[rabbitmq-discuss] Patch: SSL client certificate authentication for the RabbitMQ STOMP plugin

Shane Hathaway shane at hathawaymix.org
Mon Feb 20 13:05:52 GMT 2012

[Switching to my preferred email address now that I've signed up 
properly for the mailing list.]

On 02/20/2012 04:40 AM, Simon MacMullen wrote:
> On 20/02/12 07:47, Lionel Cons wrote:
>> It's good to see others interested in good X.509 authentication in
>> RabbitMQ.
>> IMHO, improvements in this area should follow what has already been
>> discussed:
>> http://groups.google.com/group/rabbitmq-discuss/browse_thread/thread/3c490aa6ab2b6c11/fdf693d284916526
>> in particular: flexibility (CNs are not suitable in some
>> envirnonments, DNs
>> look more versatile) and uniformity (same Erlang code for AMQP, STOMP&
>> management interfaces).

Thanks for the review and the pointer to the email threads. I can see 
the value of using DNs.

> Aye, there's the rub.
> So this is a problem with Shane's patch (sorry Shane). It was made
> against 2.7.1 and contains some code copied from
> rabbitmq-auth-mechanism-ssl. But:
> * On default this code has changed to support DNs and somewhat support
> multiple CNs.
> * This code really should be pulled into the broker and shared.
> I'm not sure how fair it is to ask Shane to do this (it's rather more
> intrusive), so I'll have a look at doing it myself...

I'm glad to hear that. I can contribute if it would help get this into 
the next release; just give me specific instructions.


More information about the rabbitmq-discuss mailing list