Bug 729391

Summary: [RFE] Python SSL client connection details not provided
Product: Red Hat Enterprise MRG Reporter: ppecka <ppecka>
Component: Messaging_Installation_and_Configuration_GuideAssignee: Joshua Wulf <jwulf>
Status: CLOSED CURRENTRELEASE QA Contact: Leonid Zhaldybin <lzhaldyb>
Severity: high Docs Contact:
Priority: high    
Version: 2.0CC: esammons, gsim, iboverma, lcarlon, lzhaldyb, matt, mcressma
Target Milestone: 2.2.3Keywords: Documentation, FutureFeature
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2012-11-19 04:27:44 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 782806    
Bug Blocks:    

Description ppecka 2011-08-09 18:14:52 UTC
Description of problem:
Python client setup for SSL details are not provided in "Messaging User Guide" chapter "10.3. Encryption using SSL", sub-chapter "Enabling SSL in Clients"
There are chapters just for "C++ clients", and "Java clients". Section on "Python clients" is missing.

Comment 1 Alison Young 2011-08-10 00:22:25 UTC
Will need to acquire source content from engineering. 
Setting needinfo for Gordon, but can be filled by anybody.

Comment 2 Gordon Sim 2011-09-05 19:25:18 UTC
At present the python client still does not support client authentication with SSL[1]. It also does not verify that the hostname indicated by the servers certificate matches that used for the connection.

To connect over SSL using the python client on RHEL5 you must install the python-ssl package from the Extra Packages for Enterprise Linux (EPEL) repository (already mention in the installation guide).

All that is then required is to either use a URL of the form amqps://<host>:<port> where host is the brokers hostname and port is the SSL port (usually 5671), or to set the 'transport' attribute of the connection to "ssl".

Note in the context of that last point that the current user guide has a mistake for the c++ client. It says 'To open an SSL enabled connection in the Qpid Messaging API, set the protocol connection option to ssl' but that should be the 'transport' connection option, not protocol.

[1] https://issues.apache.org/jira/browse/QPID-3175

Comment 6 Joshua Wulf 2012-10-25 09:54:26 UTC
Changed to "transport":

connection.setOption("transport", "ssl");

http://documentation-devel.engineering.redhat.com/docs/en-US/Red_Hat_Enterprise_MRG/2/html-single/Messaging_Programming_Reference/index.html#Enable_SSL


==========================

Python connection details added:

http://documentation-devel.engineering.redhat.com/docs/en-US/Red_Hat_Enterprise_MRG/2/html-single/Messaging_Installation_and_Configuration_Guide/index.html#Configure_SASL_using_a_Local_Password_File




(In reply to comment #2)
> At present the python client still does not support client authentication
> with SSL[1]. It also does not verify that the hostname indicated by the
> servers certificate matches that used for the connection.
> 
> To connect over SSL using the python client on RHEL5 you must install the
> python-ssl package from the Extra Packages for Enterprise Linux (EPEL)
> repository (already mention in the installation guide).
> 
> All that is then required is to either use a URL of the form
> amqps://<host>:<port> where host is the brokers hostname and port is the SSL
> port (usually 5671), or to set the 'transport' attribute of the connection
> to "ssl".
> 
> Note in the context of that last point that the current user guide has a
> mistake for the c++ client. It says 'To open an SSL enabled connection in
> the Qpid Messaging API, set the protocol connection option to ssl' but that
> should be the 'transport' connection option, not protocol.
> 
> [1] https://issues.apache.org/jira/browse/QPID-3175

Comment 7 Leonid Zhaldybin 2012-10-31 07:47:13 UTC
The changes look good.

-> VERIFIED

Comment 8 Cheryn Tan 2012-11-19 04:27:44 UTC
MRG Messaging 2.2.3 docs have been released as of 14 November 2012, the docs are now available on https://access.redhat.com/knowledge/docs/Red_Hat_Enterprise_MRG/