[rabbitmq-discuss] X.509 client authentication

Matthias Radestock matthias at rabbitmq.com
Mon Jan 10 11:02:39 GMT 2011

On 10/01/11 10:35, Simon MacMullen wrote:
> I think the Java format is RFC 4514, which is more of a standard. What
> 'openssl x509 -subject' gives back isn't documented anywhere that I can
> see.

The openssl "-nameopt RFC2253" option produces standards-compliant output.

See http://www.lshift.net/blog/2007/10/30/whats-in-a-distinguished-name 
for a nice little primer on DNs and DN equivalence.

> So we'd want to answer questions like:
> * Since matching for some types of RDNs is case insensitive, should we
> covert these to lower case, upper case or what?
> * Since there are multiple ways to escape, which is canonical?

+ how to deal with multi-valued RDNs.


More information about the rabbitmq-discuss mailing list