[rabbitmq-discuss] Broker accepts self-signed client certificate in verify_peer mode

Emile Joubert emile at rabbitmq.com
Wed Sep 1 17:34:40 BST 2010


On 12/08/10 10:02, Emile Joubert wrote:
> 
> Hi Jiri,
> 
> On 12/08/10 07:31, jiri at krutil.com wrote:
>>> Yes. I assure you this was not the behaviour of Erlang when I wrote the
>>> SSL guide. Unfortunately, a fix is not going to happen in time for the
>>> next release, but we're going to chase the Erlang SSL module authors to
>>> see if there's any reason for this behaviour, and I hope will change it
>>> either in their code or ours. I agree with you that with verify_peer on,
>>> the broker *must not* blindly trust *any* certs without being able to
>>> establish a chain of trust to the presented cert.
>>
>> Hi Matthew,
>>
>> thanks for clarifying this.
>>
>> Do you have a publicly accessible bug tracking system where we could
>> follow this issue and see when is it resolved?
> 
> We don't have a public bug tracker, but I have started a conversation on
> the erlang-questions mailing list which you can follow. Development
> effort that follows from that (if any) will take place on a branch of
> the rabbitmq-server mercurial repository named 'bug23017'.

That should have been bug23107, not bug23017. This bug has now been
merged into default, so building the broker from the latest source will
get you the desired behaviour.

-Emile


More information about the rabbitmq-discuss mailing list