[rabbitmq-discuss] X.509 client authentication
Matthias Radestock
matthias at rabbitmq.com
Mon Jan 10 11:02:39 GMT 2011
On 10/01/11 10:35, Simon MacMullen wrote:
> I think the Java format is RFC 4514, which is more of a standard. What
> 'openssl x509 -subject' gives back isn't documented anywhere that I can
> see.
The openssl "-nameopt RFC2253" option produces standards-compliant output.
See http://www.lshift.net/blog/2007/10/30/whats-in-a-distinguished-name
for a nice little primer on DNs and DN equivalence.
> So we'd want to answer questions like:
>
> * Since matching for some types of RDNs is case insensitive, should we
> covert these to lower case, upper case or what?
>
> * Since there are multiple ways to escape, which is canonical?
+ how to deal with multi-valued RDNs.
Matthias.
More information about the rabbitmq-discuss
mailing list