[rabbitmq-discuss] ssl certificate to client lookup

Matthew Sackman matthew at rabbitmq.com
Fri Jun 25 14:03:14 BST 2010


Hi Nate,

On Thu, Jun 24, 2010 at 03:13:20PM -0600, Nathaniel Haggard wrote:
> It would be nice if rabbitmq set a header in messages with some
> metadata from the x509 certificate used to establish the ssl
> connection.

Err, why? If you're using certificate validation (server and/or client
side) then you *should* be able to retrieve all information you need
from whatever client you're using. However, I could well believe that if
this information is only available via the socket then you'll have a
hard time digging that out.

What's your use case though - are you trying to identify the server's
identity by checking some header in messages received from the server?
Surely the "right" solution to identity is to restrict the certificate
the client accepts from the server when the connection is established,
no?

> Also, why not make rabbitmqctl show ssl info for each connection.

That's a good idea. I'll file a bug for that.

Matthew


More information about the rabbitmq-discuss mailing list