[rabbitmq-discuss] Pika + SSL
Gavin M. Roy
gmr at myyearbook.com
Thu Apr 7 19:12:43 BST 2011
Try renaming the ssl_options option "cacertfile" to "cacerts"
This works for me:
# Setup our ssl options
ssl_options = {"cacerts": "/etc/rabbitmq/ssl/testca/cacert.pem",
"certfile": "/etc/rabbitmq/ssl/client/cert.pem",
"keyfile": "/etc/rabbitmq/ssl/client/key.pem",
"cert_reqs": CERT_REQUIRED,
"verify": "verify_peer",
"fail_if_no_peer_cert": True}
# Connect to RabbitMQ
host = (len(sys.argv) > 1) and sys.argv[1] or '127.0.0.1'
connection = SelectConnection(ConnectionParameters(host, 5671),
on_connected,
ssl=True,
ssl_options=ssl_options)
On Thu, Apr 7, 2011 at 10:26 AM, Matthew Long <mlong at rozoom.com> wrote:
> Hi Gavin,
>
> We tried it with logging turned on in pika but could not see any errors
> created. When we start the application it seems to connect for maybe a few
> seconds but dies right after that.
>
> These are the options we are using:
>
> #! /usr/bin/env python
> import ssl
> from QO.RabbitMQ.SpecialPublisher import SpecialPubliser
>
> ###Some other code
>
> #192.168.4.76:10000
>
> publ = SpecialPubliser()
> publ.host = 'IM02'
> publ.port = 5671
> publ.ssl = True
> publ.ssl_options = ({
> "cacertfile":
> "/home/rouser/certs/testca/cacert.pem",
> "certfile":
> "/home/rouser/certs/client/cert.pem",
> "keyfile":
> "/home/rouser/certs/client/key.pem",
> #'cert_reqs': ssl.CERT_REQUIRED
> "verify": "verify_peer",
> "fail_if_no_peer_cert": True
> })
> publ.username = 'guest'
> publ.password = 'guest'
> publ.exchange = 'test'
> publ.queue = 'test'
> publ.messagesNum = 10
> publ.message = message
> publ.Publish()
>
> We have the keys created and RabbitMQ running with SSL enabled. Does it
> work on your end? What else might be the issue?
>
> Let me know.
>
> Thanks,
> Matthew
>
>
> On Wed, Apr 6, 2011 at 6:59 PM, Gavin M. Roy <gmr at myyearbook.com> wrote:
>
>> Good news, it was fairly painless to implement. I've pushed the commits
>> to https://github.com/pika/pika in master, if you'd like to test it out.
>> I used the instructions on http://www.rabbitmq.com/ssl.html to setup SSL
>> on the RabbitMQ server and tested against that.
>>
>> Currently this only works with the BlockingConnection, SelectConnection
>> and TornadoConnection.
>>
>> There are two new files in the examples: demo_ssl_send.py and
>> demo_ssl_receive.py.
>>
>> The SSL connection syntax is fairly painless:
>>
>> connection = SelectConnection(ConnectionParameters(host, 5671),
>> on_open_callback=on_connected,
>> ssl=True)
>>
>> The ssl_options argument, if used, should be a dictionary of key-value
>> pairs for the arguments of ssl.wrap_socket as found at:
>>
>> http://docs.python.org/dev/library/ssl.html#socket-creation
>>
>> If you don't mind, please clone the repo and install from source and let
>> me know your results.
>>
>> Gavin
>>
>> On Wednesday, April 6, 2011 at 6:50 PM, Gavin M. Roy wrote:
>>
>> On Wednesday, April 6, 2011 at 6:25 PM, Matthew Long wrote:
>>
>> Hello,
>>
>> Is there a way to use the amqp python library pika with rabbitmq
>> configured for ssl? I've looked at the code and the docs but there doesn't
>> seem to be ssl support built in.
>>
>> Not currently, I can look and see what's involved. I'm hacking on Pika 2
>> right now, but give me a few hours and I'll let you know what I find.
>>
>> Does anyone know how we would go about using our application with pika
>> amqp connecting to rabbitmq ssl without switching to py-amqplib?
>>
>> Off the cuff, it's not possible without some sort of proxy. Just to
>> confirm, which version of Pika are you using?
>>
>> Gavin
>>
>>
>>
>
>
> --
> Matthew Long
> CEO - roZoom, Inc
> Phone: 773-584-8225
> Email: mlong at rozoom.com
> *www.rozoom.com*
> <http://rozoom.com>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rabbitmq.com/pipermail/rabbitmq-discuss/attachments/20110407/fac57313/attachment-0001.htm>
More information about the rabbitmq-discuss
mailing list