From cfa0d4d9aa87e7458e64bd9de4206a8f11424317 Mon Sep 17 00:00:00 2001
From: Sascha Bleidner <TribuneX@users.noreply.github.com>
Date: Thu, 29 Sep 2022 09:36:56 +0200
Subject: [PATCH] Add option for wildcard certificates to docs

Matching wildcard certificates with the auth_backend_http plugin requires an additional option. See: https://erlang.org/pipermail/erlang-questions/2019-October/098529.html
---
 deps/rabbitmq_auth_backend_http/README.md | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/deps/rabbitmq_auth_backend_http/README.md b/deps/rabbitmq_auth_backend_http/README.md
index 651e32d7d6bb..53922fa2d59a 100644
--- a/deps/rabbitmq_auth_backend_http/README.md
+++ b/deps/rabbitmq_auth_backend_http/README.md
@@ -149,6 +149,11 @@ configure the plugin to use a CA and client certificate/key pair using the `rabb
 
 It is recommended to use TLS for authentication and enable peer verification.
 
+### Wildcard Certificates
+
+If the certificate of your Web Server should be matched against a wildcard certificate in your `cacertfile`, the following option must be added to the `ssl_options`:
+
+    {customize_hostname_check, [{match_fun,public_key:pkix_verify_hostname_match_fun(https)}]}
 
 ## Debugging