[SOLVED] Getting TLS working with the quarkus reactive messaging rabbitmq connector

Getting TLS working with the quarkus reactive messaging rabbitmq connector

I'm trying to get a working TLS connection using the reactive messaging connector for rabbitmq.

In testing, I can't figure out the correct properties to set in the application.properties file. I currently have something like:

quarkus.tls.rmq.trust-store.p12.path=certs/truststore.p12
quarkus.tls.rmq.trust-store.p12.password=XXXXXXXXXXX

and

mp.messaging.outgoing.requests.tls-configuration-name=rmq
mp.messaging.outgoing.requests.connector=smallrye-rabbitmq
mp.messaging.outgoing.requests.exchange.name=requests
mp.messaging.outgoing.requests.exchange.declare=false

When I run the app, i get:

2025-03-31 09:41:01,761 INFO  [io.ver.rab.imp.RabbitMQClientImpl] (vert.x-eventloop-thread-3) Attempting to reconnect to rabbitmq...
     2025-03-31 09:41:11,777 ERROR [com.rab.cli.imp.SocketFrameHandler] (vert.x-worker-thread-1) TLS connection failed: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
2025-03-31 09:41:11,778 ERROR [io.ver.rab.imp.RabbitMQClientImpl] (vert.x-worker-thread-1) Could not connect to rabbitmq: java.net.ConnectException: Connection refused
        at java.base/sun.nio.ch.Net.pollConnect(Native Method)
        at java.base/sun.nio.ch.Net.pollConnectNow(Net.java:682)
 ...

and on the rabbitmq server:

rabbitmq-1  | 2025-03-31 13:12:12.361085+00:00 [notice] <0.934.0> TLS server: In state wait_finished received CLIENT ALERT: Fatal - Certificate Unknown

If I manually set the javax.net.SSL properties

-Djavax.net.ssl.trustStore=$HOME/test/rabbitmq/rabbitmq-tls/certs/truststore.p12 -Djavax.net.ssl.trustStorePassword=XXXXXXXXXXX

it connects and works. At this point, I feel like I can't see the forest for the trees 😭. I'm hoping someone can help point out where i'm going wrong.

Thanks.

Solution

This is/was a bug. see https://github.com/quarkusio/quarkus/issues/47098. It has been fixed and released in https://github.com/quarkusio/quarkus/releases/tag/3.21.1

If you can't upgrade, a workaround exists. add the following to the application.properties file:

quarkus.arc.unremovable-types=io.quarkus.smallrye.reactivemessaging.rabbitmq.runtime.RabbitmqClientConfigCustomizer
quarkus.index-dependency.rabbitmq.group-id=io.quarkus
quarkus.index-dependency.rabbitmq.artifact-id=quarkus-messaging-rabbitmq

Thanks to ozangunalp and cescoffier for providing the answer.