qpid-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ulf Lilleengen <l...@redhat.com>
Subject Re: Qpid Proton SSL and SNI
Date Mon, 14 Nov 2016 15:40:30 GMT
On Monday, November 14, 2016, Ken Giusti <kgiusti@redhat.com> wrote:

> Hi Ulf,
>
> ----- Original Message -----
> > From: "Ulf Lilleengen" <lulf@redhat.com <javascript:;>>
> > To: users@qpid.apache.org <javascript:;>
> > Sent: Monday, November 14, 2016 9:18:50 AM
> > Subject: Qpid Proton SSL and SNI
> >
> > Hi all,
> >
> > I've been playing around with setting Server Name Indication (SNI)
> >  when using the qpid proton python bindings.
> >
> > For configuring SSL, it seems to be expected that configuration
> > parameters come from a SSLDomain python object, which maps to the
> > underlying pn_ssl_domain_t in proton-c.
> >
> > Today, setting SNI is done through the pn_ssl_t instance using
> > 'pn_ssl_set_peer_hostname'. The pn_ssl_t instance does not seem to be
> > exposed in the end APIs in the same way as pn_ssl_domain_t, at least
> > not in the python bindings. I tried to work around this in the python
> > bindings by passing an extra parameter in addition to the ssl_domain
> > instance on connect(), but it didn't seem like a good approach.
> >
>
> Are you using reactor API?  IIRC the peer hostname is taken from the URL
> used to create the connection.
>
> Lower layers of the python binding use the 'hostname' property of the
> Connection class.


You are right. However, i need to set it to something different than the
hostname i connect to. (This is needed in openshift when you don't have a
global hostname to bind to an internal service and generates a hostname for
you to use set as SNI).




> > Would it make sense to add the peer_hostname attribute to the
> > pn_ssl_domain_t instance, and use that when configuring the pn_ssl_t
> > internally (in addition to keeping todays API)?
> >
> > --
> > Ulf Lilleengen
> >
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: users-unsubscribe@qpid.apache.org <javascript:;>
> > For additional commands, e-mail: users-help@qpid.apache.org
> <javascript:;>
> >
> >
>
> --
> -K
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@qpid.apache.org <javascript:;>
> For additional commands, e-mail: users-help@qpid.apache.org <javascript:;>
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message