Don't open a security hole if server is misconfigured.

author: Simon MacMullen <simon@rabbitmq.com> 2010-11-16 12:13:53 +0000
committer: Simon MacMullen <simon@rabbitmq.com> 2010-11-16 12:13:53 +0000
commit: 70ab964a9b555f96175dd20be358cccfaa0674cd (patch)
tree: f23e55c18505be3533b5ef6d08677b862d3574b3
parent: d6c06d5e66d6edf782c059a294767139e4e054a4 (diff)
download: rabbitmq-server-git-70ab964a9b555f96175dd20be358cccfaa0674cd.tar.gz
1 files changed, 14 insertions, 3 deletions
diff --git a/src/rabbit_auth_mechanism_external.erl b/src/rabbit_auth_mechanism_external.erl
index 0bf9f9c4dc..a597726435 100644
--- a/src/rabbit_auth_mechanism_external.erl
+++ b/src/rabbit_auth_mechanism_external.erl
@@ -57,11 +57,22 @@ description() ->
     [{name, <<"EXTERNAL">>},
      {description, <<"SASL EXTERNAL authentication mechanism">>}].
 
-%% TODO: safety check, don't offer unless verify_peer set
 should_offer(Sock) ->
     case peer_subject(Sock) of
-        none -> false;
-        _    -> true
+        none ->
+            false;
+        _ ->
+            {ok, Opts} = application:get_env(ssl_options),
+            case {proplists:get_value(fail_if_no_peer_cert, Opts),
+                  proplists:get_value(verify, Opts)} of
+                {true, verify_peer} ->
+                    true;
+                {F, V} ->
+                    rabbit_log:warning("EXTERNAL mechanism disabled, "
+                                       "fail_if_no_peer_cert=~p; "
+                                       "verify=~p~n", [F, V]),
+                    false
+            end
     end.
 
 init(Sock) ->
author	Simon MacMullen <simon@rabbitmq.com>	2010-11-16 12:13:53 +0000
committer	Simon MacMullen <simon@rabbitmq.com>	2010-11-16 12:13:53 +0000
commit	70ab964a9b555f96175dd20be358cccfaa0674cd (patch)
tree	f23e55c18505be3533b5ef6d08677b862d3574b3
parent	d6c06d5e66d6edf782c059a294767139e4e054a4 (diff)
download	rabbitmq-server-git-70ab964a9b555f96175dd20be358cccfaa0674cd.tar.gz