Trust store: use a timeout when querying an HTTPS source

[markus-waltl-skidata]

Describe the bug

The RabbitMQ trust store plugin queries the whitelist provider. If the provider does not answer, e.g., because of a firewall dropping the packets. The plugin will no longer poll the whitelist provider because there is no timeout configured in the HTTP options of list_cert (

rabbitmq-server/deps/rabbitmq_trust_store/src/rabbit_trust_store_http_provider.erl

Line 30 in 0db4a06

list_certs(_, #http_state{url = Url,

)

Reproduction steps

1. run a service that provide a whitelist interface to the trust store plugin
2. add a proxy
3. configure RabbitMQ to connect via the proxy to the whitelist provider
4. RabbitMQ should query the whitelist
5. add a latency to the proxy of, e.g., 120 seconds
6. the trust store plugin will wait until the 120 seconds have expired and then receive the certificates

note: if the proxy is configured to drop all packages without informing RabbitMQ, it gets stuck indefinitely

Expected behavior

The trust store plugin should timeout after a while and then retry to poll the whitelist instead of being indefinitely stuck. Ideally, the timeout should be configurable.

Additional context

Only a reboot of RabbitMQ fixes the issue of the stuck trust store plugin.

[michaelklishin]

@markus-waltl-skidata you are welcome to sign our CLA and start looking into a pull request that would use a timeout of, say, 10-15 seconds.

Here is the module in question and the option you need is called timeout.

Thanks.