From aa02412fc38eae379be6c7658a4cb96032c5feff Mon Sep 17 00:00:00 2001
From: Dennis Ahrens <dennis.ahrens@hs-hannover.de>
Date: Fri, 9 Mar 2018 16:18:58 +0100
Subject: [PATCH] Breaking changes in pika master branch again.

Adjusts the SSLOptions API.
---
 pikatasks/settings.py |  2 +-
 pikatasks/utils.py    | 16 +++++++++++++---
 2 files changed, 14 insertions(+), 4 deletions(-)

diff --git a/pikatasks/settings.py b/pikatasks/settings.py
index 15d997a..46b322f 100644
--- a/pikatasks/settings.py
+++ b/pikatasks/settings.py
@@ -31,7 +31,7 @@ SSL_CONF = {
     # NOTE: The following values are not meant to be changed through settings
     # because this would be a mess in deployment!
     "ssl_version": ssl.PROTOCOL_TLSv1_2,
-    "cert_reqs": ssl.CERT_NONE,
+    "cert_reqs": ssl.CERT_REQUIRED,
 }
 
 # stuff you might want to change sometimes:
diff --git a/pikatasks/utils.py b/pikatasks/utils.py
index cacf231..51d6038 100644
--- a/pikatasks/utils.py
+++ b/pikatasks/utils.py
@@ -1,6 +1,7 @@
 import json
 import pika
 import logging
+import ssl
 from . import settings
 
 
@@ -15,6 +16,15 @@ def deserialize(binary):
     return json.loads(binary.decode("utf-8"))
 
 
+def get_ssl_options(ssl_settings):
+    """ Create pika.SSLOptions based on pikatasks settings. """
+    context = ssl.SSLContext(ssl_settings.get('ssl_version'))
+    context.verify_mode = (ssl_settings.get('cert_reqs'))
+    context.load_verify_locations(ssl_settings.get('ca_certs'))
+    context.load_cert_chain(ssl_settings.get('certfile'), ssl_settings.get('keyfile'))
+    return pika.SSLOptions(context)
+
+
 def get_pika_connection_parameters():
     return pika.ConnectionParameters(
             host=settings.BROKER_HOST,
@@ -24,9 +34,9 @@ def get_pika_connection_parameters():
                 username=settings.USERNAME,
                 password=settings.PASSWORD
             ),
-            blocked_connection_timeout=settings.BLOCKED_CONNECTION_TIMEOUT.total_seconds(),  # TODO: causes a warning when closing connections
-            ssl=settings.SSL_ENABLED,
-            ssl_options=settings.SSL_CONF,
+            # TODO: causes a warning when closing connections
+            blocked_connection_timeout=settings.BLOCKED_CONNECTION_TIMEOUT.total_seconds(),
+            ssl_options=get_ssl_options(settings.SSL_CONF) if settings.SSL_ENABLED else None,
         )
 
 
-- 
GitLab