[rabbitmq-discuss] rabbitmq_auth_mechanism_ssl limitations

Simon MacMullen simon at rabbitmq.com
Tue Jul 5 14:18:18 BST 2011


On 05/07/11 14:01, Massimo Paladin wrote:
> This looks like limiting to certificates with only one and unique CN. Am
> I wrong?

Yes, that's correct.

A future enhancement could be to allow rabbitmq_auth_mechanism_ssl to 
use the DN instead - after all, that's really what it's for.

However, the (substantial) speedbump here is that RabbitMQ requires each 
user to have a user name, and each user name to be a string (I really 
wouldn't want to change that, implications would be far-reaching). But a 
DN isn't a string, it's an ASN.1 mess. And while there are a bunch of 
ways to convert that to a string, there's no good *canonical* way of 
doing it that I'm aware of.

But I'm not a great expert in x509 / ASN.1. I don't know if you are or 
not :) but what would you do?

Cheers, Simon

-- 
Simon MacMullen
RabbitMQ, VMware


More information about the rabbitmq-discuss mailing list