[rabbitmq-discuss] ssl certificate to client lookup
Nathaniel Haggard
natester at gmail.com
Tue Jun 29 18:07:27 BST 2010
On Mon, Jun 28, 2010 at 11:46 PM, Lionel Cons <lionel.cons at cern.ch> wrote:
> Matthias Radestock writes:
> > Couldn't you simply get the sender to sign the message and the recipient
> > to verify the signature?
>
> This would work in the cases where we control the clients.
> Unfortunately, this is not always the case.
>
> In case something bad happens (invalid message, too many messages...),
> we want to know who sent the offending messages.
So do we.
If rabbitmqctl list_connections showed the ssl common name in
client_properties then we could find the queue by joining
list_connections output with list_queues output on pid and owner_pid
respectively. If we found a misbehaving client we would revoke its
certificate; though, CRL was not supported as of last year
http://lists.rabbitmq.com/pipermail/rabbitmq-discuss/2009-July/004187.html.
Is it now?
Matt,
Is client_properties where you plan to put the ssl information?
-Nate
More information about the rabbitmq-discuss
mailing list