(hopefully) invalid warning about TrustEverythingTrustManager
Opened this issue · 2 comments
If logging for com.rabbitmq.client
is enabled, this warning is printed when calling langohr.core/connect
with :ssl true
, even if I pass a custom :ssl-context
:
SECURITY ALERT: this trust manager trusts every certificate, effectively disabling peer verification. This is convenient for local development but offers no protection against man-in-the-middle attacks. Please see https://www.rabbitmq.com/ssl.html to learn more about peer certificate verification.
That's from the rabbitmq-java-client library: https://github.com/rabbitmq/rabbitmq-java-client/blob/e32bcbb2824f7616a13acd5827a87ca92e54f08f/src/main/java/com/rabbitmq/client/TrustEverythingTrustManager.java#L34
I think it's an invalid logging statement a la what was observed for the JMS client in rabbitmq/rabbitmq-jms-client#74 and fixed in rabbitmq/rabbitmq-jms-client#75.
I just want to make sure that peer authentication is in fact enabled using the default SSLContext in my client application; the logging statement worries me.
It's not enabled by default by Langohr. rabbitmq/rabbitmq-java-client#229 and a few linked issues explain why enabling peer verification by default will be a usability disaster as well as a security improvement.
I don't see why your ssl-context
would not be passed on to the Java client.
I think you are right that the ssl context is passed on and that peer verification settings are derived from there. However, this issue I meant to point out that the logs hint otherwise, which is misleading. I think it happens because this line https://github.com/michaelklishin/langohr/blob/master/src/clojure/langohr/core.clj#L342 uses com.rabbitmq.client.ConnectionFactory.useSslProtocol()
with no args, and that instantiates a TrustEverythingManager
that isn't used when an ssl-context is provided. I see it's a complex thing to addres, but it took me quite a lot of work to figure that out.