Skip to content

Correctly add customize_hostname_check to ssl options #15184

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
michaelklishin merged 1 commit into from
Dec 23, 2025
Merged

Correctly add customize_hostname_check to ssl options #15184

michaelklishin merged 1 commit into from
Dec 23, 2025

Conversation

@lukebakken
Copy link
Collaborator

@lukebakken lukebakken commented Dec 23, 2025

Follow-up to #11344

Prior to this fix, the customize_hostname_check option was incorrectly added to the general options passed to httpc:request, which results in the following error when the request is made:

[debug] <0.1.0> Enabling wildcard-aware hostname verification for HTTP client connections
[notice] <0.1.0> Invalid option {customize_hostname_check,
[notice] <0.1.0>                    [{match_fun,#Fun<public_key.6.112534691>}]} ignored
[notice] <0.1.0>

With this fix, you can see that customize_hostname_check is added to the ssl section of the options:

1> redbug:start("rabbit_auth_backend_http:ssl_options->return").
...
...
...
% rabbit_auth_backend_http:ssl_options/0 -> [{ssl,
                                              [{customize_hostname_check,
                                                [{match_fun,
                                                  #Fun<public_key.6.112534691>}]},
                                               {versions,
                                                ['tlsv1.3','tlsv1.2',
                                                 'tlsv1.1',tlsv1]},
                                               {hibernate_after,6000},
                                               {keyfile,
                                                "key.pem"},
                                               {depth,10},
                                               {crl_check,false},
                                               {certfile,
                                                "certificate.pem"},
                                               {cacertfile,
                                                "ca_certificate.pem"},
                                               {fail_if_no_peer_cert,false},
                                               {verify,verify_peer}]}]

@lukebakken
Correctly add customize_hostname_check to ssl options
4360e05 
Follow-up to rabbitmq#11344

Prior to this fix, the `customize_hostname_check` option was incorrectly
added to the general options passed to `httpc:request`, which results in
the following error when the request is made:

```
[debug] <0.1.0> Enabling wildcard-aware hostname verification for HTTP client connections
[notice] <0.1.0> Invalid option {customize_hostname_check,
[notice] <0.1.0>                    [{match_fun,#Fun<public_key.6.112534691>}]} ignored
[notice] <0.1.0>
```

With this fix, you can see that `customize_hostname_check` is added to
the `ssl` section of the options:

```
1> redbug:start("rabbit_auth_backend_http:ssl_options->return").
...
...
...
% rabbit_auth_backend_http:ssl_options/0 -> [{ssl,
                                              [{customize_hostname_check,
                                                [{match_fun,
                                                  #Fun<public_key.6.112534691>}]},
                                               {versions,
                                                ['tlsv1.3','tlsv1.2',
                                                 'tlsv1.1',tlsv1]},
                                               {hibernate_after,6000},
                                               {keyfile,
                                                "key.pem"},
                                               {depth,10},
                                               {crl_check,false},
                                               {certfile,
                                                "certificate.pem"},
                                               {cacertfile,
                                                "ca_certificate.pem"},
                                               {fail_if_no_peer_cert,false},
                                               {verify,verify_peer}]}]
```
@lukebakken lukebakken self-assigned this Dec 23, 2025
@michaelklishin michaelklishin added this to the 4.3.0 milestone Dec 23, 2025
@michaelklishin michaelklishin merged commit 20ed2a6 into rabbitmq:main Dec 23, 2025
289 checks passed
@lukebakken lukebakken deleted the rabbitmq-server-11344-wildcard-followup branch December 24, 2025 00:15
@lukebakken
Copy link
Collaborator Author

lukebakken commented Dec 24, 2025

Thanks @michaelklishin !

michaelklishin added a commit that referenced this pull request Dec 24, 2025
@michaelklishin
Merge pull request #15185 from rabbitmq/mergify/bp/v4.2.x/pr-15184
b1ca0b5 
Correctly add `customize_hostname_check` to `ssl` options (backport #15184)
michaelklishin added a commit that referenced this pull request Dec 24, 2025
@michaelklishin
Merge pull request #15185 from rabbitmq/mergify/bp/v4.2.x/pr-15184
93ad442 
Correctly add `customize_hostname_check` to `ssl` options (backport #15184)

(cherry picked from commit b1ca0b5)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@MarcialRosales MarcialRosales Awaiting requested review from MarcialRosales

@michaelklishin michaelklishin Awaiting requested review from michaelklishin

@the-mikedavis the-mikedavis Awaiting requested review from the-mikedavis

Assignees

@lukebakken lukebakken

Labels

backport-v4.2.x

Projects

None yet

Milestone

4.3.0

Development

Successfully merging this pull request may close these issues.

2 participants

@lukebakken @michaelklishin