[rabbitmq-discuss] CRL support

• Previous message: [rabbitmq-discuss] CRL support
• Next message: [rabbitmq-discuss] CRL support
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Andrea,

On 02/08/11 12:08, Andrea Rosa wrote:
> I implemented a client and server authentication but if a client send a
> revoked certificate the server accept the connection, I read that the
> CRL is not yet supported by the new_ssl Erlang module, but I need to
> manage also CRLs.
> Do someone else facing with the same problem?
> Have you experienced with some workaround to guarantee that a revoked
> certificate is not accepted by Rabbit?

As suggested in response to your question in erlang-questions, you can 
define your own cert verification function with the verify_fun ssl 
option and have that perform all the checks you need. The erlang ssl 
docs (http://www.erlang.org/doc/man/ssl.html) for verify_fun describe 
how that function should behave.

To hook your verification function into rabbit (nb: this is untested) ...

1) write an erlang module containing (and exporting) that function

2) In the rabbit/ssl_options section of the rabbitmq.config, add an 
entry {verify_fun, {YourModuleName, YourFunctionName}}.


Regards,

Matthias.

• Previous message: [rabbitmq-discuss] CRL support
• Next message: [rabbitmq-discuss] CRL support
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]