[rabbitmq-discuss] rabbitmq_auth_mechanism_ssl limitations
simon at rabbitmq.com
Tue Jul 5 14:18:18 BST 2011
On 05/07/11 14:01, Massimo Paladin wrote:
> This looks like limiting to certificates with only one and unique CN. Am
> I wrong?
Yes, that's correct.
A future enhancement could be to allow rabbitmq_auth_mechanism_ssl to
use the DN instead - after all, that's really what it's for.
However, the (substantial) speedbump here is that RabbitMQ requires each
user to have a user name, and each user name to be a string (I really
wouldn't want to change that, implications would be far-reaching). But a
DN isn't a string, it's an ASN.1 mess. And while there are a bunch of
ways to convert that to a string, there's no good *canonical* way of
doing it that I'm aware of.
But I'm not a great expert in x509 / ASN.1. I don't know if you are or
not :) but what would you do?
More information about the rabbitmq-discuss