1 | // Example of using a TLS/SSL connection. Note that the server must be
|
2 | // configured to accept SSL connections; see, for example,
|
3 | // http://www.rabbitmq.com/ssl.html.
|
4 | //
|
5 | // When trying this out, I followed the RabbitMQ SSL guide above,
|
6 | // almost verbatim. I set the CN of the server certificate to
|
7 | // 'localhost' rather than $(hostname) (since on my MBP hostname ends
|
8 | // up being "<blah>.local", which is just weird). My client
|
9 | // certificates etc., are in `../etc/client/`. My testca certificate
|
10 | // is in `../etc/testca` and server certs etc., in `../etc/server`,
|
11 | // and I've made a `rabbitmq.config` file, with which I start
|
12 | // RabbitMQ:
|
13 | //
|
14 | // RABBITMQ_CONFIG_FILE=`pwd`/../etc/server/rabbitmq \
|
15 | // /usr/local/sbin/rabbitmq-server &
|
16 | //
|
17 | // A way to check RabbitMQ's running with SSL OK is to use
|
18 | //
|
19 | // openssl s_client -connect localhost:5671
|
20 |
|
21 | var amqp = require('../');
|
22 | var fs = require('fs');
|
23 |
|
24 | // Assemble the SSL options; for verification we need at least
|
25 | // * a certificate to present to the server ('cert', in PEM format)
|
26 | // * the private key for the certificate ('key', in PEM format)
|
27 | // * (possibly) a passphrase for the private key
|
28 | //
|
29 | // The first two may be replaced with a PKCS12 file ('pfx', in pkcs12
|
30 | // format)
|
31 |
|
32 | // We will also want to list the CA certificates that we will trust,
|
33 | // since we're using a self-signed certificate. It is NOT recommended
|
34 | // to use `rejectUnauthorized: false`.
|
35 |
|
36 | // Options for full client and server verification:
|
37 | var opts = {
|
38 | cert: fs.readFileSync('../etc/client/cert.pem'),
|
39 | key: fs.readFileSync('../etc/client/key.pem'),
|
40 | // cert and key or
|
41 | // pfx: fs.readFileSync('../etc/client/keycert.p12'),
|
42 | passphrase: 'MySecretPassword',
|
43 | ca: [fs.readFileSync('../etc/testca/cacert.pem')]
|
44 | };
|
45 |
|
46 | // Options for just confidentiality. This requires RabbitMQ's SSL
|
47 | // configuration to include the items
|
48 | //
|
49 | // {verify, verify_none},
|
50 | // {fail_if_no_peer_cert,false}
|
51 | //
|
52 | var opts1 = { ca: [fs.readFileSync('../etc/testca/cacert.pem')] };
|
53 |
|
54 | var open = amqp.connect('amqps://localhost', opts);
|
55 |
|
56 | open.then(function(conn) {
|
57 | process.on('SIGINT', conn.close.bind(conn));
|
58 | return conn.createChannel().then(function(ch) {
|
59 | ch.sendToQueue('foo', new Buffer('Hello World!'));
|
60 | });
|
61 | }).then(null, console.warn);
|