diff options
author | Simon MacMullen <simon@rabbitmq.com> | 2012-02-20 16:28:04 +0000 |
---|---|---|
committer | Simon MacMullen <simon@rabbitmq.com> | 2012-02-20 16:28:04 +0000 |
commit | ba2058c7163dd3b24b78066aba0a3fa1cd9a66f2 (patch) | |
tree | af7855a906ac283a5aa252804a66a52d9c0da249 | |
parent | 5336bdec39927c578fa84b7ba854610a323be5f3 (diff) | |
download | rabbitmq-server-bug24182.tar.gz |
Move the mode thing into the server too.bug24182
-rw-r--r-- | ebin/rabbit_app.in | 1 | ||||
-rw-r--r-- | src/rabbit_ssl.erl | 14 |
2 files changed, 9 insertions, 6 deletions
diff --git a/ebin/rabbit_app.in b/ebin/rabbit_app.in index 2fee1114..fd19051d 100644 --- a/ebin/rabbit_app.in +++ b/ebin/rabbit_app.in @@ -38,6 +38,7 @@ {delegate_count, 16}, {trace_vhosts, []}, {log_levels, [{connection, info}]}, + {ssl_cert_login_from, distinguished_name}, {tcp_listen_options, [binary, {packet, raw}, {reuseaddr, true}, diff --git a/src/rabbit_ssl.erl b/src/rabbit_ssl.erl index 8877d8f2..22ff555f 100644 --- a/src/rabbit_ssl.erl +++ b/src/rabbit_ssl.erl @@ -21,7 +21,7 @@ -include_lib("public_key/include/public_key.hrl"). -export([peer_cert_issuer/1, peer_cert_subject/1, peer_cert_validity/1]). --export([peer_cert_subject_items/2, peer_cert_auth_name/2]). +-export([peer_cert_subject_items/2, peer_cert_auth_name/1]). %%-------------------------------------------------------------------------- @@ -36,10 +36,8 @@ -spec(peer_cert_validity/1 :: (certificate()) -> string()). -spec(peer_cert_subject_items/2 :: (certificate(), tuple()) -> [string()] | 'not_found'). - --spec(peer_cert_auth_name/2 :: - ('distinguished_name' | 'common_name', certificate()) -> - binary() | 'not_found' | 'unsafe'). +-spec(peer_cert_auth_name/1 :: + (certificate()) -> binary() | 'not_found' | 'unsafe'). -endif. @@ -80,7 +78,11 @@ peer_cert_validity(Cert) -> format_asn1_value(End)]) end, Cert). -%% For a given mode, extract a username from the certificate +%% Extract a username from the certificate +peer_cert_auth_name(Cert) -> + {ok, Mode} = application:get_env(rabbit, ssl_cert_login_from), + peer_cert_auth_name(Mode, Cert). + peer_cert_auth_name(distinguished_name, Cert) -> case auth_config_sane() of true -> iolist_to_binary(peer_cert_subject(Cert)); |