Python SSL
The ssl module can be found here.
With this change, SSL certificate based client authentication is supported. In order to use this, based CA-type capabilities are required. A central CA needs to be created, with each server and all clients getting a signed cert. See Authentication for details.
Setting up keys is accomplished with three settings, each in the "[communication]" section of bcfg2.conf:
key = /path/to/ssl private key certificate = /path/to/signed cert for that key ca = /path/to/cacert.pem
Python SSL Backport Packaging
As of Bcfg2 1.0, Bcfg2 has switched to the in-tree ssl module included with python 2.6. A backport exists for 2.3, 2.4, and 2.5. With this, M2Crypto is not needed, and tlslite is no longer included with bcfg2 sources. The ssl module can be found here. See Authentication for details.
To build a package of the ssl backport for .deb based distributions that don't ship with python 2.6, you can follow these instructions, which use stdeb. Alternatively if you happen to have .deb packaging skills, it would be great to get policy-complaint .debs into the major deb-based distributions.
The following commands were used to generate this debian package (NOTE: Version numbers for the SSL module have changed). The easy_install command can be found in the python-setuptools package.
sudo aptitude install python-all-dev fakeroot sudo easy_install stdeb wget http://pypi.python.org/packages/source/s/ssl/ssl-1.14.tar.gz#md5=4e08aae0cd2c7388d1b4bbb7f374b14a tar xvfz ssl-1.14.tar.gz cd ssl-1.14 stdeb_run_setup cd deb_dist/ssl-1.14 dpkg-buildpackage -rfakeroot -uc -us sudo dpkg -i ../python-ssl_1.14-1_amd64.deb
For complete bcfg2 goodness, you'll also want to package stdeb using stdeb. The completed debian can be grabbed here, which was generated using the following:
sudo aptitude install apt-file wget http://pypi.python.org/packages/source/s/stdeb/stdeb-0.3.tar.gz#md5=e692f745597dcdd9343ce133e3b910d0 tar xvfz stdeb-0.3.tar.gz cd stdeb-0.3 stdeb_run_setup cd deb_dist/stdeb-0.3 dpkg-buildpackage -rfakeroot -uc -us sudo dpkg -i ../python-stdeb_0.3-1_all.deb
Prebuilt Packages
available here
Attachments
-
python-ssl_1.14-1_amd64.deb
(56.6 KB) - added by nicely
5 months ago.
Python ssl - debian
-
python-stdeb_0.3-1_all.deb
(16.6 KB) - added by nicely
5 months ago.
Python - stdeb - debian
