QPID-6086: [Python Client] 08..091 Add support for SSL and client cert authentication
diff --git a/qpid/client.py b/qpid/client.py
index 4d42a8b..9380594 100644
--- a/qpid/client.py
+++ b/qpid/client.py
@@ -77,13 +77,13 @@
self.lock.release()
return q
- def start(self, response, mechanism="AMQPLAIN", locale="en_US", tune_params=None, client_properties=None):
+ def start(self, response, mechanism="AMQPLAIN", locale="en_US", tune_params=None, client_properties=None, connection_options=None):
self.mechanism = mechanism
self.response = response
self.locale = locale
self.tune_params = tune_params
self.client_properties=get_client_properties_with_defaults(provided_client_properties=client_properties)
- self.socket = connect(self.host, self.port)
+ self.socket = connect(self.host, self.port, connection_options)
self.conn = Connection(self.socket, self.spec)
self.peer = Peer(self.conn, ClientDelegate(self), Session)
diff --git a/qpid/connection08.py b/qpid/connection08.py
index e4762ff..49310fb 100644
--- a/qpid/connection08.py
+++ b/qpid/connection08.py
@@ -63,8 +63,29 @@
self.sock.shutdown(SHUT_RDWR)
self.sock.close()
-def connect(host, port):
+def connect(host, port, options = None):
sock = socket.socket()
+
+ if options and options.get("ssl", False):
+ log.debug("Wrapping socket for SSL")
+ from ssl import wrap_socket, CERT_REQUIRED, CERT_NONE
+
+ ssl_certfile = options.get("ssl_certfile", None)
+ ssl_keyfile = options.get("ssl_keyfile", ssl_certfile)
+ ssl_trustfile = options.get("ssl_trustfile", None)
+ ssl_require_trust = options.get("ssl_require_trust", True)
+
+ if ssl_require_trust:
+ validate = CERT_REQUIRED
+ else:
+ validate = CERT_NONE
+
+ sock = wrap_socket(sock,
+ keyfile = ssl_keyfile,
+ certfile = ssl_certfile,
+ ca_certs = ssl_trustfile,
+ cert_reqs = validate)
+
sock.connect((host, port))
sock.setblocking(1)
return SockIO(sock)