bunny 1.7.0 → 2.17.0

data/lib/bunny/test_kit.rb

@@ -1,9 +1,23 @@
 # -*- coding: utf-8 -*-
+
+require "timeout"
+
 module Bunny
   # Unit, integration and stress testing toolkit
   class TestKit
     class << self
 
+      def poll_while(timeout = 60, &probe)
+        Timeout.timeout(timeout) {
+          sleep 0.1 while probe.call
+        }
+      end
+      def poll_until(timeout = 60, &probe)
+        Timeout.timeout(timeout) {
+          sleep 0.1 until probe.call
+        }
+      end
+
       # @return [Integer] Random integer in the range of [a, b]
       # @api private
       def random_in_range(a, b)

data/lib/bunny/timeout.rb

@@ -1,16 +1,5 @@
 module Bunny
-  # Unifies Ruby standard library's Timeout (which is not accurate on
-  # Ruby 1.8) and SystemTimer (the gem)
-  Timeout = if RUBY_VERSION < "1.9"
-              begin
-                require "bunny/system_timer"
-                Bunny::SystemTimer
-              rescue LoadError
-                Timeout
-              end
-            else
-              Timeout
-            end
+  Timeout = ::Timeout
 
   # Backwards compatibility
   # @private

data/lib/bunny/transport.rb

@@ -4,7 +4,7 @@ require "monitor"
 
 begin
   require "openssl"
-rescue LoadError => le
+rescue LoadError => _le
   $stderr.puts "Could not load OpenSSL"
 end
 
@@ -20,19 +20,22 @@ module Bunny
     #
 
     # Default TCP connection timeout
-    DEFAULT_CONNECTION_TIMEOUT = 25.0
+    DEFAULT_CONNECTION_TIMEOUT = 30.0
 
-    DEFAULT_READ_TIMEOUT  = 5.0
-    DEFAULT_WRITE_TIMEOUT = 5.0
+    DEFAULT_READ_TIMEOUT  = 30.0
+    DEFAULT_WRITE_TIMEOUT = 30.0
 
     attr_reader :session, :host, :port, :socket, :connect_timeout, :read_timeout, :write_timeout, :disconnect_timeout
-    attr_reader :tls_context
+    attr_reader :tls_context, :verify_peer, :tls_ca_certificates, :tls_certificate_path, :tls_key_path
 
-    attr_writer :read_timeout
+    def read_timeout=(v)
+      @read_timeout = v
+      @read_timeout = nil if @read_timeout == 0
+    end
 
     def initialize(session, host, port, opts)
       @session        = session
-      @session_thread = opts[:session_thread]
+      @session_error_handler = opts[:session_error_handler]
       @host    = host
       @port    = port
       @opts    = opts
@@ -54,6 +57,8 @@ module Bunny
 
       @writes_mutex       = @session.mutex_impl.new
 
+      @socket = nil
+
       prepare_tls_context(opts) if @tls_enabled
     end
 
@@ -77,10 +82,29 @@ module Bunny
 
 
     def connect
-      if uses_ssl?
-        @socket.connect
-        if uses_tls? && @verify_peer
-          @socket.post_connection_check(host)
+      if uses_tls?
+        begin
+          @socket.connect
+        rescue OpenSSL::SSL::SSLError => e
+          @logger.error { "TLS connection failed: #{e.message}" }
+          raise e
+        end
+
+        log_peer_certificate_info(Logger::DEBUG, @socket.peer_cert)
+        log_peer_certificate_chain_info(Logger::DEBUG, @socket.peer_cert_chain)
+
+        begin
+          @socket.post_connection_check(host) if @verify_peer
+        rescue OpenSSL::SSL::SSLError => e
+          @logger.error do
+            msg = "Peer verification of target server failed: #{e.message}. "
+            msg += "Target hostname: #{hostname}, see peer certificate chain details below."
+            msg
+          end
+          log_peer_certificate_info(Logger::ERROR, @socket.peer_cert)
+          log_peer_certificate_chain_info(Logger::ERROR, @socket.peer_cert_chain)
+
+          raise e
         end
 
