[rabbitmq-discuss] ssl certificate to client lookup

Matthias Radestock matthias at rabbitmq.com
Mon Jun 28 16:56:43 BST 2010


Lionel Cons wrote:
> Matthew Sackman <matthew at rabbitmq.com> writes:
>> On Thu, Jun 24, 2010 at 03:13:20PM -0600, Nathaniel Haggard wrote:
>>> It would be nice if rabbitmq set a header in messages with some
>>> metadata from the x509 certificate used to establish the ssl
>>> connection.
>> Err, why?
> FWIW, we currently rely on this functionality: we use X.509 for
> authetication and we need to track down who sent a given message
> (think JMSXUserID as per http://activemq.apache.org/jmsxuserid.html).

Couldn't you simply get the sender to sign the message and the recipient 
to verify the signature? That requires the recipients to know the public 
keys of the senders, but I suspect in most systems where recipients care 
about the sender identity that would not be hard to arrange.


More information about the rabbitmq-discuss mailing list