[rabbitmq-discuss] Publisher Authentication
Matthias Radestock
matthias at rabbitmq.com
Mon Sep 10 14:24:27 BST 2012
Andrea,
On 06/09/12 09:40, Rosa, Andrea (HP Cloud Services) wrote:
> Some months ago I tested the SASL EXTERNAL support for authenticate both
> clients and server, it worked well apart an issue with revoked certificates.
>
> It seems that the plugin was not able to verify a certificate against a
> CRL, and in my understanding (and if I remember correctly) that was a
> limitation due to SSL erlang library.
Correct - there is no built-in support for CRLs in the Erlang SSL libraries.
You should however be able to plug in your own CRL logic by supplying a
suitable verify_fun in the ssl configuration. See
http://www.erlang.org/doc/man/ssl.html.
Regards,
Matthias.
More information about the rabbitmq-discuss
mailing list