[rabbitmq-discuss] Pika + SSL

Gavin M. Roy gmr at myyearbook.com
Thu Apr 7 19:12:43 BST 2011


Try renaming the ssl_options option "cacertfile" to "cacerts"

This works for me:

    # Setup our ssl options
    ssl_options = {"cacerts": "/etc/rabbitmq/ssl/testca/cacert.pem",
                   "certfile": "/etc/rabbitmq/ssl/client/cert.pem",
                   "keyfile": "/etc/rabbitmq/ssl/client/key.pem",
                   "cert_reqs": CERT_REQUIRED,
                   "verify": "verify_peer",
                   "fail_if_no_peer_cert": True}

    # Connect to RabbitMQ
    host = (len(sys.argv) > 1) and sys.argv[1] or '127.0.0.1'
    connection = SelectConnection(ConnectionParameters(host, 5671),
                                  on_connected,
                                  ssl=True,
                                  ssl_options=ssl_options)


On Thu, Apr 7, 2011 at 10:26 AM, Matthew Long <mlong at rozoom.com> wrote:

> Hi Gavin,
>
> We tried it with logging turned on in pika but could not see any errors
> created. When we start the application it seems to connect for maybe a few
> seconds but dies right after that.
>
> These are the options we are using:
>
> #! /usr/bin/env python
> import ssl
> from QO.RabbitMQ.SpecialPublisher import SpecialPubliser
>
> ###Some other code
>
> #192.168.4.76:10000
>
> publ = SpecialPubliser()
> publ.host = 'IM02'
> publ.port = 5671
> publ.ssl = True
> publ.ssl_options = ({
>                                 "cacertfile":
> "/home/rouser/certs/testca/cacert.pem",
>                                 "certfile":
> "/home/rouser/certs/client/cert.pem",
>                                 "keyfile":
> "/home/rouser/certs/client/key.pem",
>                                 #'cert_reqs': ssl.CERT_REQUIRED
>                                 "verify": "verify_peer",
>                                 "fail_if_no_peer_cert": True
>                             })
> publ.username = 'guest'
> publ.password = 'guest'
> publ.exchange = 'test'
> publ.queue = 'test'
> publ.messagesNum = 10
> publ.message = message
> publ.Publish()
>
> We have the keys created and RabbitMQ running with SSL enabled. Does it
> work on your end? What else might be the issue?
>
> Let me know.
>
> Thanks,
> Matthew
>
>
> On Wed, Apr 6, 2011 at 6:59 PM, Gavin M. Roy <gmr at myyearbook.com> wrote:
>
>>  Good news, it was fairly painless to implement. I've pushed the commits
>> to https://github.com/pika/pika in master, if you'd like to test it out.
>> I used the instructions on http://www.rabbitmq.com/ssl.html to setup SSL
>> on the RabbitMQ server and tested against that.
>>
>> Currently this only works with the BlockingConnection, SelectConnection
>> and TornadoConnection.
>>
>> There are two new files in the examples: demo_ssl_send.py and
>> demo_ssl_receive.py.
>>
>> The SSL connection syntax is fairly painless:
>>
>>     connection = SelectConnection(ConnectionParameters(host, 5671),
>>                                   on_open_callback=on_connected,
>>                                   ssl=True)
>>
>> The ssl_options argument, if used, should be a dictionary of key-value
>> pairs for the arguments of ssl.wrap_socket as found at:
>>
>> http://docs.python.org/dev/library/ssl.html#socket-creation
>>
>> If you don't mind, please clone the repo and install from source and let
>> me know your results.
>>
>> Gavin
>>
>> On Wednesday, April 6, 2011 at 6:50 PM, Gavin M. Roy wrote:
>>
>>  On Wednesday, April 6, 2011 at 6:25 PM, Matthew Long wrote:
>>
>> Hello,
>>
>> Is there a way to use the amqp python library pika with rabbitmq
>> configured for ssl? I've looked at the code and the docs but there doesn't
>> seem to be ssl support built in.
>>
>> Not currently, I can look and see what's involved. I'm hacking on Pika 2
>> right now, but give me a few hours and I'll let you know what I find.
>>
>>  Does anyone know how we would go about using our application with pika
>> amqp connecting to rabbitmq ssl without switching to py-amqplib?
>>
>> Off the cuff, it's not possible without some sort of proxy. Just to
>> confirm, which version of Pika are you using?
>>
>> Gavin
>>
>>
>>
>
>
> --
> Matthew Long
> CEO - roZoom, Inc
> Phone: 773-584-8225
> Email: mlong at rozoom.com
> *www.rozoom.com*
> <http://rozoom.com>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rabbitmq.com/pipermail/rabbitmq-discuss/attachments/20110407/fac57313/attachment-0001.htm>


More information about the rabbitmq-discuss mailing list