On 16/11/17 15:05, Ken Giusti wrote:
Hi Andreas,
100% totally untested, but...
The Container.connect() method takes an SSLDomain object via the
ssl_domain parameter. You'll want to instantiate the
proton.SSLDomain, calling set_credentials to setup the CA to use to
validate the broker's cert.
The container actually already has an instance you can use. E.g. as in
attached example.
connect() also takes a URL, the scheme must be 'amqps'
That will actually work with no other configuration BUT will not verify
the peers certificate in anyway. That is what the extra configuration does.
See the on_start method in helloworld.py - you'll need to do something
like this:
def on_start(self, event):
my_domain = proton.SSLDomain(mode=MODE_CLIENT)
my_domain.set_trusted_ca_db( ...path to CA PEM file...)
conn = event.container.connect(url='amqps://broker-host:port',
ssl_domain=my_domain)
....
Again, totally untested but I think that's how to do it.
On Thu, Nov 16, 2017 at 4:55 AM, andi welchlin <[email protected]> wrote:
Hello All,
I need to use a Python3 AMQP 1.0 API in order to access a Qpid C++ Broker.
So I am going for the Proton API since the Qpid Python API is only usable
with Python 2.
In the past I used the C++ Qpid API with SSL and it worked fine. There you
just had to set three environment variables and it worked.
Now I tested the Proton Python API based on examples like simple_send.py
and simple_recv.py and it worked well (after installing the python3
bindings).
For real life I need to use SSL. So I asked myself how to do it using the
MessagingHandler. I found no example or documentation where you can see how
to use it with SSL.
Could anyone give me a hint or show an example program?
Kind Regards,
Andreas
#!/usr/bin/env python
#
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
#
from __future__ import print_function
import optparse
from proton import SSLDomain
from proton.handlers import MessagingHandler
from proton.reactor import Container
class Recv(MessagingHandler):
def __init__(self, url):
super(Recv, self).__init__()
self.url = url
def on_start(self, event):
event.container.allowed_mechs = 'EXTERNAL'
event.container.ssl.client.set_trusted_ca_db('ca.crt')
event.container.ssl.client.set_peer_authentication(SSLDomain.VERIFY_PEER, 'ca.crt')
event.container.ssl.client.set_credentials('tls.crt', 'tls.key', None)
event.container.connect(self.url)
def on_connection_opened(self, event):
print("Connected!")
parser = optparse.OptionParser(usage="usage: %prog url")
parser.add_option("-a", "--address", default="amqps://localhost:5671",
help="address to listen on")
opts, args = parser.parse_args()
try:
Container(Recv(opts.address)).run()
except KeyboardInterrupt: pass
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
