QPID-4337: add SSL support for older python clients.
diff --git a/qpid/messaging/transports.py b/qpid/messaging/transports.py
index 532c365..e901e98 100644
--- a/qpid/messaging/transports.py
+++ b/qpid/messaging/transports.py
@@ -55,7 +55,41 @@
from ssl import wrap_socket, SSLError, SSL_ERROR_WANT_READ, \
SSL_ERROR_WANT_WRITE
except ImportError:
- pass
+
+ ## try the older python SSL api:
+ from socket import ssl
+
+ class old_ssl(SocketTransport):
+ def __init__(self, conn, host, port):
+ SocketTransport.__init__(self, conn, host, port)
+ # Bug (QPID-4337): this is the "old" version of python SSL.
+ # The private key is required. If a certificate is given, but no
+ # keyfile, assume the key is contained in the certificate
+ ssl_keyfile = conn.ssl_keyfile
+ ssl_certfile = conn.ssl_certfile
+ if ssl_certfile and not ssl_keyfile:
+ ssl_keyfile = ssl_certfile
+ self.ssl = ssl(self.socket, keyfile=ssl_keyfile, certfile=ssl_certfile)
+ self.socket.setblocking(1)
+
+ def reading(self, reading):
+ return reading
+
+ def writing(self, writing):
+ return writing
+
+ def recv(self, n):
+ return self.ssl.read(n)
+
+ def send(self, s):
+ return self.ssl.write(s)
+
+ def close(self):
+ self.socket.close()
+
+ TRANSPORTS["ssl"] = old_ssl
+ TRANSPORTS["tcp+tls"] = old_ssl
+
else:
class tls(SocketTransport):
diff --git a/qpid/util.py b/qpid/util.py
index 39ad1d8..5b1a876 100644
--- a/qpid/util.py
+++ b/qpid/util.py
@@ -24,8 +24,12 @@
except ImportError:
from socket import ssl as wrap_socket
class ssl:
-
def __init__(self, sock, keyfile=None, certfile=None, trustfile=None):
+ # Bug (QPID-4337): this is the "old" version of python SSL.
+ # The private key is required. If a certificate is given, but no
+ # keyfile, assume the key is contained in the certificate
+ if certfile and not keyfile:
+ keyfile = certfile
self.sock = sock
self.ssl = wrap_socket(sock, keyfile=keyfile, certfile=certfile)
