[rabbitmq-discuss] does RabbitMQ or Erlang/OTP attempt to match the CN of a client TLS cert?

• Previous message: [rabbitmq-discuss] does RabbitMQ or Erlang/OTP attempt to match the CN of a client TLS cert?
• Next message: [rabbitmq-discuss] does RabbitMQ or Erlang/OTP attempt to match the CN of a client TLS cert?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 27/08/13 23:45, David van Geest wrote:
> On Tue, Aug 27, 2013 at 6:20 PM, David van Geest <davidv at spindance.com
> <mailto:davidv at spindance.com>> wrote:
> 
> 
>     If a client connects to RabbitMQ using TLS, and client certificates
>     are required by RabbitMQ, will RabbitMQ or Erlang/OTP attempt to
>     match the CN on the client certificate with the client's hostname?
>     Does it attempt to match the client certificate CN with anything at all?
> 
> 
> Reading a bit more, it seems like the CN only matters if you are
> using rabbitmq-auth-mechanism-ssl which will attempt to match the
> certificate CN vs the user database in question. If you are using some
> other SASL mechanism (say, PLAIN), the CN does not matter. Correct?

Yes. It is also possible to provide your own verification function that
accepts a certificate. This Erlang function accepts a certificate as one
of its arguments. See the verify_fun configuration option in
http://www.erlang.org/doc/man/ssl.html




-Emile

• Previous message: [rabbitmq-discuss] does RabbitMQ or Erlang/OTP attempt to match the CN of a client TLS cert?
• Next message: [rabbitmq-discuss] does RabbitMQ or Erlang/OTP attempt to match the CN of a client TLS cert?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]