         @status = :connected
@@ -92,7 +116,7 @@ module Bunny
     end
 
     def connected?
-      :not_connected == @status && open?
+      :connected == @status && open?
     end
 
     def configure_socket(&block)
@@ -122,7 +146,7 @@ module Bunny
           if @session.automatically_recover?
             @session.handle_network_failure(e)
           else
-            @session_thread.raise(Bunny::NetworkFailure.new("detected a network failure: #{e.message}", e))
+            @session_error_handler.raise(Bunny::NetworkFailure.new("detected a network failure: #{e.message}", e))
           end
         end
       end
@@ -146,24 +170,25 @@ module Bunny
           if @session.automatically_recover?
             @session.handle_network_failure(e)
           else
-            @session_thread.raise(Bunny::NetworkFailure.new("detected a network failure: #{e.message}", e))
+            @session_error_handler.raise(Bunny::NetworkFailure.new("detected a network failure: #{e.message}", e))
           end
         end
       end
     end
 
     # Writes data to the socket without timeout checks
-    def write_without_timeout(data)
+    def write_without_timeout(data, raise_exceptions = false)
       begin
         @writes_mutex.synchronize { @socket.write(data) }
         @socket.flush
       rescue SystemCallError, Bunny::ConnectionError, IOError => e
         close
+        raise e if raise_exceptions
 
         if @session.automatically_recover?
           @session.handle_network_failure(e)
         else
-          @session_thread.raise(Bunny::NetworkFailure.new("detected a network failure: #{e.message}", e))
+          @session_error_handler.raise(Bunny::NetworkFailure.new("detected a network failure: #{e.message}", e))
         end
       end
     end
@@ -218,9 +243,9 @@ module Bunny
         @status = :not_connected
 
         if @session.automatically_recover?
-          @session.handle_network_failure(e)
+          raise
         else
-          @session_thread.raise(Bunny::NetworkFailure.new("detected a network failure: #{e.message}", e))
+          @session_error_handler.raise(Bunny::NetworkFailure.new("detected a network failure: #{e.message}", e))
         end
       end
     end
@@ -233,17 +258,13 @@ module Bunny
     # Exposed primarily for Bunny::Channel
     # @private
     def read_next_frame(opts = {})
-      header    = read_fully(7)
-      # TODO: network issues here will sometimes cause
-      #       the socket method return an empty string. We need to log
-      #       and handle this better.
-      # type, channel, size = begin
-      #                         AMQ::Protocol::Frame.decode_header(header)
-      #                       rescue AMQ::Protocol::EmptyResponseError => e
-      #                         puts "Got AMQ::Protocol::EmptyResponseError, header is #{header.inspect}"
-      #                       end
+      header              = read_fully(7)
       type, channel, size = AMQ::Protocol::Frame.decode_header(header)
-      payload   = read_fully(size)
+      payload             = if size > 0
+                              read_fully(size)
+                            else
+                              ''
+                            end
       frame_end = read_fully(1)
 
       # 1) the size is miscalculated
@@ -263,7 +284,7 @@ module Bunny
           :connect_timeout => timeout)
 
         true
-      rescue SocketError, Timeout::Error => e
+      rescue SocketError, Timeout::Error => _e
         false
       ensure
         s.close if s
@@ -292,7 +313,7 @@ module Bunny
     end
 
     def post_initialize_socket
-      @socket = if uses_tls?
+      @socket = if uses_tls? and !@socket.is_a?(Bunny::SSLSocketImpl)
                   wrap_in_tls_socket(@socket)
                 else
                   @socket
@@ -302,23 +323,27 @@ module Bunny
     protected
 
     def tls_enabled?(opts)
-      return opts[:tls] unless opts[:tls].nil?
-      return opts[:ssl] unless opts[:ssl].nil?
+      return !!opts[:tls] unless opts[:tls].nil?
+      return !!opts[:ssl] unless opts[:ssl].nil?
       (opts[:port] == AMQ::Protocol::TLS_PORT) || false
     end
 
