[rabbitmq-discuss] x509 Authentication
lionel.cons at cern.ch
Wed Dec 21 07:22:08 GMT 2011
Warren Smith <wsmith at tacc.utexas.edu> writes:
> I haven't checked back with the developers, but what I ended up doing
> was hacking the rabbit_auth_mechanism_ssl plugin to do what I want (I
> should have created a new plugin, but...).
FWIW, we have a similar need here (use DN rather than CN) but we use
STOMP that does not use rabbit_auth_mechanism_ssl. So I ended up
modifying the STOMP plugin to make it work.
It would really be good to improve X.509 authentication in a consistent
way in RabbitMQ. Things I can think of:
- use common code between AMQP and STOMP
- use DN rather than CN, maybe via a configurable option
- standard DN cleanup (such as your quotes removal)
IMHO, the most tricky part is what to do if the connection has both a
valid certificate and a valid name/password.
More information about the rabbitmq-discuss