search

rabbitmq / discussions

Please use RabbitMQ mailing list for questions. Issues that are questions, discussions or lack details necessary to investigate them are moved to this repository.
3 stars 4 forks source link

fail_if_no_peer_cert only applicable to server #150

Closed gogolok closed 4 years ago

gogolok commented 4 years ago

I have no experience with Erlang and am not an expert in RabbitMQ, but I've read https://www.rabbitmq.com/clustering-ssl.html and saw the usage of fail_if_no_peer_cert. As far as I understand http://erlang.org/doc/apps/ssl/ssl_distribution.html and https://erlang.org/doc/man/ssl.html correctly, fail_if_no_peer_cert is only applicable to the server.

Can someone confirm this?

michaelklishin commented 4 years ago

Thank you for your time.

Team RabbitMQ uses GitHub issues for specific actionable items engineers can work on. GitHub issues are not used for questions, investigations, root cause analysis, discussions of potential issues, etc (as defined by this team).

We get at least a dozen of questions through various venues every single day, often light on details. At that rate GitHub issues can very quickly turn into a something impossible to navigate and make sense of even for our team. Because GitHub is a tool our team uses heavily nearly every day, the signal/noise ratio of issues is something we care about a lot.

Please post this to rabbitmq-users.

Thank you.

michaelklishin commented 4 years ago

It is a server_option() value according to the TLS implementation guide. There is no explanation of why that might be, obvious peer verification in TLS can be used on either side.