[rabbitmq-discuss] rabbitmq_auth_mechanism_ssl limitations
Massimo.Paladin at cern.ch
Tue Jul 5 15:05:01 BST 2011
Looking at openssl there is an rfc which tells how to convert from asn.1 to
email: massimo.paladin at gmail.com
flickr's page: http://flickr.com/photos/massimop
On Tue, Jul 5, 2011 at 3:18 PM, Simon MacMullen <simon at rabbitmq.com> wrote:
> On 05/07/11 14:01, Massimo Paladin wrote:
>> This looks like limiting to certificates with only one and unique CN. Am
>> I wrong?
> Yes, that's correct.
> A future enhancement could be to allow rabbitmq_auth_mechanism_ssl to use
> the DN instead - after all, that's really what it's for.
> However, the (substantial) speedbump here is that RabbitMQ requires each
> user to have a user name, and each user name to be a string (I really
> wouldn't want to change that, implications would be far-reaching). But a DN
> isn't a string, it's an ASN.1 mess. And while there are a bunch of ways to
> convert that to a string, there's no good *canonical* way of doing it that
> I'm aware of.
> But I'm not a great expert in x509 / ASN.1. I don't know if you are or not
> :) but what would you do?
> Cheers, Simon
> Simon MacMullen
> RabbitMQ, VMware
> rabbitmq-discuss mailing list
> rabbitmq-discuss at lists.**rabbitmq.com<rabbitmq-discuss at lists.rabbitmq.com>
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the rabbitmq-discuss