Skip to content

#12557: fall back to system-wide CA certificates (if available) when none are configured for AMQP 1.0 and AMQP 0-9-1 clients such as shovels #12564

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Oct 22, 2024
Merged

#12557: fall back to system-wide CA certificates (if available) when none are configured for AMQP 1.0 and AMQP 0-9-1 clients such as shovels #12564

merged 1 commit into from
Oct 22, 2024

Conversation

@michaelklishin
Copy link
Collaborator

@michaelklishin michaelklishin commented Oct 21, 2024

This is #12557 by @LoisSotoLopez.

@mergify
Copy link

mergify bot commented Oct 21, 2024

⚠️ The sha of the head commit of this PR conflicts with #12557. Mergify cannot evaluate rules on this PR. ⚠️

@LoisSotoLopez @michaelklishin
Provide specific f. to fix client ssl options
3ff7e82 
Provides a specific function to fix client ssl options, i.e.: apply all
fixes that are applied for TLS listeneres and clients on previous
versions but also sets `cacerts` option to CA certificates obtained by
`public_key:cacerts_get`, only when no `cacertfile` or `cacerts` are
provided.
@michaelklishin michaelklishin force-pushed the cloudamqp-use-public-key-cacerts-get branch from 6086f58 to 3ff7e82 Compare October 21, 2024 22:00
@michaelklishin
Copy link
Collaborator Author

michaelklishin commented Oct 21, 2024

The forced push was a rebase to make sure that #12502 is included (it addresses one specific kind of annoying CT suite flakes).

@michaelklishin michaelklishin added this to the 4.1.0 milestone Oct 21, 2024
@michaelklishin michaelklishin changed the title #12557 #12557: fall back to system-wide CA certificates (if available) when none are configured for AMQP 1.0 and AMQP 0-9-1 clients such as shovels Oct 21, 2024
@michaelklishin michaelklishin merged commit 61f0730 into main Oct 22, 2024
342 checks passed
@michaelklishin michaelklishin deleted the cloudamqp-use-public-key-cacerts-get branch October 22, 2024 00:24
This was referenced Oct 22, 2024
Closed
Closed
michaelklishin added a commit that referenced this pull request Dec 11, 2024
@michaelklishin
List #10519 #12564 in 4.1.0 release notes
dbd03d7
lukebakken added a commit to amazon-mq/upstream-to-rabbitmq-server that referenced this pull request Nov 7, 2025
@lukebakken
Fix up oauth2_client ssl options
7110ccc 
This uses the same technique as PR rabbitmq#12557 and rabbitmq#12564 to ensure that when
neither `cacerts` nor `cacertfile` are set, the system certs are used.
@lukebakken lukebakken mentioned this pull request Nov 7, 2025
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

4.1.0

Development

Successfully merging this pull request may close these issues.

3 participants

@michaelklishin @LoisSotoLopez