Client connections to RabbitMQ do not verify the server's certificate or hostname

[mdrozdo]

Originally reported under the sensu repo. You can see sensu/sensu#1310 for details.

The callback functionality in eventmachine for verifying the certificate (it's not done automatically) isn't being used by ruby-amqp, so client connections to RabbitMQ do not verify the server's certificate or hostname.

We've verified that when running the client on Windows, any server certificate is automatically accepted without verifying the CA.

[michaelklishin]

This client has been out of development for years. Sensu really should switch to Bunny.

Assuming that EventMachine peer verification isn't too different from what most TLS implementations do it should be easy to add.