File: tls_server_authentication.rst

package info (click to toggle)
python-pika 1.3.2-3
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid
  • size: 2,068 kB
  • sloc: python: 20,886; makefile: 136
file content (54 lines) | stat: -rw-r--r-- 2,217 bytes parent folder | download | duplicates (2) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
 
TLS parameters example
=============================
This examples demonstrates a TLS session with RabbitMQ using server authentication.

Note the use of `ssl.PROTOCOL_TLSv1_2`. The recent versions of RabbitMQ disable older versions of
SSL due to security vulnerabilities.

See https://www.rabbitmq.com/ssl.html for certificate creation and rabbitmq SSL configuration instructions.


tls_example.py::

    import ssl
    import pika
    import logging

    logging.basicConfig(level=logging.INFO)

    context = ssl.create_default_context(
        cafile="/Users/me/tls-gen/basic/result/ca_certificate.pem")
    context.verify_mode = ssl.CERT_REQUIRED
    context.load_cert_chain("/Users/me/tls-gen/result/client_certificate.pem",
                            "/Users/me/tls-gen/result/client_key.pem")
    ssl_options = pika.SSLOptions(context, "localhost")
    conn_params = pika.ConnectionParameters(port=5671,
                                            ssl_options=ssl_options)

    with pika.BlockingConnection(conn_params) as conn:
        ch = conn.channel()
        print(ch.queue_declare("sslq"))
        ch.publish("", "sslq", "abc")
        print(ch.basic_get("sslq"))


rabbitmq.conf::

    %% In this example, both the client and RabbitMQ server are assumed to be running on the same machine
    %% with a self-signed set of certificates generated using https://github.com/rabbitmq/tls-gen.
    %%
    %% To find out the default rabbitmq.conf location, see https://www.rabbitmq.com/configure.html.
    %%
    %% The contents of the example config file are for demonstration purposes only.
    %% See https://www.rabbitmq.com/ssl.html to learn how to use TLS for client connections in RabbitMQ.
    %%
    %% The example below allows clients without a certificate to connect
    %% but performs peer verification on those that present a certificate chain.

    listeners.ssl.default = 5671

    ssl_options.cacertfile = /Users/me/tls-gen/basic/result/ca_certificate.pem
    ssl_options.certfile = /Users/me/tls-gen/basic/result/server_certificate.pem
    ssl_options.keyfile = /Users/me/tls-gen/basic/result/server_key.pem
    ssl_options.verify = verify_peer
    ssl_options.fail_if_no_peer_cert = false