Bug 729391 - [RFE] Python SSL client connection details not provided
Summary: [RFE] Python SSL client connection details not provided
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Red Hat Enterprise MRG
Classification: Red Hat
Component: Messaging_Installation_and_Configuration_Guide
Version: 2.0
Hardware: Unspecified
OS: Unspecified
high
high
Target Milestone: 2.2.3
: ---
Assignee: Joshua Wulf
QA Contact: Leonid Zhaldybin
URL:
Whiteboard:
Depends On: 782806
Blocks:
TreeView+ depends on / blocked
 
Reported: 2011-08-09 18:14 UTC by ppecka
Modified: 2014-11-09 22:38 UTC (History)
7 users (show)

Fixed In Version:
Doc Type: Enhancement
Doc Text:
Clone Of:
Environment:
Last Closed: 2012-11-19 04:27:44 UTC


Attachments (Terms of Use)

Description ppecka 2011-08-09 18:14:52 UTC
Description of problem:
Python client setup for SSL details are not provided in "Messaging User Guide" chapter "10.3. Encryption using SSL", sub-chapter "Enabling SSL in Clients"
There are chapters just for "C++ clients", and "Java clients". Section on "Python clients" is missing.

Comment 1 Alison Young 2011-08-10 00:22:25 UTC
Will need to acquire source content from engineering. 
Setting needinfo for Gordon, but can be filled by anybody.

Comment 2 Gordon Sim 2011-09-05 19:25:18 UTC
At present the python client still does not support client authentication with SSL[1]. It also does not verify that the hostname indicated by the servers certificate matches that used for the connection.

To connect over SSL using the python client on RHEL5 you must install the python-ssl package from the Extra Packages for Enterprise Linux (EPEL) repository (already mention in the installation guide).

All that is then required is to either use a URL of the form amqps://<host>:<port> where host is the brokers hostname and port is the SSL port (usually 5671), or to set the 'transport' attribute of the connection to "ssl".

Note in the context of that last point that the current user guide has a mistake for the c++ client. It says 'To open an SSL enabled connection in the Qpid Messaging API, set the protocol connection option to ssl' but that should be the 'transport' connection option, not protocol.

[1] https://issues.apache.org/jira/browse/QPID-3175

Comment 6 Joshua Wulf 2012-10-25 09:54:26 UTC
Changed to "transport":

connection.setOption("transport", "ssl");

http://documentation-devel.engineering.redhat.com/docs/en-US/Red_Hat_Enterprise_MRG/2/html-single/Messaging_Programming_Reference/index.html#Enable_SSL


==========================

Python connection details added:

http://documentation-devel.engineering.redhat.com/docs/en-US/Red_Hat_Enterprise_MRG/2/html-single/Messaging_Installation_and_Configuration_Guide/index.html#Configure_SASL_using_a_Local_Password_File




(In reply to comment #2)
> At present the python client still does not support client authentication
> with SSL[1]. It also does not verify that the hostname indicated by the
> servers certificate matches that used for the connection.
> 
> To connect over SSL using the python client on RHEL5 you must install the
> python-ssl package from the Extra Packages for Enterprise Linux (EPEL)
> repository (already mention in the installation guide).
> 
> All that is then required is to either use a URL of the form
> amqps://<host>:<port> where host is the brokers hostname and port is the SSL
> port (usually 5671), or to set the 'transport' attribute of the connection
> to "ssl".
> 
> Note in the context of that last point that the current user guide has a
> mistake for the c++ client. It says 'To open an SSL enabled connection in
> the Qpid Messaging API, set the protocol connection option to ssl' but that
> should be the 'transport' connection option, not protocol.
> 
> [1] https://issues.apache.org/jira/browse/QPID-3175

Comment 7 Leonid Zhaldybin 2012-10-31 07:47:13 UTC
The changes look good.

-> VERIFIED

Comment 8 Cheryn Tan 2012-11-19 04:27:44 UTC
MRG Messaging 2.2.3 docs have been released as of 14 November 2012, the docs are now available on https://access.redhat.com/knowledge/docs/Red_Hat_Enterprise_MRG/


Note You need to log in before you can comment on or make changes to this bug.