[rabbitmq-discuss] Broker accepts self-signed client certificate in verify_peer mode
Emile Joubert
emile at rabbitmq.com
Thu Aug 12 10:02:08 BST 2010
Hi Jiri,
On 12/08/10 07:31, jiri at krutil.com wrote:
>> Yes. I assure you this was not the behaviour of Erlang when I wrote the
>> SSL guide. Unfortunately, a fix is not going to happen in time for the
>> next release, but we're going to chase the Erlang SSL module authors to
>> see if there's any reason for this behaviour, and I hope will change it
>> either in their code or ours. I agree with you that with verify_peer on,
>> the broker *must not* blindly trust *any* certs without being able to
>> establish a chain of trust to the presented cert.
>
> Hi Matthew,
>
> thanks for clarifying this.
>
> Do you have a publicly accessible bug tracking system where we could
> follow this issue and see when is it resolved?
We don't have a public bug tracker, but I have started a conversation on
the erlang-questions mailing list which you can follow. Development
effort that follows from that (if any) will take place on a branch of
the rabbitmq-server mercurial repository named 'bug23017'.
Regards
Emile
More information about the rabbitmq-discuss
mailing list