[rabbitmq-discuss] Patch: SSL client certificate authentication for the RabbitMQ STOMP plugin
Simon MacMullen
simon at rabbitmq.com
Mon Feb 20 11:40:06 GMT 2012
On 20/02/12 07:47, Lionel Cons wrote:
> Shane Hathaway<shane.hathaway at gmail.com> writes:
>> I decided that using SSL client certificates is important for the kind of
>> deployment I'm working on, so I created a patch (attached to this email)
>
> Shane,
>
> It's good to see others interested in good X.509 authentication in RabbitMQ.
>
> IMHO, improvements in this area should follow what has already been discussed:
> http://groups.google.com/group/rabbitmq-discuss/browse_thread/thread/3c490aa6ab2b6c11/fdf693d284916526
> in particular: flexibility (CNs are not suitable in some envirnonments, DNs
> look more versatile) and uniformity (same Erlang code for AMQP, STOMP&
> management interfaces).
Aye, there's the rub.
So this is a problem with Shane's patch (sorry Shane). It was made
against 2.7.1 and contains some code copied from
rabbitmq-auth-mechanism-ssl. But:
* On default this code has changed to support DNs and somewhat support
multiple CNs.
* This code really should be pulled into the broker and shared.
I'm not sure how fair it is to ask Shane to do this (it's rather more
intrusive), so I'll have a look at doing it myself...
Cheers, Simon
--
Simon MacMullen
RabbitMQ, VMware
More information about the rabbitmq-discuss
mailing list