mosquito / aiormq

Pure python AMQP 0.9.1 asynchronous client library
Other
276 stars 58 forks source link

SSL capath vs cafile #16

Closed cluosh closed 5 years ago

cluosh commented 5 years ago

Hi,

i've run into a problem with the SSL setup using aio-pika and specifying the CA cert in the URL string. Disregarding inconsistent documentation (aio-pika mentions ca_certs while aiormq uses cafile), none of these seem to represent what is actually being used in the code (capath for the SSL context).

If the intention of the URL parameter is to specify a CA path, I would suggest renaming it to capath or ca_path; if the parameter is intended to be used to load a single CA bundle file (as reflected in the documentation), the SSL context should be initialized with cafile instead of capath.

References: https://docs.python.org/3/library/ssl.html#ssl.SSLContext.load_verify_locations

mosquito commented 5 years ago

Since version aiormq==2.2.0 all ca related create_default_context parameters passing as is.

Thank you for this helpful issue.

cluosh commented 5 years ago

Awesome, thanks a lot!