You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@qpid.apache.org by Dedeepya Tunga <de...@yahoo.in.INVALID> on 2021/02/18 14:39:47 UTC

Help needed to configure TLS on qpid proton python bindings

Hi folks,
Am trying to connect to qpid broker from proton via a Tls enabled port. However I see that proton is making plain connection by default, which is connected using ssl on broker side.
* How do I enforce tls connection from proton ?* How can I specify the cert location ?* How do we enable/disable hostname validation for the certs.?
Regards,Dedeepya.T

Re: Help needed to configure TLS on qpid proton python bindings

Posted by Robbie Gemmell <ro...@gmail.com>.

I believe you need to call set_peer_authentication
http://qpid.apache.org/releases/qpid-proton-0.33.0/proton/python/docs/proton.html#proton.SSLDomain,
with SSLDomain.VERIFY_PEER_NAME or SSLDomain.VERIFY_PEER depending on
whether you want host verification or not.

The tests at https://github.com/apache/qpid-proton/blob/0.33.0/python/tests/proton_tests/ssl.py
might be useful to look at.

On Thu, 18 Feb 2021 at 15:40, Dedeepya Tunga
<de...@yahoo.in.invalid> wrote:
>
>  Small clarification on my query.
> TLS infact is working on the proton by default without providing any of the self signed certificates, whilst the expectation is to get certificate error.
> Please find below the code snippet usedfor enabing SSL connections on proton hello world def on_start(self, event):        my_domain = proton.SSLDomain(mode=proton.SSLDomain.MODE_CLIENT)
>         my_domain.set_trusted_ca_db('/etc/ssl/certs/selfsigned.pem')
>
> conn = event.container.connect(url="amqps://localhost:5672",                                                    user="foo",
>                                                     password="token",
>                                                     ssl_domain=my_domain)
>
>     On Thursday, 18 February, 2021, 08:10:03 pm IST, Dedeepya Tunga <de...@yahoo.in.invalid> wrote:
>
>  Hi folks,
> Am trying to connect to qpid broker from proton via a Tls enabled port. However I see that proton is making plain connection by default, which is connected using ssl on broker side.
> * How do I enforce tls connection from proton ?* How can I specify the cert location ?* How do we enable/disable hostname validation for the certs.?
> Regards,Dedeepya.T
>

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@qpid.apache.org
For additional commands, e-mail: users-help@qpid.apache.org

Re: Help needed to configure TLS on qpid proton python bindings

Posted by Dedeepya Tunga <de...@yahoo.in.INVALID>.

 Small clarification on my query.
TLS infact is working on the proton by default without providing any of the self signed certificates, whilst the expectation is to get certificate error.
Please find below the code snippet usedfor enabing SSL connections on proton hello world def on_start(self, event):        my_domain = proton.SSLDomain(mode=proton.SSLDomain.MODE_CLIENT)
        my_domain.set_trusted_ca_db('/etc/ssl/certs/selfsigned.pem')

conn = event.container.connect(url="amqps://localhost:5672",                                                    user="foo",
                                                    password="token",
                                                    ssl_domain=my_domain)

    On Thursday, 18 February, 2021, 08:10:03 pm IST, Dedeepya Tunga <de...@yahoo.in.invalid> wrote:  
 
 Hi folks,
Am trying to connect to qpid broker from proton via a Tls enabled port. However I see that proton is making plain connection by default, which is connected using ssl on broker side.
* How do I enforce tls connection from proton ?* How can I specify the cert location ?* How do we enable/disable hostname validation for the certs.?
Regards,Dedeepya.T