Bug 729391
Summary: | [RFE] Python SSL client connection details not provided | ||
---|---|---|---|
Product: | Red Hat Enterprise MRG | Reporter: | ppecka <ppecka> |
Component: | Messaging_Installation_and_Configuration_Guide | Assignee: | Joshua Wulf <jwulf> |
Status: | CLOSED CURRENTRELEASE | QA Contact: | Leonid Zhaldybin <lzhaldyb> |
Severity: | high | Docs Contact: | |
Priority: | high | ||
Version: | 2.0 | CC: | esammons, gsim, iboverma, lcarlon, lzhaldyb, matt, mcressma |
Target Milestone: | 2.2.3 | Keywords: | Documentation, FutureFeature |
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Enhancement | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2012-11-19 04:27:44 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 782806 | ||
Bug Blocks: |
Description
ppecka
2011-08-09 18:14:52 UTC
Will need to acquire source content from engineering. Setting needinfo for Gordon, but can be filled by anybody. At present the python client still does not support client authentication with SSL[1]. It also does not verify that the hostname indicated by the servers certificate matches that used for the connection. To connect over SSL using the python client on RHEL5 you must install the python-ssl package from the Extra Packages for Enterprise Linux (EPEL) repository (already mention in the installation guide). All that is then required is to either use a URL of the form amqps://<host>:<port> where host is the brokers hostname and port is the SSL port (usually 5671), or to set the 'transport' attribute of the connection to "ssl". Note in the context of that last point that the current user guide has a mistake for the c++ client. It says 'To open an SSL enabled connection in the Qpid Messaging API, set the protocol connection option to ssl' but that should be the 'transport' connection option, not protocol. [1] https://issues.apache.org/jira/browse/QPID-3175 Changed to "transport": connection.setOption("transport", "ssl"); http://documentation-devel.engineering.redhat.com/docs/en-US/Red_Hat_Enterprise_MRG/2/html-single/Messaging_Programming_Reference/index.html#Enable_SSL ========================== Python connection details added: http://documentation-devel.engineering.redhat.com/docs/en-US/Red_Hat_Enterprise_MRG/2/html-single/Messaging_Installation_and_Configuration_Guide/index.html#Configure_SASL_using_a_Local_Password_File (In reply to comment #2) > At present the python client still does not support client authentication > with SSL[1]. It also does not verify that the hostname indicated by the > servers certificate matches that used for the connection. > > To connect over SSL using the python client on RHEL5 you must install the > python-ssl package from the Extra Packages for Enterprise Linux (EPEL) > repository (already mention in the installation guide). > > All that is then required is to either use a URL of the form > amqps://<host>:<port> where host is the brokers hostname and port is the SSL > port (usually 5671), or to set the 'transport' attribute of the connection > to "ssl". > > Note in the context of that last point that the current user guide has a > mistake for the c++ client. It says 'To open an SSL enabled connection in > the Qpid Messaging API, set the protocol connection option to ssl' but that > should be the 'transport' connection option, not protocol. > > [1] https://issues.apache.org/jira/browse/QPID-3175 The changes look good. -> VERIFIED MRG Messaging 2.2.3 docs have been released as of 14 November 2012, the docs are now available on https://access.redhat.com/knowledge/docs/Red_Hat_Enterprise_MRG/ |