+    def tls_ca_certificates_paths_from(opts)
+      Array(opts[:cacertfile] || opts[:tls_ca_certificates] || opts[:ssl_ca_certificates])
+    end
+
     def tls_certificate_path_from(opts)
-      opts[:tls_cert] || opts[:ssl_cert] || opts[:tls_cert_path] || opts[:ssl_cert_path] || opts[:tls_certificate_path] || opts[:ssl_certificate_path]
+      opts[:certfile] || opts[:tls_cert] || opts[:ssl_cert] || opts[:tls_cert_path] || opts[:ssl_cert_path] || opts[:tls_certificate_path] || opts[:ssl_certificate_path]
     end
 
     def tls_key_path_from(opts)
-      opts[:tls_key] || opts[:ssl_key] || opts[:tls_key_path] || opts[:ssl_key_path]
+      opts[:keyfile] || opts[:tls_key] || opts[:ssl_key] || opts[:tls_key_path] || opts[:ssl_key_path]
     end
 
     def tls_certificate_from(opts)
       begin
         read_client_certificate!
-      rescue MissingTLSCertificateFile => e
+      rescue MissingTLSCertificateFile => _e
         inline_client_certificate_from(opts)
       end
     end
@@ -326,11 +351,34 @@ module Bunny
     def tls_key_from(opts)
       begin
         read_client_key!
-      rescue MissingTLSKeyFile => e
+      rescue MissingTLSKeyFile => _e
         inline_client_key_from(opts)
       end
     end
 
+    def peer_certificate_info(peer_cert, prefix = "Peer's leaf certificate")
+      exts = peer_cert.extensions.map { |x| x.value }
+      # Subject Alternative Names
+      sans = exts.select { |s| s =~ /^DNS/ }.map { |s| s.gsub(/^DNS:/, "") }
+
+      msg = "#{prefix} subject: #{peer_cert.subject}, "
+      msg += "subject alternative names: #{sans.join(', ')}, "
+      msg += "issuer: #{peer_cert.issuer}, "
+      msg += "not valid after: #{peer_cert.not_after}, "
+      msg += "X.509 usage extensions: #{exts.join(', ')}"
+
+      msg
+    end
+
+    def log_peer_certificate_info(severity, peer_cert, prefix = "Peer's leaf certificate")
+      @logger.add(severity) { peer_certificate_info(peer_cert, prefix) }
+    end
+
+    def log_peer_certificate_chain_info(severity, chain)
+      chain.each do |cert|
+        self.log_peer_certificate_info(severity, cert, "Peer's certificate chain entry")
+      end
+    end
 
     def inline_client_certificate_from(opts)
       opts[:tls_certificate] || opts[:ssl_cert_string] || opts[:tls_cert]
@@ -341,7 +389,7 @@ module Bunny
     end
 
     def prepare_tls_context(opts)
-      if (opts[:verify_ssl] || opts[:verify_peer]).nil?
+      if opts.values_at(:verify_ssl, :verify_peer, :verify).all?(&:nil?)
         opts[:verify_peer] = true
       end
 
@@ -353,17 +401,32 @@ module Bunny
       @tls_key               = tls_key_from(opts)
       @tls_certificate_store = opts[:tls_certificate_store]
 
-      @tls_ca_certificates   = opts.fetch(:tls_ca_certificates, default_tls_certificates)
-      @verify_peer           = (opts[:verify_ssl] || opts[:verify_peer])
+      @verify_peer           = as_boolean(opts[:verify_ssl] || opts[:verify_peer] || opts[:verify])
 
       @tls_context = initialize_tls_context(OpenSSL::SSL::SSLContext.new, opts)
     end
 
