Skip to content

#12557: fall back to system-wide CA certificates (if available) when none are configured for AMQP 1.0 and AMQP 0-9-1 clients such as shovels#12564

Merged
michaelklishin merged 1 commit intomainfrom
cloudamqp-use-public-key-cacerts-get
Oct 22, 2024
Merged

#12557: fall back to system-wide CA certificates (if available) when none are configured for AMQP 1.0 and AMQP 0-9-1 clients such as shovels#12564
michaelklishin merged 1 commit intomainfrom
cloudamqp-use-public-key-cacerts-get

Conversation

@michaelklishin
Copy link
Copy Markdown
Collaborator

@michaelklishin michaelklishin commented Oct 21, 2024

This is #12557 by @LoisSotoLopez.

@mergify
Copy link
Copy Markdown

mergify bot commented Oct 21, 2024

⚠️ The sha of the head commit of this PR conflicts with #12557. Mergify cannot evaluate rules on this PR. ⚠️

@LoisSotoLopez @michaelklishin
Provide specific f. to fix client ssl options
3ff7e82 
Provides a specific function to fix client ssl options, i.e.: apply all
fixes that are applied for TLS listeneres and clients on previous
versions but also sets `cacerts` option to CA certificates obtained by
`public_key:cacerts_get`, only when no `cacertfile` or `cacerts` are
provided.
@michaelklishin michaelklishin force-pushed the cloudamqp-use-public-key-cacerts-get branch from 6086f58 to 3ff7e82 Compare October 21, 2024 22:00
@michaelklishin
Copy link
Copy Markdown
Collaborator Author

michaelklishin commented Oct 21, 2024

The forced push was a rebase to make sure that #12502 is included (it addresses one specific kind of annoying CT suite flakes).

@michaelklishin michaelklishin added this to the 4.1.0 milestone Oct 21, 2024
@michaelklishin michaelklishin changed the title #12557 #12557: fall back to system-wide CA certificates (if available) when none are configured for AMQP 1.0 and AMQP 0-9-1 clients such as shovels Oct 21, 2024
@michaelklishin michaelklishin merged commit 61f0730 into main Oct 22, 2024
@michaelklishin michaelklishin deleted the cloudamqp-use-public-key-cacerts-get branch October 22, 2024 00:24
This was referenced Oct 22, 2024
Closed
Closed
michaelklishin added a commit that referenced this pull request Dec 11, 2024
@michaelklishin
List #10519 #12564 in 4.1.0 release notes
dbd03d7
lukebakken added a commit to amazon-mq/upstream-to-rabbitmq-server that referenced this pull request Nov 7, 2025
@lukebakken
Fix up oauth2_client ssl options
7110ccc 
This uses the same technique as PR rabbitmq#12557 and rabbitmq#12564 to ensure that when
neither `cacerts` nor `cacertfile` are set, the system certs are used.
@lukebakken lukebakken mentioned this pull request Nov 7, 2025
Merged
lukebakken added a commit to amazon-mq/upstream-to-rabbitmq-server that referenced this pull request Nov 10, 2025
@lukebakken
Fix up oauth2_client ssl options
c481f39 
This uses the same technique as PR rabbitmq#12557 and rabbitmq#12564 to ensure that when
neither `cacerts` nor `cacertfile` are set, the system certs are used.
mergify bot pushed a commit that referenced this pull request Nov 10, 2025
@lukebakken @mergify
Fix up oauth2_client ssl options
5499875 
This uses the same technique as PR #12557 and #12564 to ensure that when
neither `cacerts` nor `cacertfile` are set, the system certs are used.

(cherry picked from commit c481f39)
@mergify mergify bot mentioned this pull request Nov 10, 2025
Merged
mergify bot pushed a commit that referenced this pull request Nov 10, 2025
@lukebakken @mergify
Fix up oauth2_client ssl options
1b3369e 
This uses the same technique as PR #12557 and #12564 to ensure that when
neither `cacerts` nor `cacertfile` are set, the system certs are used.

(cherry picked from commit c481f39)
(cherry picked from commit 5499875)
@mergify mergify bot mentioned this pull request Nov 10, 2025
Closed
lukebakken pushed a commit to lukebakken/rmq-rabbitmq-server that referenced this pull request Mar 17, 2026
@michaelklishin @lukebakken
Merge pull request rabbitmq#12564 from rabbitmq/cloudamqp-use-public-…
7c125ec 
…key-cacerts-get

rabbitmq#12557: fall back to system-wide CA certificates (if available) when none are configured for AMQP 1.0 and AMQP 0-9-1 clients such as shovels

(cherry picked from commit 61f0730)
lukebakken pushed a commit to lukebakken/rmq-rabbitmq-server that referenced this pull request Mar 17, 2026
@michaelklishin @lukebakken
Merge pull request rabbitmq#12564 from rabbitmq/cloudamqp-use-public-…
f4b06b8 
…key-cacerts-get

rabbitmq#12557: fall back to system-wide CA certificates (if available) when none are configured for AMQP 1.0 and AMQP 0-9-1 clients such as shovels

(cherry picked from commit 61f0730)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

4.1.0

Development

Successfully merging this pull request may close these issues.

2 participants

@michaelklishin @LoisSotoLopez