[rabbitmq-discuss] Bug: rmq_auth_mech_ssl crashes when Cert Subject contains more than one CN

John Ruiz jruiz at johnruiz.com
Tue Jan 3 19:42:26 GMT 2012

When using Microsoft Active Directory and Certificate Services (AD DS
& AD CS) as your Kerberos/LDAP/PKI environment, users are - by default
- created in the Users container (CN=Users, DC=example, DC=com) in

Therefore, the DN of new domain users contains two common name (CN)
elements in their DN (i.e. CN=Test User, CN=Users, DC=example,
DC=com).  Therefore, the Subject of the user's certificate will
contain two CN elements.  This crashes the find_by_type method (line
88 of rabbit_ssl.erl) when the return of lists:flatten are an array
instead of a single value.

I suggest that the code be updated to check for multiple CN elements
and to concatenate them with a space (" ").  In this way, instead of
crashing and being unusable in Windows environments, administrators
will be able to create a rabbitmq user that will match the
concatenated value (i.e. "Users Test User").

Please see this thread for historical information:

Apologies for submitting this here, but when I created a rabbitmq
bugzilla account, I had no privileges whatsoever.

More information about the rabbitmq-discuss mailing list