[rabbitmq-discuss] ssl certificate to client lookup
natester at gmail.com
Mon Jun 28 19:47:13 BST 2010
On Mon, Jun 28, 2010 at 9:56 AM, Matthias Radestock
<matthias at rabbitmq.com> wrote:
> Lionel Cons wrote:
>> Matthew Sackman <matthew at rabbitmq.com> writes:
>>> On Thu, Jun 24, 2010 at 03:13:20PM -0600, Nathaniel Haggard wrote:
>>>> It would be nice if rabbitmq set a header in messages with some
>>>> metadata from the x509 certificate used to establish the ssl
>>> Err, why?
>> FWIW, we currently rely on this functionality: we use X.509 for
>> authetication and we need to track down who sent a given message
>> (think JMSXUserID as per http://activemq.apache.org/jmsxuserid.html).
> Couldn't you simply get the sender to sign the message and the recipient to
> verify the signature? That requires the recipients to know the public keys
> of the senders, but I suspect in most systems where recipients care about
> the sender identity that would not be hard to arrange.
For my use case I could do that, but RabbitMQ is already verifying
client certificates. RabbitMQ is already verifying client
We plan to have thousands of clients connecting to RabbitMQ each with
a different certificate and the same username. Someone on this list
didn't recommend managing that many users.
Ideally Rabbit would pass along CNAME from a producer and the consumer
would verify CNAME is good.
(Sorry if you got this twice Matthias)
More information about the rabbitmq-discuss