Supporting both SSL+Password as well as SSL+Certificate based authentication
We have a use case where we want to support both
1. "External" passwordless certificate based authentication based on rabbitmq-auth-mechanism-ssl plugin
2. "Plain" password based authentication with SSL turned on without client needing to present a certificate. This is precisely what is described at https://www.rabbitmq.com/ssl.html#enabling-ssl example.
With above configuration, use case #1 is possible, however use case #2 fails when client does not present a certificate since fail_if_no_peer_certificate is set to true.
If I change fail_if_no_peer_certificate to false, use case #2 works, use case #1 fails with an "unsafe configuration error".
Can we configure RMQ to support both by
1. verifying the certificate if one is presented along with request to do external authentication
2. expect username/password if certificate is not presented and plain authentication is chosen
3. Fail if external authentication is chosen and no certificate is presented
It does not seem right to mandate that password based clients also present valid certificate. If they could, then there is no need for password based authentication.
Re: Supporting both SSL+Password as well as SSL+Certificate based authentication
On 16/04/2014 22:38, vish.ramachandran wrote:
> It does not seem right to mandate that password based clients also present
> valid certificate. If they could, then there is no need for password based
I'm afraid that is the requirement at the moment. A future release may
improve this situation.