Rafael,
I just checked in basic support for SSL today. It runs through the python test suite (over SSL) with no problems. I haven't tried client auth or anything like that yet though.
When you say that you haven't tried client auth - by 'client auth' do you mean verifying the certificate of the peer?
If I am not mistaken, you are using the socket.ssl function (as imported by qpid/util.py) to initiate the SSL communications over the socket. I note from the Python docs (at least for 2.5.2) that this function does not do any certificate verification.
Would it be appropriate for me to investigate use of the Python ssl class, which offers more options in regards to certificate validation? The caveat here is that it depends on OpenSSL, which may or may not be present on a given Python installation... and it *appears* to be limited to Python 2.6, which is a big drawback. And it won't help me, since my use of Python qpid will be inside OpenOffice.org, which is 99 Python revisions behind the current.
I will, however, test that the broker correctly refuses a connection from the Python SSL client that does not provide the correct cert.
Thoughts? Thanks, -Josh -- ----- http://www.globalherald.net/jb01 GlobalHerald.NET, the Smarter Social Network! (tm)
