[rabbitmq-discuss] Broker accepts self-signed client certificate in verify_peer mode
jiri at krutil.com
jiri at krutil.com
Wed Aug 11 07:41:06 BST 2010
Hi
Could anyone help with this issue please?
Any tips or experince would be greatly appreciated.
Many thanks
Jiri
> When experimenting with SSL connections to RabbitMQ, I came across a
> very strange thing.
>
> The RabbitMQ server is configured to require a client certificate
> and verify the chain of trust (see rabbitmq.config below). I'm using
> my own CA that has a self-signed certificate. This is the only
> trusted root CA certificate I'm using.
>
> RabbitMQ correctly accepts client certificates signed by my CA. But
> it also accepts self-signed client certificates, which I think is
> incorrect. I believe a self-signed client certificate should be
> rejected because there is no chain of trust to the root CA
> certificate.
>
> I did not find anything helpful in the RabbitMQ logs. Am I doing
> something wrong?
>
> I'm using RabbitMQ server 1.8.1, Erlang R13B03 and new_ssl 3.10.7.
More information about the rabbitmq-discuss
mailing list