Hi, Is it possible to write ACL so that it takes into account both certificate common name and ca certificate that issued it when granting access rights?
What I'm trying to do: I'm using SSL authentication and ACL with C++ qpid broker like this: - On broker side I have acl file with <client_cert_common_name>@QPID entries for each certificate with assigned access rights, - Also on broker side I have a NSS database that contains soft certificates (ca certificate and server certificate), - On client side I have a NSS database with soft client certificate that was issued with ca certificate from broker NSS database and public ca certificate from broker NSS database. This works fine as long as there is only one CA issuing certificates but I could generate some client certificates with a different ca certificate and add that ca certificate to broker NSS database. >From that ca certificate I could issue a certificate with same common name. Now all of a sudden two certificates from different CA agencies have access to same queues and I don't want that but would still like to support client certificates from different ca authorities. Is such configuration even possible/supported/correct thing to go for? Thanks, Domen --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@qpid.apache.org For additional commands, e-mail: users-h...@qpid.apache.org
