[rabbitmq-discuss] does RabbitMQ or Erlang/OTP attempt to match the CN of a client TLS cert?
David van Geest
davidv at spindance.com
Wed Aug 28 17:42:05 BST 2013
On Wed, Aug 28, 2013 at 5:36 AM, Emile Joubert <emile at rabbitmq.com> wrote:
> On 27/08/13 23:45, David van Geest wrote:
> > On Tue, Aug 27, 2013 at 6:20 PM, David van Geest <davidv at spindance.com
> > <mailto:davidv at spindance.com>> wrote:
> > If a client connects to RabbitMQ using TLS, and client certificates
> > are required by RabbitMQ, will RabbitMQ or Erlang/OTP attempt to
> > match the CN on the client certificate with the client's hostname?
> > Does it attempt to match the client certificate CN with anything at
> > Reading a bit more, it seems like the CN only matters if you are
> > using rabbitmq-auth-mechanism-ssl which will attempt to match the
> > certificate CN vs the user database in question. If you are using some
> > other SASL mechanism (say, PLAIN), the CN does not matter. Correct?
> Yes. It is also possible to provide your own verification function that
> accepts a certificate. This Erlang function accepts a certificate as one
> of its arguments. See the verify_fun configuration option in
Excellent, thanks. Those docs are helpful as well.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the rabbitmq-discuss