[rabbitmq-discuss] Experimenting with release candidates: RabbitMQ 2.7.9
Lionel Cons
lionel.cons at cern.ch
Wed Mar 21 06:52:17 GMT 2012
Simon MacMullen writes:
> > The DN/CN issues were discussed recently, but I'll leave it to Simon to
> > explain our position on that.
>
> It defaults to doing the best impersonation it can of a DN produced by
> the OpenSSL's -nameopt RFC2253 [...]
Simon,
I confirm that this works fine in 2.8.0. However, the user that is required
(which name is the DN) also allows to login without SSL.
One solution would be to generate long random passwords for these dummy
users indicating which DNs are allowed but this looks like bricolage. What
about using the (currently underused) tags for this purpose? We could
imagine an "ssl" tag meaning "this user can only login via SSL"...
Cheers,
Lionel
More information about the rabbitmq-discuss
mailing list