-
Notifications
You must be signed in to change notification settings - Fork 717
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
MQTT plugin authenticate using client_id from client certificate #1976
Conversation
Deploying rabbitmq-website with Cloudflare Pages
|
docs/mqtt.md
Outdated
- `common_name`, this is just the CN part of the distinguished name | ||
- `subject_alternative_name` or `subject_alt_name`, here the `client_id` is specified in certificate's extension which allows to specify further alternative names which can be of several types. | ||
|
||
If you set `mqtt.ssl_cert_client_id_from` to `subject_alternative_name` or `subject_alt_name`, you should configure `mqtt.ssl_cert_client_id_san_type` which contains the `client_id`, otherwise it defaults to `dns`, its type which can be: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
?? "you should" or "you must" in the 1st sentence? Do they have to do it, "you should" is too vague, if you are going to use "should", I would additionally explaining why they should, thanks
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
its type which can be:
??? should that be a new sentence written as "It's type can be: "
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I chose should
because if you do not set it, it is defaulted to dns
. If that is what the user wants, then the user does not need to configure it.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
then I would say "If you want mqtt.ssl_cert_client_id_from
to be set tosubject_alternative_name
or subject_alt_name
, then you must.....
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
At the end, i have gone for "you can configure ".. if the user wants to use dns
as the SAN type, it is not required to set it mqtt.ssl_cert_client_id_san_type
to dns
as that is the default behaviour. Are ok ?
4626aef
to
f7479b9
Compare
Implements feature request rabbitmq/rabbitmq-server#9323