[rabbitmq-discuss] ssl certificate to client lookup

• Previous message: [rabbitmq-discuss] ssl certificate to client lookup
• Next message: [rabbitmq-discuss] Building RabbitMQ-server with make 3.80
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, Jun 28, 2010 at 11:46 PM, Lionel Cons <lionel.cons at cern.ch> wrote:
> Matthias Radestock writes:
>  > Couldn't you simply get the sender to sign the message and the recipient
>  > to verify the signature?
>
> This would work in the cases where we control the clients.
> Unfortunately, this is not always the case.
>
> In case something bad happens (invalid message, too many messages...),
> we want to know who sent the offending messages.

So do we.

If rabbitmqctl list_connections showed the ssl common name in
client_properties then we could find the queue by joining
list_connections output with list_queues output on pid and owner_pid
respectively.  If we found a misbehaving client we would revoke its
certificate; though, CRL was not supported as of last year
http://lists.rabbitmq.com/pipermail/rabbitmq-discuss/2009-July/004187.html.
 Is it now?

Matt,

Is client_properties where you plan to put the ssl information?


-Nate

• Previous message: [rabbitmq-discuss] ssl certificate to client lookup
• Next message: [rabbitmq-discuss] Building RabbitMQ-server with make 3.80
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]