[rabbitmq-discuss] Bug: rmq_auth_mech_ssl crashes when Cert Subject contains more than one CN
jruiz at johnruiz.com
Tue Jan 3 19:42:26 GMT 2012
When using Microsoft Active Directory and Certificate Services (AD DS
& AD CS) as your Kerberos/LDAP/PKI environment, users are - by default
- created in the Users container (CN=Users, DC=example, DC=com) in
Therefore, the DN of new domain users contains two common name (CN)
elements in their DN (i.e. CN=Test User, CN=Users, DC=example,
DC=com). Therefore, the Subject of the user's certificate will
contain two CN elements. This crashes the find_by_type method (line
88 of rabbit_ssl.erl) when the return of lists:flatten are an array
instead of a single value.
I suggest that the code be updated to check for multiple CN elements
and to concatenate them with a space (" "). In this way, instead of
crashing and being unusable in Windows environments, administrators
will be able to create a rabbitmq user that will match the
concatenated value (i.e. "Users Test User").
Please see this thread for historical information:
Apologies for submitting this here, but when I created a rabbitmq
bugzilla account, I had no privileges whatsoever.
More information about the rabbitmq-discuss