-
Notifications
You must be signed in to change notification settings - Fork 87
Allow ssl.SSLContext instance to be supplied to connect and from_url … #142
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Conversation
What happened with this? Is this issue actually still open? I see the pull request and all checks have passed with a few unit tests. Is something missing? |
Hi, I'm very sorry for this late answer, but we need some more changes: |
Hi @dzen , is it just the method documentation that needs to be changed or supporting either a boolean or SSLContext in the ssl keyword argument? If the later then I tend to agree with you but I have taken the same approach as the standard library (see https://docs.python.org/3/library/asyncio-eventloop.html#opening-network-connections. |
Ping @RemiCardona for any opinion on this |
If anything, this PR doesn't go far enough. We should just get rid of the few lines where we try to create a context ourselves and set options on it. We should just have a single |
@dzen @RemiCardona removing bool support in the ssl parameter is going to break backwards compatibility which IMO is a big call and seems a step away from "batteries included". In the PR I tried to come up with what I felt was the least intrusive compromise but I'm happy to rework whatever way you decided. |
@pwistrand : IMHO since we're still not in 1.0 version the API may change, and it already did. Feel free to contribute as suggested :) |
Happy to help work on this as it's something I need too. I agree with what @dzen said, it's only at 0.12 so breaking changes may occur if they're important enough. |
@notmeta I'm overloaded at the moment so if you want to go ahead and make the changes go for it. |
@pwistrand mind giving me access to your forked repo? cheers |
@notmeta invite sent |
aioamqp/__init__.py
Outdated
ssl_context.check_hostname = False | ||
ssl_context.verify_mode = ssl_module.CERT_NONE | ||
create_connection_kwargs['ssl'] = ssl_context | ||
ssl.check_hostname = False |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We may want to remove the verify_ssl parameter, since the context can be configured in the parent code
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I agree - have removed 🙂
To be honest, the PR would be more readable if you rebase it from master |
…mirroring loop.create_connection()
Done, I've cleaned it up - sorry about that, must have messed something up whilst merging originally |
We will merge soon :) |
Rebased & Merged |
This is a killer feature. I'd love to use it in a library I maintain, channels_rabbitmq. Could we please have a new release? (Or if releasing is hard, could you please share an idea of when the next release will happen?) |
Hello @adamhooper, we've done a lots of changes on master last two past month. |
@dzen At long last I've tested |
Agreed, a release would be much appreciated; it's been a while. |
Just released aioamqp 0.13.0. Feel free to report new incorrect behaviour and such ! Thanks for your patience 🙏 |
Its impossible to use client side certificates with a TLS termination proxy to connect to rabbitmq without having control over the ssl.SSLContext. This change is a simple one that makes the from_url and connect methods behaviour like the loop.create_connection() they ultimately call. This will also make using self signed certificates since they don't have to be installed in an OS dependant manner but instead can just be referenced by the path in the supplied context. See #91