Hello,<br><br>I've been trying out RabbitMQ over the past month and I must say I'm impressed, especially with the management and STOMP plugins. Well done!<br><br>I decided that using SSL client certificates is important for the kind of deployment I'm working on, so I created a patch (attached to this email) that enables the STOMP plugin to authenticate clients using the CN field of SSL client certificates, similar to the rabbitmq_auth_mechanism_ssl plugin. The patch is based on the 2.7.1 release tag. I have tested it by hand and it seems to do the trick. I hope it can be integrated into the next release of RabbitMQ; please let me know if there are problems I ought to fix.<br><br>To use the new feature, add ssl_cert_login to the default_user options of the rabbitmq_stomp options in rabbitmq.config, then configure the STOMP client to omit the login and passcode headers from the CONNECT frame. Here is a sample rabbitmq.config:<br><br>[<br> {rabbit, [<br> {ssl_options, [<br> {cacertfile, "mq/ca/ca.crt"},<br> {certfile, "mq/server/rabbitmq-dev.crt"},<br> {keyfile, "mq/server/rabbitmq-dev.key"},<br> {verify, verify_peer},<br> {fail_if_no_peer_cert, true}<br> ]}<br> ]},<br> {rabbitmq_stomp, [<br> {tcp_listeners, [61613]},<br> {ssl_listeners, [61614]},<br> {default_user, [ssl_cert_login]}<br> ]}<br>].<br><br>Shane<br><br><code></code>