[rabbitmq-discuss] x509 Authentication

Lionel Cons lionel.cons at cern.ch
Wed Dec 21 07:22:08 GMT 2011

Warren Smith <wsmith at tacc.utexas.edu> writes:
> I haven't checked back with the developers, but what I ended up doing
> was hacking the rabbit_auth_mechanism_ssl plugin to do what I want (I
> should have created a new plugin, but...).

FWIW, we have a similar need here (use DN rather than CN) but we use
STOMP that does not use rabbit_auth_mechanism_ssl. So I ended up
modifying the STOMP plugin to make it work.

It would really be good to improve X.509 authentication in a consistent
way in RabbitMQ. Things I can think of:
 - use common code between AMQP and STOMP
 - use DN rather than CN, maybe via a configurable option
 - standard DN cleanup (such as your quotes removal)

IMHO, the most tricky part is what to do if the connection has both a
valid certificate and a valid name/password.


Lionel Cons

More information about the rabbitmq-discuss mailing list