+    def as_boolean(val)
+      case val
+      when true    then true
+      when false   then false
+      when "true"  then true
+      when "false" then false
+      else
+        !!val
+      end
+    end
+
     def wrap_in_tls_socket(socket)
       raise ArgumentError, "cannot wrap nil into TLS socket, @tls_context is nil. This is a Bunny bug." unless socket
       raise "cannot wrap a socket into TLS socket, @tls_context is nil. This is a Bunny bug." unless @tls_context
 
       s = Bunny::SSLSocketImpl.new(socket, @tls_context)
+
+      # always set the SNI server name if possible since RFC 3546 and RFC 6066 both state
+      # that TLS clients supporting the extensions can talk to TLS servers that do not
+      s.hostname = @host if s.respond_to?(:hostname)
+
       s.sync_close = true
       s
     end
@@ -396,13 +459,15 @@ module Bunny
       ctx.cert_store = if @tls_certificate_store
                          @tls_certificate_store
                        else
+                         # this ivar exists so that this value can be exposed in the API
+                         @tls_ca_certificates = tls_ca_certificates_paths_from(opts)
                          initialize_tls_certificate_store(@tls_ca_certificates)
                        end
 
       if !@tls_certificate
         @logger.warn <<-MSG
-Using TLS but no client certificate is provided! If RabbitMQ is configured to verify peer
-certificate, connection upgrade will fail!
+Using TLS but no client certificate is provided. If RabbitMQ is configured to require & verify peer
+certificate, connection will be rejected. Learn more at https://www.rabbitmq.com/ssl.html
         MSG
       end
       if @tls_certificate && !@tls_key
@@ -414,12 +479,13 @@ certificate, connection upgrade will fail!
       else
         OpenSSL::SSL::VERIFY_NONE
       end
+      @logger.debug { "Will use peer verification mode #{verify_mode}" }
       ctx.verify_mode = verify_mode
 
       if !@verify_peer
         @logger.warn <<-MSG
 Using TLS but peer hostname verification is disabled. This is convenient for local development
-but prone man-in-the-middle attacks. Please set :verify_peer => true in production!
+but prone to man-in-the-middle attacks. Please set verify_peer: true in production. Learn more at https://www.rabbitmq.com/ssl.html
         MSG
       end
 
@@ -429,41 +495,22 @@ but prone man-in-the-middle attacks. Please set :verify_peer => true in producti
       ctx
     end
 
-    def default_tls_certificates
-      if defined?(JRUBY_VERSION)
-        # see https://github.com/jruby/jruby/issues/1055. MK.
-        []
-      else
-        default_ca_file = ENV[OpenSSL::X509::DEFAULT_CERT_FILE_ENV] || OpenSSL::X509::DEFAULT_CERT_FILE
-        default_ca_path = ENV[OpenSSL::X509::DEFAULT_CERT_DIR_ENV] || OpenSSL::X509::DEFAULT_CERT_DIR
-
-        [
-          default_ca_file,
-          File.join(default_ca_path, 'ca-certificates.crt'), # Ubuntu/Debian
-          File.join(default_ca_path, 'ca-bundle.crt'),       # Amazon Linux & Fedora/RHEL
-          File.join(default_ca_path, 'ca-bundle.pem')        # OpenSUSE
-          ].uniq
-      end
-    end
-
     def initialize_tls_certificate_store(certs)
       cert_files = []
       cert_inlines = []
       certs.each do |cert|
-        # if it starts with / then it's a file path that may or may not
-        # exists (e.g. a default OpenSSL path). MK.
-        if File.readable?(cert) || cert =~ /^\//
+        # if it starts with / or C:/ then it's a file path that may or may not
+        # exist (e.g. a default OpenSSL path). MK.
+        if File.readable?(cert) || cert =~ /^([a-z]:?)?\//i
           cert_files.push(cert)
         else
           cert_inlines.push(cert)
         end
       end
-      @logger.debug "Using CA certificates at #{cert_files.join(', ')}"
-      @logger.debug "Using #{cert_inlines.count} inline CA certificates"
-      if certs.empty?
-        @logger.error "No CA certificates found, add one with :tls_ca_certificates"
-      end
+      @logger.debug { "Using CA certificates at #{cert_files.join(', ')}" }
+      @logger.debug { "Using #{cert_inlines.count} inline CA certificates" }
       OpenSSL::X509::Store.new.tap do |store|
+        store.set_default_paths
         cert_files.select { |path| File.readable?(path) }.
           each { |path| store.add_file(path) }
         cert_inlines.

