
|
||||
- "{{ rabbitmq_ssl_cert }}"
|
||||
tags:
|
||||
- rabbitmq-ssl
|
||||
|
|
|
|||
|
|
@ -31,3 +31,14 @@
|
|||
delay: 2
|
||||
tags:
|
||||
- rabbitmq-ssl
|
||||
|
||||
- name: Ensure rabbitmq user owns the self-signed key and certificate
|
||||
file:
|
||||
path: "{{ item }}"
|
||||
owner: rabbitmq
|
||||
group: rabbitmq
|
||||
with_items:
|
||||
- "{{ rabbitmq_ssl_key }}"
|
||||
- "{{ rabbitmq_ssl_cert }}"
|
||||
tags:
|
||||
- rabbitmq-ssl
|
||||
|
|
|
|||
|
|
@ -4,7 +4,7 @@
|
|||
{ssl_listeners, [5671]},
|
||||
{ssl_options, [{certfile,"{{ rabbitmq_ssl_cert }}"},
|
||||
{keyfile,"{{ rabbitmq_ssl_key }}"},
|
||||
{% if rabbitmq_ssl_ca_cert is defined -%}
|
||||
{% if rabbitmq_user_ssl_ca_cert is defined -%}
|
||||
{cacertfile,"{{ rabbitmq_ssl_ca_cert }}"},
|
||||
{% endif -%}
|
||||
{versions, ['tlsv1.2', 'tlsv1.1']},
|
||||
|
|
|
|||
Loading…
Reference in New Issue