[rabbitmq-discuss] Broker accepts self-signed client certificate in verify_peer mode

Matthew Sackman matthew at rabbitmq.com
Wed Aug 11 18:07:38 BST 2010


On Wed, Aug 11, 2010 at 07:04:31PM +0200, jiri at krutil.com wrote:
> I also believe that the default behaviour should be to reject client
> certs signed by an untrusted CA. I found the current functionality
> quite surprising and potentially dangerous.

Yes. I assure you this was not the behaviour of Erlang when I wrote the
SSL guide. Unfortunately, a fix is not going to happen in time for the
next release, but we're going to chase the Erlang SSL module authors to
see if there's any reason for this behaviour, and I hope will change it
either in their code or ours. I agree with you that with verify_peer on,
the broker *must not* blindly trust *any* certs without being able to
establish a chain of trust to the presented cert.

Matthew


More information about the rabbitmq-discuss mailing list