[rabbitmq-discuss] x509 Authentication

Simon MacMullen simon at rabbitmq.com
Thu Jan 5 10:32:40 GMT 2012


On 21/12/11 07:22, Lionel Cons wrote:
> It would really be good to improve X.509 authentication in a consistent
> way in RabbitMQ. Things I can think of:
>   - use common code between AMQP and STOMP

Yes.

>   - use DN rather than CN, maybe via a configurable option

Yes.

>   - standard DN cleanup (such as your quotes removal)

Umm, really? The question of how to canonically construct a string 
representation of a DN is annoyingly fiddly, but I really don't believe 
removing quotes is likely to be a part of it.

We'd probably have to aim for "whatever OpenSSL does" and "whatever 
Active Directory does" as goals for how to do it. Let us pray to the god 
of ASN.1 (some sort of Eldritch abomination I'm sure) that both of those 
are the same thing...

Cheers, Simon

-- 
Simon MacMullen
RabbitMQ, VMware


More information about the rabbitmq-discuss mailing list