<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Python SSL — Bcfg2 1.3.0 documentation</title>
<link rel="stylesheet" href="../_static/default.css" type="text/css" />
<link rel="stylesheet" href="../_static/pygments.css" type="text/css" />
<script type="text/javascript">
var DOCUMENTATION_OPTIONS = {
URL_ROOT: '../',
VERSION: '1.3.0',
COLLAPSE_INDEX: false,
FILE_SUFFIX: '.html',
HAS_SOURCE: true
};
</script>
<script type="text/javascript" src="../_static/jquery.js"></script>
<script type="text/javascript" src="../_static/underscore.js"></script>
<script type="text/javascript" src="../_static/doctools.js"></script>
<script type="text/javascript" src="../_static/sidebar.js"></script>
<link rel="shortcut icon" href="../_static/favicon.ico"/>
<link rel="top" title="Bcfg2 1.3.0 documentation" href="../index.html" />
<link rel="up" title="Unsorted Docs" href="index.html" />
<link rel="next" title="Vim Snippet Support" href="vim_snippet.html" />
<link rel="prev" title="HOWTOs" href="howtos.html" />
<link rel="stylesheet" href="../_static/bcfg2.css" type=""/>
</head>
<body>
<div style="text-align: left; padding: 10px 10px 15px 15px">
<a href="../index.html"><img src="../_static/bcfg2_logo.png" border="0" alt="sampledoc"/></a>
</div>
<div class="related">
<h3>Navigation</h3>
<ul>
<li class="right" style="margin-right: 10px">
<a href="../genindex.html" title="General Index"
accesskey="I">index</a></li>
<li class="right" >
<a href="../py-modindex.html" title="Python Module Index"
>modules</a> |</li>
<li class="right" >
<a href="vim_snippet.html" title="Vim Snippet Support"
accesskey="N">next</a> |</li>
<li class="right" >
<a href="howtos.html" title="HOWTOs"
accesskey="P">previous</a> |</li>
<li><a href="../index.html">home</a> | </li>
<!--<li><a href="../search.html">search</a> | </li>-->
<li><a href="../help/index.html">help</a> | </li>
<li><a href="../contents.html">documentation </a> »</li>
<li><a href="../contents.html" >Bcfg2 documentation 1.3.0</a> »</li>
<li><a href="index.html" accesskey="U">Unsorted Docs</a> »</li>
</ul>
</div>
<div class="document">
<div class="documentwrapper">
<div class="bodywrapper">
<div class="body">
<div class="section" id="python-ssl">
<span id="unsorted-ssl"></span><h1>Python SSL<a class="headerlink" href="#python-ssl" title="Permalink to this headline">¶</a></h1>
<p>The ssl module can be found <a class="reference external" href="http://pypi.python.org/pypi/ssl">here</a>.</p>
<p>With this change, SSL certificate based client authentication is
supported. In order to use this, based CA-type capabilities are
required. A central CA needs to be created, with each server and all
clients getting a signed cert. See [wiki:Authentication] for details.</p>
<p>Setting up keys is accomplished with three settings, each in the
“<cite>[communication]</cite>” section of <tt class="docutils literal"><span class="pre">bcfg2.conf</span></tt>:</p>
<div class="highlight-python"><pre>key = /path/to/ssl private key
certificate = /path/to/signed cert for that key
ca = /path/to/cacert.pem</pre>
</div>
<div class="section" id="python-ssl-backport-packaging">
<h2>Python SSL Backport Packaging<a class="headerlink" href="#python-ssl-backport-packaging" title="Permalink to this headline">¶</a></h2>
<p>Both the Bcfg2 server and client are able to use the in-tree ssl module
included with python 2.6. The client is also able to still use M2Crypto. A
python ssl backport exists for 2.3, 2.4, and 2.5. With this, M2Crypto
is not needed, and tlslite is no longer included with Bcfg2 sources. See
[wiki:Authentication] for details.</p>
<p>To build a package of the ssl backport for .deb based distributions
that don’t ship with python 2.6, you can follow these instructions,
which use <a class="reference external" href="http://github.com/astraw/stdeb/tree/master">stdeb</a>. Alternatively if you happen to have .deb packaging
skills, it would be great to get policy-complaint .debs into the major
deb-based distributions.</p>
<p>The following commands were used to generate <a class="reference download internal" href="../_downloads/python-ssl_1.14-1_amd64.deb"><tt class="xref download docutils literal"><span class="pre">this</span></tt></a> debian package The <tt class="docutils literal"><span class="pre">easy_install</span></tt> command
can be found in the <cite>python-setuptools</cite> package.:</p>
<div class="highlight-python"><pre>sudo aptitude install python-all-dev fakeroot
sudo easy_install stdeb
wget http://pypi.python.org/packages/source/s/ssl/ssl-1.14.tar.gz#md5=4e08aae0cd2c7388d1b4bbb7f374b14a
tar xvfz ssl-1.14.tar.gz
cd ssl-1.14
stdeb_run_setup
cd deb_dist/ssl-1.14
dpkg-buildpackage -rfakeroot -uc -us
sudo dpkg -i ../python-ssl_1.14-1_amd64.deb</pre>
</div>
<div class="admonition note">
<p class="first admonition-title">Note</p>
<p class="last">Version numbers for the SSL module have changed.</p>
</div>
<p>For complete Bcfg2 goodness, you’ll also want to package stdeb using stdeb.
