[rabbitmq-discuss] rabbitmq_auth_mechanism_ssl limitations

Massimo Paladin Massimo.Paladin at cern.ch
Wed Jul 13 10:32:45 BST 2011


Both ActiveMQ and Apollo are doing string comparison.

Usually we get the DN in the default openssl format, then according to our
needs we translate them.
Apollo seems using rfc2253. ActiveMQ seems using rfc2253 also but with
spaces after commas.

Regards,
---
Massimo Paladin

email: massimo.paladin at gmail.com
website: http://www.mpaladin.com
flickr's page: http://flickr.com/photos/massimop


On Wed, Jul 13, 2011 at 10:43 AM, Matthias Radestock
<matthias at rabbitmq.com>wrote:

> Massimo,
>
>
> On 13/07/11 09:31, Massimo Paladin wrote:
>
>> We have been using serialized DNs for years in ActiveMQ and we didn't
>> have problems.
>>
>
> But is ActiveMQ definitely performing DN matching by string comparison? Or
> is it perhaps doing a fully-fledged ASN.1 structural comparison following
> the rules of DN equivalence set out by the various RFCs?
>
>
>  Usually we get the DN and we just add it to the configuration.
>>
>
> How do you "get the DN"? For example, openssl displays the DN in the wrong
> form by default - one needs to add the "-nameopt RFC2253" switch to get an
> RFC-compliant representation. And even then it's only rfc2253, not the more
> recent rfc4514; though I have no idea what the difference is.
>
> Matthias.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rabbitmq.com/pipermail/rabbitmq-discuss/attachments/20110713/f7a05bf4/attachment.htm>


More information about the rabbitmq-discuss mailing list