qpid-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "JAkub Scholz (Commented) (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (QPID-3175) SSL support in Python client libraries
Date Fri, 30 Mar 2012 10:18:30 GMT

    [ https://issues.apache.org/jira/browse/QPID-3175?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13242223#comment-13242223

JAkub Scholz commented on QPID-3175:


It is great to see the fix committed to trunk. Nevertheless I found one related problem ...
it adds the support for EXTERNAL mechanism only to the PlainClient class. But the WrapperClient
class remained unchanged. And since on systems where the python-saslwrapper is installed,
it uses the WrapperClient and the SASL library instead of the PlainClient, the EXTERNAL mechanism
doesn't work.

I prepared and attached another patch which fixes this problem as well. It modifies the messaging/driver.py
to detect the EXTERNAL mechanism and sets the "externaluser" attribute for the WrapperClient
as well as for the PlainClient. That makes the EXTERNAL mechanism really work in both situations

> SSL support in Python client libraries
> --------------------------------------
>                 Key: QPID-3175
>                 URL: https://issues.apache.org/jira/browse/QPID-3175
>             Project: Qpid
>          Issue Type: Bug
>          Components: Python Client
>    Affects Versions: 0.8
>         Environment: Windows XP, Python 2.7.1, (broker Red Hat MRG 1.3 on RHEL 5.5)
>            Reporter: JAkub Scholz
>            Assignee: Rafael H. Schloming
>              Labels: possibly_complete
>             Fix For: 0.15
>         Attachments: QPID-3175.patch, QPID-3175a.patch
> I was trying to connect to my broker with SSL encrypted connection (both PLAIN and EXTERNAL
authentication methods). However, it seems to be not working. I get following error messages:
> Traceback (most recent call last):
>   File "ssl-external.py", line 20, in <module>
>     connection.open()
>   File "<string>", line 6, in open
>   File "c:\opt\!_EUREX14\tests\qpid.python-0.8\python\qpid\messaging\endpoints.py", line
244, in open
>     self.attach()
>   File "<string>", line 6, in attach
>   File "c:\opt\!_EUREX14\tests\qpid.python-0.8\python\qpid\messaging\endpoints.py", line
262, in attach
>     self._ewait(lambda: self._transport_connected and not self._unlinked())
>   File "c:\opt\!_EUREX14\tests\qpid.python-0.8\python\qpid\messaging\endpoints.py", line
197, in _ewait
>     self.check_error()
>   File "c:\opt\!_EUREX14\tests\qpid.python-0.8\python\qpid\messaging\endpoints.py", line
190, in check_error
>     raise self.error
> qpid.messaging.exceptions.ConnectError: [Errno 1] _ssl.c:499: error:14094412:SSL routines:SSL3_READ_BYTES:sslv3
alert bad certificate
> In the source codes (messaging/transports.py), the SSL seems to be supported and implemented,
but it is not working. I didn't found any possibilities how to pass the certificates to the
SSL libraries and the wrap_socket call in transports.py is calling the wrap_socket without
any additional attributes except the original socket.
> I didn't had the chance to test other platforms or Python versions, except Python 2.4.3
on RHEL 5.5, where the SSL is not supported at all (the SSL support in Python changed significantly
with 2.6)

This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira


To unsubscribe, e-mail: dev-unsubscribe@qpid.apache.org
For additional commands, e-mail: dev-help@qpid.apache.org

View raw message