The completed debian package can be grabbed from <a class="reference download internal" href="../_downloads/python-stdeb_0.3-1_all.deb"><tt class="xref download docutils literal"><span class="pre">here</span></tt></a>, which was generated using the following:</p>
<div class="highlight-python"><pre>sudo aptitude install apt-file
wget http://pypi.python.org/packages/source/s/stdeb/stdeb-0.3.tar.gz#md5=e692f745597dcdd9343ce133e3b910d0
tar xvfz stdeb-0.3.tar.gz
cd stdeb-0.3
stdeb_run_setup
cd deb_dist/stdeb-0.3
dpkg-buildpackage -rfakeroot -uc -us
sudo dpkg -i ../python-stdeb_0.3-1_all.deb</pre>
</div>
</div>
</div>
</div>
</div>
</div>
<div class="sphinxsidebar">
<div class="sphinxsidebarwrapper">
<h3><a href="../index.html">Table Of Contents</a></h3>
<ul>
<li><a class="reference internal" href="#">Python SSL</a><ul>
<li><a class="reference internal" href="#python-ssl-backport-packaging">Python SSL Backport Packaging</a></li>
</ul>
</li>
</ul>
<h4>Previous topic</h4>
<p class="topless"><a href="howtos.html"
title="previous chapter">HOWTOs</a></p>
<h4>Next topic</h4>
<p class="topless"><a href="vim_snippet.html"
title="next chapter">Vim Snippet Support</a></p>
<h3>This Page</h3>
<ul class="this-page-menu">
<li><a href="../_sources/unsorted/ssl.txt"
rel="nofollow">Show Source</a></li>
</ul>
<div id="searchbox" style="display: none">
<h3>Quick search</h3>
<form class="search" action="../search.html" method="get">
<input type="text" name="q" />
<input type="submit" value="Go" />
<input type="hidden" name="check_keywords" value="yes" />
<input type="hidden" name="area" value="default" />
</form>
<p class="searchtip" style="font-size: 90%">
Enter search terms or a module, class or function name.
</p>
</div>
<script type="text/javascript">$('#searchbox').show(0);</script>
</div>
</div>
<div class="clearer"></div>
</div>
<div class="related">
<h3>Navigation</h3>
<ul>
<li class="right" style="margin-right: 10px">
<a href="../genindex.html" title="General Index"
>index</a></li>
<li class="right" >
<a href="../py-modindex.html" title="Python Module Index"
>modules</a> |</li>
<li class="right" >
<a href="vim_snippet.html" title="Vim Snippet Support"
>next</a> |</li>
<li class="right" >
<a href="howtos.html" title="HOWTOs"
>previous</a> |</li>
<li><a href="../index.html">home</a> | </li>
<!--<li><a href="../search.html">search</a> | </li>-->
<li><a href="../help/index.html">help</a> | </li>
<li><a href="../contents.html">documentation </a> »</li>
<li><a href="../contents.html" >Bcfg2 documentation 1.3.0</a> »</li>
<li><a href="index.html" >Unsorted Docs</a> »</li>
</ul>
</div>
<div class="footer">
© Copyright 2009-2013, Narayan Desai.
Last updated on Mar 20, 2013.
Created using <a href="http://sphinx.pocoo.org/">Sphinx</a> 1.1.3.
</div>
</body>
</html>
distrib
>
Fedora
>
17
>
i386
>
media
>
updates
>
by-pkgid
>
b50d8ee6d7871fcc13c0677a9364ed59
>
files
>
526
