[rabbitmq-discuss] rabbitmq_auth_mechanism_ssl limitations
simon at rabbitmq.com
Tue Jul 12 16:42:38 BST 2011
On 12/07/11 16:33, Massimo Paladin wrote:
> Will this take part of the next release?
I doubt it, nothing has been done.
This is something Matthias and I have been arguing about for ages. I
suspect that even though just RFC 4514-serialising the DN and doing
string matching is completely wrong in theory, in practice it would be
what a decent number of users would want. Matthias thinks that it will
lead into a tarpit of bugs around DN equivalence. And I have to admit
that he has much more real world experience dealing with stupid SSL /
x509 behaviour than I do!
But neither of us really know. Hearing from people like you who want
this would be helpful:
* If you have many CAs, is that just a bunch of internal sysadmins
running Openssl or real-world CAs?
* If you had to update usernames when a user had a new certificate and
the DN format changed for some daft reason, how big a deal would that be?
More information about the rabbitmq-discuss