Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

For pyamqp, if connection url contains amqps, then certificates are never validated against provided ca certificates #1149

Closed
pyushagarwal opened this issue Jan 28, 2020 · 1 comment
Closed

For pyamqp, if connection url contains amqps, then certificates are never validated against provided ca certificates #1149

pyushagarwal opened this issue Jan 28, 2020 · 1 comment

Comments

@pyushagarwal
Copy link
Contributor

pyushagarwal commented Jan 28, 2020
edited

For pyamqp transport, if connection url contains the string amqps(notice the s), then the server certificates are never validated against the ca certs, even if they are provided.
Inside pyamqp.py. file line 182

`class SSLTransport(Transport):
"""AMQP SSL Transport."""

def __init__(self, *args, **kwargs):
    super(SSLTransport, self).__init__(*args, **kwargs)

    # ugh, not exactly pure, but hey, it's python.
    self.client.ssl = True`

The above code demonstrates the part where they are overwritten.

Creating the custom connection object

connection = kombu.Connection(
"amqps://guest:guest@localhost:5671",
login_method="PLAIN",
ssl={
'ca_certs': '"ca_cert_path",
'cert_reqs': ssl.CERT_REQUIRED
}
)

But if the url contains the string amqp(without s), then the server certificates are validated.
@pyushagarwal
Copy link
Contributor Author

pyushagarwal commented Jan 30, 2020
edited

I have raised a PR for this bug
#1151

auvipy pushed a commit that referenced this issue Feb 28, 2020
@pyushagarwal
#1149 Enabled ssl certificate verification against ca certificates wh…
b22cb50 
…en amqps is used for pyamqp transport (#1151)

* enabled ssl certificate verification when amqps is used for pyamqp transport

* unit tests
@mattbennett mattbennett mentioned this issue Nov 30, 2021
Closed
@vogt31337 vogt31337 mentioned this issue Feb 20, 2022
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@pyushagarwal