data/lib/bunny/version.rb

@@ -2,5 +2,5 @@
 
 module Bunny
   # @return [String] Version of the library
-  VERSION = "1.7.0"
+  VERSION = "2.17.0"
 end

data/repl

@@ -1,3 +1,3 @@
 #!/bin/sh
 
-bundle exec irb -Ilib -r'bunny'
+bundle exec ruby `which ripl` -Ilib -r'bunny' -r'ripl/multi_line' -r'ripl/irb'

data/spec/config/rabbitmq.conf

@@ -0,0 +1,13 @@
+listeners.tcp.1 = 0.0.0.0:5672
+
+listeners.ssl.default = 5671
+
+# mounted by docker-compose
+ssl_options.cacertfile = /spec/tls/ca_certificate.pem
+ssl_options.certfile   = /spec/tls/server_certificate.pem
+ssl_options.keyfile    = /spec/tls/server_key.pem
+
+ssl_options.verify               = verify_none
+ssl_options.fail_if_no_peer_cert = false
+
+loopback_users = none

data/spec/higher_level_api/integration/basic_ack_spec.rb

@@ -2,7 +2,7 @@ require "spec_helper"
 
 describe Bunny::Channel, "#ack" do
   let(:connection) do
-    c = Bunny.new(:user => "bunny_gem", :password => "bunny_password", :vhost => "bunny_testbed")
+    c = Bunny.new(username: "bunny_gem", password: "bunny_password", vhost: "bunny_testbed")
     c.start
     c
   end
@@ -14,50 +14,98 @@ describe Bunny::Channel, "#ack" do
   context "with a valid (known) delivery tag" do
     it "acknowledges a message" do
       ch = connection.create_channel
-      q  = ch.queue("bunny.basic.ack.manual-acks", :exclusive => true)
+      q  = ch.queue("bunny.basic.ack.manual-acks", exclusive: true)
       x  = ch.default_exchange
 
-      x.publish("bunneth", :routing_key => q.name)
+      x.publish("bunneth", routing_key: q.name)
       sleep 0.5
-      q.message_count.should == 1
-      delivery_details, properties, content = q.pop(:manual_ack => true)
+      expect(q.message_count).to eq 1
+      delivery_details, properties, content = q.pop(manual_ack: true)
 
       ch.ack(delivery_details.delivery_tag, true)
-      q.message_count.should == 0
+      ch.close
+
+      ch = connection.create_channel
+      q  = ch.queue("bunny.basic.ack.manual-acks", exclusive: true)
+      expect(q.message_count).to eq 0
+      ch.close
+    end
+  end
+
+  context "with a valid (known) delivery tag (multiple = true)" do
+    it "acknowledges a message" do
+      ch = connection.create_channel
+      q  = ch.queue("bunny.basic.ack.manual-acks", exclusive: true)
+      x  = ch.default_exchange
 
+      x.publish("bunneth", routing_key: q.name)
+      x.publish("bunneth", routing_key: q.name)
+      sleep 0.5
+      expect(q.message_count).to eq 2
+      delivery_details_1, _properties, _content = q.pop(manual_ack: true)
+      delivery_details_2, _properties, _content = q.pop(manual_ack: true)
+
+      ch.ack(delivery_details_2.delivery_tag, true)
+      ch.close
+
+      ch = connection.create_channel
+      q  = ch.queue("bunny.basic.ack.manual-acks", exclusive: true)
+      expect(q.message_count).to eq 0
       ch.close
     end
   end
 
