Thanks Gordon for the quick solution. It works on windows when i use pkcs
certificate.I am generating a self signed certificate with my ip address as CN
and hostname and localhost as alternate DNS. However when i try to verify host
am getting the below error on both linux and windows. Kindly suggest.
Code to verify host on ssl domain:ssl_domain =
SSLDomain(SSLDomain.Mode_Client)ca =
"/certs/selfsigned.pem"ssl_domain.set_trusted_ca_db(str(ca))#verify
hostnamessl_domain.set_peer_authentication(SSLDomain.VERIFY_PEER_NAME,str(ca))
Error message:
Linux Machine:proton._exceptions.connectionException: connection
amqps://localhost:5671 disconnected: condition('amqp:connection:framing-error',
'SSL Failure: error"14090086:SSL
routines:ssl3_get_server_certificate:certificate verify failed')
Windows machine:proton._exceptions.connectionException: connection
amqps://localhost:5671 disconnected: condition('amqp:connection:framing-error',
'SSL Failure: TLS certificate verification error')
Note:When i comment out the peer authentication, the program runs fine.
Regards,Dedeepya. On Wednesday, 10 March, 2021, 04:42:22 pm IST, Gordon Sim
<[email protected]> wrote:
On 10/03/2021 10:57, Dedeepya Tunga wrote:
> Hi folks,
> I am trying to connect to a amqp ssl port from qpid proton. below is the
> piece of code am using to pass the certificate path for SSL domain.
> def on_start(self, event): ssl_domain = SSLDomain(SSLDomain.MODE_CLIENT)
> #path to CA certificate
> ca = "/I/certs/selfsigned.pem"
> ssl_domain.set_trusted_ca_db(str(ca))
> ssl_domain.set_peer_authentication(SSLDomain.VERIFY_PEER_NAME, str(ca))
>
> #conect to the broker
> conn = event.container.connect(url=self.server, user=self.username,
>password=self.password, virtual_host=self.virtualhost)
>
> This works on linux environment, however it gives the below error on windows
> machine. Can someone please guide me here.
> Error:
> File "\proton\_handlers.py", line 792, in on_reactor_init
> self.on_start(event)File "\helloworld.py", line 27, in on_start
> ssl.domain.set_trusted_ca_db(str(ca))
> File "\proton\_transport.py", line 771, in _check raise exc("SSL
> failure.")
> proton._exceptions.SSLException: SSL failure
> Another thing I tried is adding certificates to the windows trusted CAs with
> no luck!
You need to convert the pem format certs to pkcs12. See
https://github.com/apache/qpid-proton/blob/master/c/src/ssl/PLATFORM_NOTES.md#schannel
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
