Allow setting ssl options
diff --git a/rabbitmq/files/rabbitmq.config b/rabbitmq/files/rabbitmq.config
index 5b0f74c..776fc04 100644
--- a/rabbitmq/files/rabbitmq.config
+++ b/rabbitmq/files/rabbitmq.config
@@ -22,13 +22,16 @@
{tcp_listeners, [{"{{ server.bind.address }}",{{ server.bind.port }}}]}
{%- if server.ssl is defined %},
{ssl_listeners, [5671]},
- {ssl_options, [{cacertfile,"/etc/rabbitmq/ssl/cacert.pem"},
- {certfile,"/etc/rabbitmq/ssl/cert.pem"},
- {keyfile,"/etc/rabbitmq/ssl/key.pem"},
- {verify, verify_none},
+ {ssl_options, [{cacertfile,"{{ ssl.get('ca_file', '/etc/rabbitmq/ssl/cacert.pem') }}"},
+ {certfile,"{{ ssl.get('cert_file', '/etc/rabbitmq/ssl/cert.pem') }}"},
+ {keyfile,"{{ ssl.get('key_file', '/etc/rabbitmq/ssl/key.pem') }}"},
+ {verify,verify_{{ server.ssl.get('verify', 'peer') }},
{fail_if_no_peer_cert,false}]
}
{% endif %}
]
}
].
+{#-
+vim: syntax=jinja
+#}