diff options
| author | Keith Wall <kwall@apache.org> | 2014-09-06 22:06:57 +0000 |
|---|---|---|
| committer | Keith Wall <kwall@apache.org> | 2014-09-06 22:06:57 +0000 |
| commit | 5192c8598a259c57858e73f3d32749e40f762dce (patch) | |
| tree | 1424711acef21471041447f3e69b643f03ddd8f2 | |
| parent | f85b65fc9947af2924c9791bcdcf68cd84dbf278 (diff) | |
| download | qpid-python-5192c8598a259c57858e73f3d32749e40f762dce.tar.gz | |
QPID-6086: [Python Client] 08..091 Add support for SSL and client cert authentication
git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk/qpid@1622953 13f79535-47bb-0310-9956-ffa450edef68
| -rw-r--r-- | python/qpid/client.py | 4 | ||||
| -rw-r--r-- | python/qpid/connection08.py | 23 |
2 files changed, 24 insertions, 3 deletions
diff --git a/python/qpid/client.py b/python/qpid/client.py index 4d42a8b20f..9380594973 100644 --- a/python/qpid/client.py +++ b/python/qpid/client.py @@ -77,13 +77,13 @@ class Client: self.lock.release() return q - def start(self, response, mechanism="AMQPLAIN", locale="en_US", tune_params=None, client_properties=None): + def start(self, response, mechanism="AMQPLAIN", locale="en_US", tune_params=None, client_properties=None, connection_options=None): self.mechanism = mechanism self.response = response self.locale = locale self.tune_params = tune_params self.client_properties=get_client_properties_with_defaults(provided_client_properties=client_properties) - self.socket = connect(self.host, self.port) + self.socket = connect(self.host, self.port, connection_options) self.conn = Connection(self.socket, self.spec) self.peer = Peer(self.conn, ClientDelegate(self), Session) diff --git a/python/qpid/connection08.py b/python/qpid/connection08.py index e4762ff974..49310fb537 100644 --- a/python/qpid/connection08.py +++ b/python/qpid/connection08.py @@ -63,8 +63,29 @@ class SockIO: self.sock.shutdown(SHUT_RDWR) self.sock.close() -def connect(host, port): +def connect(host, port, options = None): sock = socket.socket() + + if options and options.get("ssl", False): + log.debug("Wrapping socket for SSL") + from ssl import wrap_socket, CERT_REQUIRED, CERT_NONE + + ssl_certfile = options.get("ssl_certfile", None) + ssl_keyfile = options.get("ssl_keyfile", ssl_certfile) + ssl_trustfile = options.get("ssl_trustfile", None) + ssl_require_trust = options.get("ssl_require_trust", True) + + if ssl_require_trust: + validate = CERT_REQUIRED + else: + validate = CERT_NONE + + sock = wrap_socket(sock, + keyfile = ssl_keyfile, + certfile = ssl_certfile, + ca_certs = ssl_trustfile, + cert_reqs = validate) + sock.connect((host, port)) sock.setblocking(1) return SockIO(sock) |