diff options
author | Emile Joubert <emile@rabbitmq.com> | 2013-01-23 16:19:50 +0000 |
---|---|---|
committer | Emile Joubert <emile@rabbitmq.com> | 2013-01-23 16:19:50 +0000 |
commit | 148232580f69c6436aada5644111f8fc2bdf0fe8 (patch) | |
tree | 2c41c42ed65c8a2edf788fa5e81d2f489e34d5d0 | |
parent | e65f518701cbd41ccfeb00691694eac92a902c1f (diff) | |
download | rabbitmq-server-148232580f69c6436aada5644111f8fc2bdf0fe8.tar.gz |
Reject AMQP 1.0 TLS requests specifically
-rw-r--r-- | src/rabbit_reader.erl | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/src/rabbit_reader.erl b/src/rabbit_reader.erl index ae832749..39affb17 100644 --- a/src/rabbit_reader.erl +++ b/src/rabbit_reader.erl @@ -699,10 +699,13 @@ handle_input(handshake, <<"AMQP", 1, 1, 9, 1>>, State) -> start_connection({8, 0, 0}, rabbit_framing_amqp_0_8, State); %% ... and finally, the 1.0 spec is crystal clear! Note that the -%% TLS uses a different protocol number, and would go here. handle_input(handshake, <<"AMQP", 0, 1, 0, 0>>, State) -> become_1_0(amqp, {0, 1, 0, 0}, State); +%% 2 stands for TLS +handle_input(handshake, <<"AMQP", 2, 1, 0, 0>>, #v1{sock = Sock}) -> + refuse_1_0_connection(Sock, tls_request_refused); + %% 3 stands for "SASL" handle_input(handshake, <<"AMQP", 3, 1, 0, 0>>, State) -> become_1_0(sasl, {3, 1, 0, 0}, State); @@ -740,6 +743,10 @@ refuse_connection(Sock, Exception) -> ok = inet_op(fun () -> rabbit_net:send(Sock, <<"AMQP",0,0,9,1>>) end), throw(Exception). +refuse_1_0_connection(Sock, Exception) -> + ok = inet_op(fun () -> rabbit_net:send(Sock, <<"AMQP",0,1,0,0>>) end), + throw(Exception). + ensure_stats_timer(State = #v1{connection_state = running}) -> rabbit_event:ensure_stats_timer(State, #v1.stats_timer, emit_stats); ensure_stats_timer(State) -> |