<meta charset="utf-8">Both ActiveMQ and Apollo are doing string comparison.<div><br></div><div>Usually we get the DN in the default openssl format, then according to our needs we translate them.</div><div>Apollo seems using�<span class="Apple-style-span" style="border-collapse: collapse; font-family: arial, sans-serif; font-size: 13px; ">rfc2253. ActiveMQ seems using�</span><span class="Apple-style-span" style="border-collapse: collapse; font-family: arial, sans-serif; font-size: 13px; ">rfc2253 also but with spaces after commas.</span></div>
<div><font class="Apple-style-span" face="arial, sans-serif"><span class="Apple-style-span" style="border-collapse: collapse; "><br></span></font></div><div><font class="Apple-style-span" face="arial, sans-serif"><span class="Apple-style-span" style="border-collapse: collapse; ">Regards,</span></font></div>
---<br>Massimo Paladin<br><br>email:�<a href="mailto:massimo.paladin@gmail.com" target="_blank">massimo.paladin@gmail.com</a><br>website:�<a href="http://www.mpaladin.com/" target="_blank">http://www.mpaladin.com</a><br>
flickr's page:�<a href="http://flickr.com/photos/massimop" target="_blank">http://flickr.com/photos/massimop</a><br>
<br><br><div class="gmail_quote">On Wed, Jul 13, 2011 at 10:43 AM, Matthias Radestock <span dir="ltr"><<a href="mailto:matthias@rabbitmq.com">matthias@rabbitmq.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
Massimo,<div class="im"><br>
<br>
On 13/07/11 09:31, Massimo Paladin wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
We have been using serialized DNs for years in ActiveMQ and we didn't<br>
have problems.<br>
</blockquote>
<br></div>
But is ActiveMQ definitely performing DN matching by string comparison? Or is it perhaps doing a fully-fledged ASN.1 structural comparison following the rules of DN equivalence set out by the various RFCs?<div class="im">
<br>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Usually we get the DN and we just add it to the configuration.<br>
</blockquote>
<br></div>
How do you "get the DN"? For example, openssl displays the DN in the wrong form by default - one needs to add the "-nameopt RFC2253" switch to get an RFC-compliant representation. And even then it's only rfc2253, not the more recent rfc4514; though I have no idea what the difference is.<br>
<font color="#888888">
<br>
Matthias.<br>
</font></blockquote></div><br>