[rabbitmq-discuss] Supporting both SSL+Password as well as SSL+Certificate based authentication

Viswanathan Ramachandran vish.ramachandran at gmail.com
Wed Jun 4 16:31:14 BST 2014


Simon,

Can you please confirm if 3.3.2 will have this bug fix as well?

I see that a fix went in from
http://hg.rabbitmq.com/rabbitmq-server/shortlog/13443

*5 days ago**Simon MacMullen**Since we always check the peer cert is there
before using cert authentication we do not need to enforce
fail_if_no_peer_cert. And enforcing it prevents you from doing PLAIN auth
without a cert on the same socket.* bug25550
<http://hg.rabbitmq.com/rabbitmq-server/rev/70b7b3a7578e>changeset
<http://hg.rabbitmq.com/rabbitmq-server/rev/70b7b3a7578e> | files
<http://hg.rabbitmq.com/rabbitmq-server/file/70b7b3a7578e>
Thanks
Vish





On Thu, Apr 17, 2014 at 4:55 AM, Simon MacMullen <simon at rabbitmq.com> wrote:

> On 16/04/2014 22:38, vish.ramachandran wrote:
>
>> It does not seem right to mandate that password based clients also present
>> valid certificate. If they could, then there is no need for password based
>> authentication.
>>
>
> I'm afraid that is the requirement at the moment. A future release may
> improve this situation.
>
> Cheers, Simon
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rabbitmq.com/pipermail/rabbitmq-discuss/attachments/20140604/92b89cf4/attachment.html>


More information about the rabbitmq-discuss mailing list