<div dir="ltr">Simon,<div><br></div><div>Can you please confirm if 3.3.2 will have this bug fix as well?</div><div><br></div><div>I see that a fix went in from <a href="http://hg.rabbitmq.com/rabbitmq-server/shortlog/13443">http://hg.rabbitmq.com/rabbitmq-server/shortlog/13443</a></div>
<div><br></div><div><table cellspacing="0" style="padding:8px 4px;color:rgb(0,0,0);font-family:sans-serif;font-size:12px"><tbody><tr class=""><td class="" style="padding:2px 5px;vertical-align:top;white-space:nowrap"><i>5 days ago</i></td>
<td style="padding:2px 5px;vertical-align:top"><i>Simon MacMullen</i></td><td style="padding:2px 5px;vertical-align:top"><a class="" href="http://hg.rabbitmq.com/rabbitmq-server/rev/70b7b3a7578e" style="color:rgb(0,0,0);text-decoration:none"><b>Since we always check the peer cert is there before using cert authentication we do not need to enforce fail_if_no_peer_cert. And enforcing it prevents you from doing PLAIN auth without a cert on the same socket.</b> <span class=""><span class="" title="bug25550" style="padding:0px 4px;font-size:10px;border-width:1px;border-style:solid;border-color:rgb(204,255,204) rgb(0,204,51) rgb(0,204,51) rgb(204,255,204);background-color:rgb(170,255,170)">bug25550</span></span></a></td>
<td class="" nowrap style="padding:2px 5px;font-size:10px;vertical-align:top;font-family:sans-serif"><a href="http://hg.rabbitmq.com/rabbitmq-server/rev/70b7b3a7578e" style="color:rgb(136,0,0)">changeset</a> | <a href="http://hg.rabbitmq.com/rabbitmq-server/file/70b7b3a7578e" style="color:rgb(136,0,0)">files</a></td>
</tr><tr class="" style="background-color:rgb(246,246,240)"></tr></tbody></table><br></div><div>Thanks</div><div>Vish</div><div><br></div><div><br></div><div><br></div></div><div class="gmail_extra"><br><br><div class="gmail_quote">
On Thu, Apr 17, 2014 at 4:55 AM, Simon MacMullen <span dir="ltr"><<a href="mailto:simon@rabbitmq.com" target="_blank">simon@rabbitmq.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
On 16/04/2014 22:38, vish.ramachandran wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
It does not seem right to mandate that password based clients also present<br>
valid certificate. If they could, then there is no need for password based<br>
authentication.<br>
</blockquote>
<br>
I'm afraid that is the requirement at the moment. A future release may improve this situation.<br>
<br>
Cheers, Simon<br>
<br>
</blockquote></div><br></div>