+  context "with a valid (known) delivery tag (multiple = false)" do
+    it "acknowledges a message" do
+      ch = connection.create_channel
+      q  = ch.queue("bunny.basic.ack.manual-acks", exclusive: true)
+      x  = ch.default_exchange
+
+      x.publish("bunneth", routing_key: q.name)
+      x.publish("bunneth", routing_key: q.name)
+      sleep 0.5
+      expect(q.message_count).to eq 2
+      delivery_details_1, _properties, _content = q.pop(manual_ack: true)
+      delivery_details_2, _properties, _content = q.pop(manual_ack: true)
+
+      ch.ack(delivery_details_2.delivery_tag, false)
+      ch.close
+
+      ch = connection.create_channel
+      q  = ch.queue("bunny.basic.ack.manual-acks", exclusive: true)
+      expect(q.message_count).to eq 1
+      ch.close
+    end
+  end
 
   context "with a valid (known) delivery tag and automatic ack mode" do
     it "results in a channel exception" do
       ch = connection.create_channel
-      q  = ch.queue("bunny.basic.ack.manual-acks", :exclusive => true)
+      q  = ch.queue("bunny.basic.ack.manual-acks", exclusive: true)
       x  = ch.default_exchange
 
-      q.subscribe(:manual_ack => false) do |delivery_info, properties, payload|
+      q.subscribe(manual_ack: false) do |delivery_info, properties, payload|
         ch.ack(delivery_info.delivery_tag, false)
       end
 
-      x.publish("bunneth", :routing_key => q.name)
+      x.publish("bunneth", routing_key: q.name)
       sleep 0.5
-      lambda do
+      expect do
         q.message_count
-      end.should raise_error(Bunny::ChannelAlreadyClosed)
+      end.to raise_error(Bunny::ChannelAlreadyClosed)
     end
   end
 
   context "with an invalid (random) delivery tag" do
     it "causes a channel-level error" do
       ch = connection.create_channel
-      q  = ch.queue("bunny.basic.ack.unknown-delivery-tag", :exclusive => true)
+      q  = ch.queue("bunny.basic.ack.unknown-delivery-tag", exclusive: true)
       x  = ch.default_exchange
 
-      x.publish("bunneth", :routing_key => q.name)
+      x.publish("bunneth", routing_key: q.name)
       sleep 0.5
-      q.message_count.should == 1
-      _, _, content = q.pop(:manual_ack => true)
+      expect(q.message_count).to eq 1
+      _, _, content = q.pop(manual_ack: true)
 
       ch.on_error do |ch, channel_close|
         @channel_close = channel_close
@@ -65,33 +113,117 @@ describe Bunny::Channel, "#ack" do
       ch.ack(82, true)
       sleep 0.25
 
-      @channel_close.reply_code.should == AMQ::Protocol::PreconditionFailed::VALUE
+      expect(@channel_close.reply_code).to eq AMQ::Protocol::PreconditionFailed::VALUE
     end
   end
 
   context "with a valid (known) delivery tag" do
     it "gets a depricated message warning for using :ack" do
       ch = connection.create_channel
-      q  = ch.queue("bunny.basic.ack.manual-acks", :exclusive => true)
+      q  = ch.queue("bunny.basic.ack.manual-acks", exclusive: true)
       x  = ch.default_exchange
 
-      x.publish("bunneth", :routing_key => q.name)
+      x.publish("bunneth", routing_key: q.name)
       sleep 0.5
-      q.message_count.should == 1
+      expect(q.message_count).to eq 1
 
       orig_stderr = $stderr
       $stderr = StringIO.new
 
-      delivery_details, properties, content = q.pop(:ack => true)
+      delivery_details, properties, content = q.pop(ack: true)
 
       $stderr.rewind
-      $stderr.string.chomp.should eq("[DEPRECATION] `:ack` is deprecated.  Please use `:manual_ack` instead.\n[DEPRECATION] `:ack` is deprecated.  Please use `:manual_ack` instead.")
+      expect($stderr.string.chomp).to eq("[DEPRECATION] `:ack` is deprecated.  Please use `:manual_ack` instead.\n[DEPRECATION] `:ack` is deprecated.  Please use `:manual_ack` instead.")
 
