At least for the cpp broker, ssl-require-client-authentication=yes will do the trick. The broker book ( http://qpid.apache.org/releases/qpid-cpp-0.34/cpp-broker/book/chap-Messaging_User_Guide-Security.html#sect-Messaging_User_Guide-Security-Encryption_using_SSL) is a good resource for SSL options.
As far as the check goes, I think it looks at the Subject Alternative Name, and falls back to CN if there is no SAN on the cert. On Thu, Jun 9, 2016 at 1:09 PM, Olivier Mallassi <[email protected] > wrote: > All, > > The whole idea is > (1) to build the following chain : clients (Java/c++) <-> dispatcher(s) <-> > java qpid brokers. > (2) with two ways SSL between all the components........ > > test are ongoing but I was wondering if there is a way to configure the > dispatchers and the brokers to check (or not) the client hostname (while > checking the client certificate)? > if activated, does it use the CN for hostname? > > Thx for your help. > > Cheers. > > Olivier. >
