GithubHelp home page GithubHelp logo

Comments (5)

nikipore avatar nikipore commented on August 11, 2024

@ktdreyer: Did you install twisted[tls]?
@cjrh: Please advise.

from stompest.

cjrh avatar cjrh commented on August 11, 2024

My first thought would be that there should be no difference between the sync and async versions, since for both, the ssl context object wraps the underlying socket. However, I see the Twisted code samples that @ktdreyer linked, and it looks a lot more involved than what I was expecting. I don't have any experience with client cert validation, unfortunately.

To be absolutely clear, does it fail if

  • twisted[tls] is installed
  • an ssl context is created and passed into StompConfig(), exactly like for the sync case?

I realise that in the stompest docs we don't have an explicit TLS example in the async case, but the idea was that it would be configured exactly the same as for the sync case, so I decided not to add one.

If the answer to both of those bullets above is "yes", and it is still failing, then I'm not sure how to proceed without spending a lot more time investigating.

from stompest.

cjrh avatar cjrh commented on August 11, 2024

Also SSLv3 is regarded as insecure and I'm pretty sure it's disabled by default, at least in Python 3.6.

from stompest.

ktdreyer avatar ktdreyer commented on August 11, 2024

Thanks guys! twisted[tls] is installed in my tests.

You're right, I'm passing an ssl context to StompConfig(), in the exact same way that I do in the synchronous case.

The "ssl3" thing is odd because I've tried specifically disabling it, to no avail:

context.options |= ssl.OP_NO_TLSv1 | ssl.OP_NO_TLSv1_1 | ssl.OP_NO_SSLv3

My guess is that error message is a generic OpenSSL error message and it's hiding the client cert auth failure.

I was able to get this to work by hacking util.py's endpointFactory() method. When I append privateKey=kdreyer.key:certKey=kdreyer.pem to the large string we pass to clientFromString(), it works.

I guess I could pass my own custom endpointFactory to the main Stomp class, but it would be awesome to make this more built-in (or at least documented.) What do you think? I'm happy to write a PR, just let me know your thoughts on the design.

I can write a PR if you like.

from stompest.

ktdreyer avatar ktdreyer commented on August 11, 2024

After messing around with this today, I was able to get it to work using a custom endpointFactory, and then I came up with this patch that adds the key/cert file args to connect() : #42

from stompest.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.