[rabbitmq-discuss] Patch: SSL client certificate authentication for the RabbitMQ STOMP plugin
Shane Hathaway
shane at hathawaymix.org
Mon Feb 20 13:05:52 GMT 2012
[Switching to my preferred email address now that I've signed up
properly for the mailing list.]
On 02/20/2012 04:40 AM, Simon MacMullen wrote:
> On 20/02/12 07:47, Lionel Cons wrote:
>> It's good to see others interested in good X.509 authentication in
>> RabbitMQ.
>>
>> IMHO, improvements in this area should follow what has already been
>> discussed:
>> http://groups.google.com/group/rabbitmq-discuss/browse_thread/thread/3c490aa6ab2b6c11/fdf693d284916526
>>
>> in particular: flexibility (CNs are not suitable in some
>> envirnonments, DNs
>> look more versatile) and uniformity (same Erlang code for AMQP, STOMP&
>> management interfaces).
Thanks for the review and the pointer to the email threads. I can see
the value of using DNs.
> Aye, there's the rub.
>
> So this is a problem with Shane's patch (sorry Shane). It was made
> against 2.7.1 and contains some code copied from
> rabbitmq-auth-mechanism-ssl. But:
>
> * On default this code has changed to support DNs and somewhat support
> multiple CNs.
>
> * This code really should be pulled into the broker and shared.
>
> I'm not sure how fair it is to ask Shane to do this (it's rather more
> intrusive), so I'll have a look at doing it myself...
I'm glad to hear that. I can contribute if it would help get this into
the next release; just give me specific instructions.
Shane
More information about the rabbitmq-discuss
mailing list