[rabbitmq-discuss] Patch: SSL client certificate authentication for the RabbitMQ STOMP plugin

Simon MacMullen simon at rabbitmq.com
Mon Feb 20 11:40:06 GMT 2012


On 20/02/12 07:47, Lionel Cons wrote:
> Shane Hathaway<shane.hathaway at gmail.com>  writes:
>> I decided that using SSL client certificates is important for the kind of
>> deployment I'm working on, so I created a patch (attached to this email)
>
> Shane,
>
> It's good to see others interested in good X.509 authentication in RabbitMQ.
>
> IMHO, improvements in this area should follow what has already been discussed:
> http://groups.google.com/group/rabbitmq-discuss/browse_thread/thread/3c490aa6ab2b6c11/fdf693d284916526
> in particular: flexibility (CNs are not suitable in some envirnonments, DNs
> look more versatile) and uniformity (same Erlang code for AMQP, STOMP&
> management interfaces).

Aye, there's the rub.

So this is a problem with Shane's patch (sorry Shane). It was made 
against 2.7.1 and contains some code copied from 
rabbitmq-auth-mechanism-ssl. But:

* On default this code has changed to support DNs and somewhat support 
multiple CNs.

* This code really should be pulled into the broker and shared.

I'm not sure how fair it is to ask Shane to do this (it's rather more 
intrusive), so I'll have a look at doing it myself...

Cheers, Simon

-- 
Simon MacMullen
RabbitMQ, VMware


More information about the rabbitmq-discuss mailing list