[rabbitmq-discuss] rabbitmq_auth_mechanism_ssl limitations
Matthias Radestock
matthias at rabbitmq.com
Wed Jul 13 09:43:54 BST 2011
Massimo,
On 13/07/11 09:31, Massimo Paladin wrote:
> We have been using serialized DNs for years in ActiveMQ and we didn't
> have problems.
But is ActiveMQ definitely performing DN matching by string comparison?
Or is it perhaps doing a fully-fledged ASN.1 structural comparison
following the rules of DN equivalence set out by the various RFCs?
> Usually we get the DN and we just add it to the configuration.
How do you "get the DN"? For example, openssl displays the DN in the
wrong form by default - one needs to add the "-nameopt RFC2253" switch
to get an RFC-compliant representation. And even then it's only rfc2253,
not the more recent rfc4514; though I have no idea what the difference is.
Matthias.
More information about the rabbitmq-discuss
mailing list