Red Hat SummitEste contenido no está disponible en el idioma seleccionado.
8.2.8. Enable SSL in Python Clients
To use SSL with the Python client either:
- Use a URL of the form
amqps://<host>:<port>, where host is the brokers hostname and port is the SSL port (usually 5671), or - Set the '
transport' attribute of the connection to "ssl".
The Python client has some limitations in SSL functionality:
Server authentication must be demanded, and the client name must be explicitly provided when using the
EXTERNAL SASL mechanism for authentication.
- The Python clients has an optional parameter
ssl_trustfile(see Python SSL Parameters). When this parameter is specified, trust store validation of the certificate is performed. - The Python client matches the server's SSL certificate against the connection hostname when the optional parameter
ssl_trustfileis supplied. - When using the EXTERNAL SASL mechanism for authentication, you must provide the client name in the connection string. This client name provided in the connection string must match the identity of the SSL certificate. Missing either these two will cause the connection to fail: by not providing the client name in the connection string, or providing a client name that does match the identity of the SSL certificate.
Python SSL Parameters
The QPID Python client accepts the following SSL-related configuration parameters:
ssl_certfile- the path to a file that contains the PEM-formatted certificate used to identify the local side of the connection (the client). This is needed if the server requires client-side authentication.ssl_keyfile- In some cases the client's private key is stored in the same file as the certificate (i.e. ssl_certfile). If thessl_certfiledoes not contain the client's private key, this parameter must be set to the path to a file containing the private key in PEM file format.ssl_skip_hostname_check- When set to true the connection hostname verification against the server certificate is skipped.ssl_trustfile- this parameter contains a path to a PEM-formatted file containing a chain of trusted Certificate Authority (CA) certificates. These certificates are used to authenticate the remote server.- These parameters are passed as arguments to the
qpid.Connection()object when it is constructed. For example:Connection("amqps://client@127.0.0.1:5671", ssl_certfile="/path/to/certfile", ssl_keyfile="/path/to/keyfile")
See Also:
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}