[rabbitmq-discuss] rabbitmq_auth_mechanism_ssl limitations

Massimo Paladin Massimo.Paladin at cern.ch
Tue Jul 5 15:05:01 BST 2011


Looking at openssl there is an rfc which tells how to convert from asn.1 to
string: http://www.ietf.org/rfc/rfc2253.txt

Cheers,
---
Massimo Paladin

email: massimo.paladin at gmail.com
website: http://www.mpaladin.com
flickr's page: http://flickr.com/photos/massimop


On Tue, Jul 5, 2011 at 3:18 PM, Simon MacMullen <simon at rabbitmq.com> wrote:

> On 05/07/11 14:01, Massimo Paladin wrote:
>
>> This looks like limiting to certificates with only one and unique CN. Am
>> I wrong?
>>
>
> Yes, that's correct.
>
> A future enhancement could be to allow rabbitmq_auth_mechanism_ssl to use
> the DN instead - after all, that's really what it's for.
>
> However, the (substantial) speedbump here is that RabbitMQ requires each
> user to have a user name, and each user name to be a string (I really
> wouldn't want to change that, implications would be far-reaching). But a DN
> isn't a string, it's an ASN.1 mess. And while there are a bunch of ways to
> convert that to a string, there's no good *canonical* way of doing it that
> I'm aware of.
>
> But I'm not a great expert in x509 / ASN.1. I don't know if you are or not
> :) but what would you do?
>
> Cheers, Simon
>
> --
> Simon MacMullen
> RabbitMQ, VMware
> ______________________________**_________________
> rabbitmq-discuss mailing list
> rabbitmq-discuss at lists.**rabbitmq.com<rabbitmq-discuss at lists.rabbitmq.com>
> https://lists.rabbitmq.com/**cgi-bin/mailman/listinfo/**rabbitmq-discuss<https://lists.rabbitmq.com/cgi-bin/mailman/listinfo/rabbitmq-discuss>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rabbitmq.com/pipermail/rabbitmq-discuss/attachments/20110705/52da6000/attachment.htm>


More information about the rabbitmq-discuss mailing list