[rabbitmq-discuss] x509 Authentication
Simon MacMullen
simon at rabbitmq.com
Thu Jan 5 10:32:40 GMT 2012
On 21/12/11 07:22, Lionel Cons wrote:
> It would really be good to improve X.509 authentication in a consistent
> way in RabbitMQ. Things I can think of:
> - use common code between AMQP and STOMP
Yes.
> - use DN rather than CN, maybe via a configurable option
Yes.
> - standard DN cleanup (such as your quotes removal)
Umm, really? The question of how to canonically construct a string
representation of a DN is annoyingly fiddly, but I really don't believe
removing quotes is likely to be a part of it.
We'd probably have to aim for "whatever OpenSSL does" and "whatever
Active Directory does" as goals for how to do it. Let us pray to the god
of ASN.1 (some sort of Eldritch abomination I'm sure) that both of those
are the same thing...
Cheers, Simon
--
Simon MacMullen
RabbitMQ, VMware
More information about the rabbitmq-discuss
mailing list