0

I am trying to established MQ client with Nodejs. I looked at different libraries available and found amqp and amqplib, which are promising, but none of them works for me with secure protocol (SSL). For example, I made MWE for amqplib from the documentation:

var amqp = require('amqplib');
var fs = require('fs');

var opts = {
  cert: fs.readFileSync('/home/user/test/node/certs/cert.pem'),
  key: fs.readFileSync('/home/user/test/node/certs/key.pem'),
  passphrase: 'XXXXXXXXXXX',
  ca: [fs.readFileSync('/home/user/test/node/certs/cacert.pem')]
};

var open = amqp.connect('amqps://rmqUser:rmqPass@rmqIP', opts);

open.then(function(conn) {
  console.log("Established");
}).then(null, console.warn);

...but I keep getting this error:

{ [Error: read ECONNRESET] code: 'ECONNRESET', errno: 'ECONNRESET', syscall: 'read' }

I first tried troubleshooting my SSL parameters, since I am using self-signed certificates and my own CA Authority:

openssl s_client -connect rmqIP:5671 -cert cert.pem -key key.pem -CAfile cacert.pem

...and everything seems OK, i.e. openssl returns Verify return code: 0 (ok). Also, this Python code on same client with same certificates works perfectly:

#!/usr/env python
import pika
import ssl
import sys

try:
  credentials = pika.PlainCredentials(rmqUser, rmqPass)
  sslOptions = ({
    "certfile": "/home/user/test/node/certs/cert.pem",
    "keyfile": "/home/user/test/node/certs/key.pem",
    "cert_reqs": ssl.CERT_REQUIRED,
    "ca_certs": "/home/user/test/node/certs/cacert.pem"
  })

  parameters = pika.ConnectionParameters(
    host = rmqIP,
    port = 5671,
    virtual_host = '/',
    credentials = credentials,
    heartbeat_interval = 60,
    ssl = True,
    ssl_options = sslOptions)

  connection = pika.BlockingConnection(parameters)
  channel = connection.channel()
  print "Established"
  ...

What am I doing wrong in Nodejs (my client has installed node v5.4.1) and how can I debug this issue more in depth?

BTW, I am using RMQ server 3.6.0 on x64 Ubuntu server, where rabbitmq.config consist of:

[
  {ssl, [{versions, ['tlsv1.2', 'tlsv1.1']}]},
  {rabbit, [
    {ssl_listeners, [5671]},
    {ssl_options, [{cacertfile,"/home/server/rmq/certs/myca/cacert.pem"},
                {certfile,"/home/server/rmq/certs/server/cert.pem"},
                {keyfile,"/home/server/rmq/certs/server/key.pem"},
                {password,"XXXXXXXXX"},
                {verify,verify_peer},
                {fail_if_no_peer_cert,false}]}
  ]}
].
TomiL
  • 671
  • 2
  • 11
  • 25

0 Answers0