QPID-3175: applied patch with a default sasl_mechanisms of ANONYMOUS

git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk@1238012 13f79535-47bb-0310-9956-ffa450edef68

3 files changed, 15 insertions, 2 deletions

diff --git a/qpid/python/qpid/messaging/endpoints.py b/qpid/python/qpid/messaging/endpoints.py
index 338ac70ecf..85ec7d331c 100644
--- a/qpid/python/qpid/messaging/endpoints.py
+++ b/qpid/python/qpid/messaging/endpoints.py
@@ -116,6 +116,13 @@ class Connection(Endpoint):
     @type address_ttl: float
     @param address_ttl: time until cached address resolution expires
 
+    @type ssl_keyfile: str
+    @param ssl_keyfile: file with client's private key (PEM format)
+    @type ssl_certfile: str
+    @param ssl_certfile: file with client's public (eventually priv+pub) key (PEM format)
+    @type ssl_trustfile: str
+    @param ssl_trustfile: file trusted certificates to validate the server
+
     @rtype: Connection
     @return: a disconnected Connection
     """
@@ -141,7 +148,7 @@ class Connection(Endpoint):
     self.password = default(url.password, options.get("password", None))
     self.auth_username = None
 
-    self.sasl_mechanisms = options.get("sasl_mechanisms")
+    self.sasl_mechanisms = options.get("sasl_mechanisms", "ANONYMOUS")
     self.sasl_service = options.get("sasl_service", "qpidd")
     self.sasl_min_ssf = options.get("sasl_min_ssf")
     self.sasl_max_ssf = options.get("sasl_max_ssf")
@@ -160,6 +167,10 @@ class Connection(Endpoint):
     self.address_ttl = options.get("address_ttl", 60)
     self.tcp_nodelay = options.get("tcp_nodelay", False)
 
+    self.ssl_keyfile = options.get("ssl_keyfile", None)
+    self.ssl_certfile = options.get("ssl_certfile", None)
+    self.ssl_trustfile = options.get("ssl_trustfile", None)
+
     self.options = options
 
 
diff --git a/qpid/python/qpid/messaging/transports.py b/qpid/python/qpid/messaging/transports.py
index 7abaae12e8..532c365884 100644
--- a/qpid/python/qpid/messaging/transports.py
+++ b/qpid/python/qpid/messaging/transports.py
@@ -61,7 +61,7 @@ else:
 
     def __init__(self, conn, host, port):
       SocketTransport.__init__(self, conn, host, port)
-      self.tls = wrap_socket(self.socket)
+      self.tls = wrap_socket(self.socket, keyfile=conn.ssl_keyfile, certfile=conn.ssl_certfile, ca_certs=conn.ssl_trustfile)
       self.socket.setblocking(0)
       self.state = None
 
diff --git a/qpid/python/qpid/sasl.py b/qpid/python/qpid/sasl.py
index fed6deac20..677a5e4e22 100644
--- a/qpid/python/qpid/sasl.py
+++ b/qpid/python/qpid/sasl.py
@@ -89,6 +89,8 @@ class PlainClient:
       return "PLAIN", "\0%s\0%s" % (self.attrs.get("username"), self.attrs.get("password"))
     elif "ANONYMOUS" in mechs:
       return "ANONYMOUS", "%s@%s" % (self.attrs.get("username"), socket.gethostname())
+    elif "EXTERNAL" in mechs:
+      return "EXTERNAL", "%s" % (self.attrs.get("username"))
     else:
       raise SASLError("sasl negotiation failed: no mechanism agreed")