Hi,
I'm using the C++ QPid Broker from RHEL5.3 yum repository and the M5
java QPid client libraries to successfully communicate over two-way SSL
(ssl-require-client-authentication = true) . In addition to two-way
SSL, my military customer is also asking that the QPid broker only allow
a SSL connection from a configurable list of client certificates. As an
example, similar PKI certificate control lists are provided by both
mod_ssl and mod_nss when configuring the Apache httpd . In httpd.conf,
the following directive only allows an SSL connection to httpd from a
client using my certificate :
SSLRequire (%{SSL_CLIENT_S_DN_CN} eq
"BRIDE.JEFFREY.ALEXANDER.xxxxxxxxxxxxxxxx")
Since the C++ broker leverages the NSS libraries, is there an
equivalent in QPid ?? My customer would like to have very tight control
of
SSL connections between brokers in our AMQP federation
scenarios.
When configuring the C++ broker, could I somehow add something similar
to /etc/qpidd.conf to dictate which client certificates can make SSL
connections to that broker ??
thank you!
jeff
--
Jeffrey Bride
RedHat / JBoss
303-523-7885
