This Bugzilla instance is deprecated, and most Eclipse projects now use GitHub or Eclipse GitLab. Please see the deprecation plan for details.
Bug 432081 - Allow restricting of CNs when using TLS for authentication
Summary: Allow restricting of CNs when using TLS for authentication
Status: CLOSED INVALID
Alias: None
Product: z_Archived
Classification: Eclipse Foundation
Component: Mosquitto (show other bugs)
Version: unspecified   Edit
Hardware: All All
: P3 enhancement (vote)
Target Milestone: ---   Edit
Assignee: Roger Light CLA
QA Contact:
URL:
Whiteboard:
Keywords:
Depends on:
Blocks: 458622
  Show dependency tree
 
Reported: 2014-04-05 08:29 EDT by Nicholas Humfrey CLA
Modified: 2016-09-09 08:58 EDT (History)
0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Nicholas Humfrey CLA 2014-04-05 08:29:14 EDT 
I use public CAs for both client and server certificates (StartSSL and CACert).

I don't want anyone with a client certificate issued by StartSSL to be able to access my broker.

But I can't see a way of configuring mosquitto to authorise only certain client certificate CNs, once they pass as being valid certificates. I tried pulling the CN into the usernames file, but that doesn't seem to be used?

This would also be useful for enterprises that have their own private CA but use client certificates for many purposes, not just a single application.
Comment 1 Roger Light CLA 2015-01-28 05:27:07 EST 
Part of the authentication/access control review for 1.5.