Description of problem: Python client setup for SSL details are not provided in "Messaging User Guide" chapter "10.3. Encryption using SSL", sub-chapter "Enabling SSL in Clients" There are chapters just for "C++ clients", and "Java clients". Section on "Python clients" is missing.
Will need to acquire source content from engineering. Setting needinfo for Gordon, but can be filled by anybody.
At present the python client still does not support client authentication with SSL[1]. It also does not verify that the hostname indicated by the servers certificate matches that used for the connection. To connect over SSL using the python client on RHEL5 you must install the python-ssl package from the Extra Packages for Enterprise Linux (EPEL) repository (already mention in the installation guide). All that is then required is to either use a URL of the form amqps://<host>:<port> where host is the brokers hostname and port is the SSL port (usually 5671), or to set the 'transport' attribute of the connection to "ssl". Note in the context of that last point that the current user guide has a mistake for the c++ client. It says 'To open an SSL enabled connection in the Qpid Messaging API, set the protocol connection option to ssl' but that should be the 'transport' connection option, not protocol. [1] https://issues.apache.org/jira/browse/QPID-3175
Changed to "transport": connection.setOption("transport", "ssl"); http://documentation-devel.engineering.redhat.com/docs/en-US/Red_Hat_Enterprise_MRG/2/html-single/Messaging_Programming_Reference/index.html#Enable_SSL ========================== Python connection details added: http://documentation-devel.engineering.redhat.com/docs/en-US/Red_Hat_Enterprise_MRG/2/html-single/Messaging_Installation_and_Configuration_Guide/index.html#Configure_SASL_using_a_Local_Password_File (In reply to comment #2) > At present the python client still does not support client authentication > with SSL[1]. It also does not verify that the hostname indicated by the > servers certificate matches that used for the connection. > > To connect over SSL using the python client on RHEL5 you must install the > python-ssl package from the Extra Packages for Enterprise Linux (EPEL) > repository (already mention in the installation guide). > > All that is then required is to either use a URL of the form > amqps://<host>:<port> where host is the brokers hostname and port is the SSL > port (usually 5671), or to set the 'transport' attribute of the connection > to "ssl". > > Note in the context of that last point that the current user guide has a > mistake for the c++ client. It says 'To open an SSL enabled connection in > the Qpid Messaging API, set the protocol connection option to ssl' but that > should be the 'transport' connection option, not protocol. > > [1] https://issues.apache.org/jira/browse/QPID-3175
The changes look good. -> VERIFIED
MRG Messaging 2.2.3 docs have been released as of 14 November 2012, the docs are now available on https://access.redhat.com/knowledge/docs/Red_Hat_Enterprise_MRG/