       $stderr = orig_stderr
 
       ch.ack(delivery_details.delivery_tag, true)
-      q.message_count.should == 0
+      ch.close
+
+      ch = connection.create_channel
+      q  = ch.queue("bunny.basic.ack.manual-acks", exclusive: true)
+      expect(q.message_count).to eq 0
+      ch.close
+    end
+  end
+end
+
+describe Bunny::Channel, "#basic_ack" do
+  let(:connection) do
+    c = Bunny.new(username: "bunny_gem", password: "bunny_password", vhost: "bunny_testbed")
+    c.start
+    c
+  end
 
+  after :each do
+    connection.close if connection.open?
+  end
+
+  context "with a valid (known) delivery tag (multiple = true)" do
+    it "acknowledges a message" do
+      ch = connection.create_channel
+      q  = ch.queue("bunny.basic.ack.manual-acks", exclusive: true)
+      x  = ch.default_exchange
+
+      x.publish("bunneth", routing_key: q.name)
+      x.publish("bunneth", routing_key: q.name)
+      sleep 0.5
+      expect(q.message_count).to eq 2
+      delivery_details_1, _properties, _content = q.pop(manual_ack: true)
+      delivery_details_2, _properties, _content = q.pop(manual_ack: true)
+
+      ch.basic_ack(delivery_details_2.delivery_tag.to_i, true)
+      ch.close
+
+      ch = connection.create_channel
+      q  = ch.queue("bunny.basic.ack.manual-acks", exclusive: true)
+      expect(q.message_count).to eq 0
+      ch.close
+    end
+  end
+
+  context "with a valid (known) delivery tag (multiple = false)" do
+    it "acknowledges a message" do
+      ch = connection.create_channel
+      q  = ch.queue("bunny.basic.ack.manual-acks", exclusive: true)
+      x  = ch.default_exchange
+
+      x.publish("bunneth", routing_key: q.name)
+      x.publish("bunneth", routing_key: q.name)
+      sleep 0.5
+      expect(q.message_count).to eq 2
+      delivery_details_1, _properties, _content = q.pop(manual_ack: true)
+      delivery_details_2, _properties, _content = q.pop(manual_ack: true)
+
+      ch.basic_ack(delivery_details_2.delivery_tag.to_i, false)
+      ch.close
+
+      ch = connection.create_channel
+      q  = ch.queue("bunny.basic.ack.manual-acks", exclusive: true)
+      expect(q.message_count).to eq 1
+      ch.close
+    end
+  end
+
+  context "with a valid (known) delivery tag (multiple = default)" do
+    it "acknowledges a message" do
+      ch = connection.create_channel
+      q  = ch.queue("bunny.basic.ack.manual-acks", exclusive: true)
+      x  = ch.default_exchange
+
+      x.publish("bunneth", routing_key: q.name)
+      x.publish("bunneth", routing_key: q.name)
+      sleep 0.5
+      expect(q.message_count).to eq 2
+      delivery_details_1, _properties, _content = q.pop(manual_ack: true)
+      delivery_details_2, _properties, _content = q.pop(manual_ack: true)
+
+      ch.basic_ack(delivery_details_2.delivery_tag.to_i)
+      ch.close
+
+      ch = connection.create_channel
+      q  = ch.queue("bunny.basic.ack.manual-acks", exclusive: true)
+      expect(q.message_count).to eq 1
       ch.close
     end
   end