[rabbitmq-discuss] rabbitmq_auth_mechanism_ssl limitations

Matthias Radestock matthias at rabbitmq.com
Wed Jul 13 09:43:54 BST 2011


Massimo,

On 13/07/11 09:31, Massimo Paladin wrote:
> We have been using serialized DNs for years in ActiveMQ and we didn't
> have problems.

But is ActiveMQ definitely performing DN matching by string comparison? 
Or is it perhaps doing a fully-fledged ASN.1 structural comparison 
following the rules of DN equivalence set out by the various RFCs?

> Usually we get the DN and we just add it to the configuration.

How do you "get the DN"? For example, openssl displays the DN in the 
wrong form by default - one needs to add the "-nameopt RFC2253" switch 
to get an RFC-compliant representation. And even then it's only rfc2253, 
not the more recent rfc4514; though I have no idea what the difference is.

Matthias.


More information about the rabbitmq-discuss mailing list