[rabbitmq-discuss] Publisher Authentication

Matthias Radestock matthias at rabbitmq.com
Mon Sep 10 14:24:27 BST 2012


Andrea,

On 06/09/12 09:40, Rosa, Andrea (HP Cloud Services) wrote:
> Some months ago I tested the SASL EXTERNAL support for authenticate both
> clients and server, it worked well apart an issue with revoked certificates.
>
> It seems that the plugin was not able to verify a certificate against a
> CRL, and in my understanding (and if I remember correctly) that was a
> limitation due to SSL erlang library.

Correct - there is no built-in support for CRLs in the Erlang SSL libraries.

You should however be able to plug in your own CRL logic by supplying a 
suitable verify_fun in the ssl configuration. See 
http://www.erlang.org/doc/man/ssl.html.

Regards,

Matthias.


More information about the rabbitmq-discuss mailing list