Skip to content
Snippets Groups Projects
Commit 5375ac9e authored by Dennis Ahrens's avatar Dennis Ahrens
Browse files

SSL Settings are no longer a dictionary

parent 9c6f15a0
No related branches found
No related tags found
No related merge requests found
......@@ -23,16 +23,11 @@ CLIENT_EXCHANGE_NAME = "" # empty string -> amq.default exchange
WORKER_TASK_PROCESSES = 10 # this many processes will be executing tasks
SSL_ENABLED = True
SSL_CONF = {
# # See ssl.wrap_socket() documentation: https://docs.python.org/3.6/library/ssl.html#ssl.wrap_socket
# "keyfile": "/foo/client/key.pem",
# "certfile": "/foo/client/cert.pem",
# "ca_certs": "/foo/ca/cacert.pem",
# NOTE: The following values are not meant to be changed through settings
# because this would be a mess in deployment!
"ssl_version": ssl.PROTOCOL_TLSv1_2,
"cert_reqs": ssl.CERT_REQUIRED,
}
SSL_KEY_FILE = None
SSL_CERT_FILE = None
SSL_CA_CERTS = None
SSL_VERSION = ssl.PROTOCOL_TLSv1_2
SSL_CERT_REQS = ssl.CERT_REQUIRED
# stuff you might want to change sometimes:
RPC_TIMEOUT = timedelta(seconds=10) # affects client behaviour and message TTL
......@@ -51,10 +46,6 @@ try:
if k.isupper() and not k.startswith("_"): # looks like a setting
try:
new_value = getattr(django_settings, "PIKATASKS_" + k)
if isinstance(globals()[k], dict):
assert isinstance(new_value, dict), "{} needs to be a dictionary".format(k)
globals()[k].update(new_value)
else:
globals()[k] = new_value
except ImproperlyConfigured:
pass # django is installed but not used
......
......@@ -16,12 +16,12 @@ def deserialize(binary):
return json.loads(binary.decode("utf-8"))
def get_ssl_options(ssl_settings):
def get_ssl_options(settings):
""" Create pika.SSLOptions based on pikatasks settings. """
context = ssl.SSLContext(ssl_settings.get('ssl_version'))
context.verify_mode = (ssl_settings.get('cert_reqs'))
context.load_verify_locations(ssl_settings.get('ca_certs'))
context.load_cert_chain(ssl_settings.get('certfile'), ssl_settings.get('keyfile'))
context = ssl.SSLContext(settings.SSL_VERSION)
context.verify_mode = settings.SSL_CERT_REQS
context.load_verify_locations(settings.SSL_CA_CERTS)
context.load_cert_chain(settings.SSL_CERT_FILE, settings.SSL_KEY_FILE)
return pika.SSLOptions(context)
......@@ -36,7 +36,7 @@ def get_pika_connection_parameters():
),
# TODO: causes a warning when closing connections
blocked_connection_timeout=settings.BLOCKED_CONNECTION_TIMEOUT.total_seconds(),
ssl_options=get_ssl_options(settings.SSL_CONF) if settings.SSL_ENABLED else None,
ssl_options=get_ssl_options(settings) if settings.SSL_ENABLED else None,
)
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment