[rabbitmq-discuss] CRL support
Matthias Radestock
matthias at rabbitmq.com
Thu Aug 4 11:02:54 BST 2011
Andrea,
On 02/08/11 12:08, Andrea Rosa wrote:
> I implemented a client and server authentication but if a client send a
> revoked certificate the server accept the connection, I read that the
> CRL is not yet supported by the new_ssl Erlang module, but I need to
> manage also CRLs.
> Do someone else facing with the same problem?
> Have you experienced with some workaround to guarantee that a revoked
> certificate is not accepted by Rabbit?
As suggested in response to your question in erlang-questions, you can
define your own cert verification function with the verify_fun ssl
option and have that perform all the checks you need. The erlang ssl
docs (http://www.erlang.org/doc/man/ssl.html) for verify_fun describe
how that function should behave.
To hook your verification function into rabbit (nb: this is untested) ...
1) write an erlang module containing (and exporting) that function
2) In the rabbit/ssl_options section of the rabbitmq.config, add an
entry {verify_fun, {YourModuleName, YourFunctionName}}.
Regards,
Matthias.
More information about the rabbitmq-discuss
mailing list