-
Notifications
You must be signed in to change notification settings - Fork 2.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Set CN to container DNS name #14951
Set CN to container DNS name #14951
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Oh nice, that's way easier than I was afraid this might end up being!
Do you think we should also update our rabbitmq-env.conf
file to opt into this new default explicitly too so it's more clear what's happening?
Additionally, could you please remove the @tianon
from your commit message? It ends up sending an email from your fork notifying me of the commit, will likely send me another email when this gets merged, and then will send me emails again if anyone ever mirrors this repository elsewhere without a fork or rebases the history such that it's a different commit (which has happened quite a few times in our project's history 😭).
As for testing, it's a little bit janky, but I think I can point my PR over there at this PR (or maybe @yosifkit still has his local build he can pull this down and test against 👀).
c0183c8
to
d1c2575
Compare
OK, round two. I'm giving an optfile a try next. |
|
Thanks. OK my next step will be to try out what |
I was able to reproduce the issue locally and it appears that commit 7335ae3 fixes the issue using 3.13.0-beta.1 and OTP 26. I'm not exactly sure why so I'm going to test some more but let's see how it works with CI here. |
This is interesting, I can start a cluster using 3.13.0-beta.1 and OTP 26 and my code here https://github.com/lukebakken/docker-rabbitmq-cluster/tree/tls ...so my next step is to generate certs for |
7335ae3
to
8c65f16
Compare
Turns out that 3.13 has a bug in |
Looks like the bug is actually in Erlang/OTP - erlang/otp#7497 |
8c65f16
to
dee1b88
Compare
After resolving the discussion in erlang/otp#7497, this PR is ready for review! |
Related to docker-library/rabbitmq#652 Give a TLS dist optfile a try Remove `fail_if_no_peer_cert` option for client. It does not seem to be supported by OTP 26 🤔
dee1b88
to
e3a1857
Compare
Thanks everyone. |
Related to docker-library/rabbitmq#652
cc @tianon