<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>Python SSL — Bcfg2 1.3.0 documentation</title> <link rel="stylesheet" href="../_static/default.css" type="text/css" /> <link rel="stylesheet" href="../_static/pygments.css" type="text/css" /> <script type="text/javascript"> var DOCUMENTATION_OPTIONS = { URL_ROOT: '../', VERSION: '1.3.0', COLLAPSE_INDEX: false, FILE_SUFFIX: '.html', HAS_SOURCE: true }; </script> <script type="text/javascript" src="../_static/jquery.js"></script> <script type="text/javascript" src="../_static/underscore.js"></script> <script type="text/javascript" src="../_static/doctools.js"></script> <script type="text/javascript" src="../_static/sidebar.js"></script> <link rel="shortcut icon" href="../_static/favicon.ico"/> <link rel="top" title="Bcfg2 1.3.0 documentation" href="../index.html" /> <link rel="up" title="Unsorted Docs" href="index.html" /> <link rel="next" title="Vim Snippet Support" href="vim_snippet.html" /> <link rel="prev" title="HOWTOs" href="howtos.html" /> <link rel="stylesheet" href="../_static/bcfg2.css" type=""/> </head> <body> <div style="text-align: left; padding: 10px 10px 15px 15px"> <a href="../index.html"><img src="../_static/bcfg2_logo.png" border="0" alt="sampledoc"/></a> </div> <div class="related"> <h3>Navigation</h3> <ul> <li class="right" style="margin-right: 10px"> <a href="../genindex.html" title="General Index" accesskey="I">index</a></li> <li class="right" > <a href="../py-modindex.html" title="Python Module Index" >modules</a> |</li> <li class="right" > <a href="vim_snippet.html" title="Vim Snippet Support" accesskey="N">next</a> |</li> <li class="right" > <a href="howtos.html" title="HOWTOs" accesskey="P">previous</a> |</li> <li><a href="../index.html">home</a> | </li> <!--<li><a href="../search.html">search</a> | </li>--> <li><a href="../help/index.html">help</a> | </li> <li><a href="../contents.html">documentation </a> »</li> <li><a href="../contents.html" >Bcfg2 documentation 1.3.0</a> »</li> <li><a href="index.html" accesskey="U">Unsorted Docs</a> »</li> </ul> </div> <div class="document"> <div class="documentwrapper"> <div class="bodywrapper"> <div class="body"> <div class="section" id="python-ssl"> <span id="unsorted-ssl"></span><h1>Python SSL<a class="headerlink" href="#python-ssl" title="Permalink to this headline">¶</a></h1> <p>The ssl module can be found <a class="reference external" href="http://pypi.python.org/pypi/ssl">here</a>.</p> <p>With this change, SSL certificate based client authentication is supported. In order to use this, based CA-type capabilities are required. A central CA needs to be created, with each server and all clients getting a signed cert. See [wiki:Authentication] for details.</p> <p>Setting up keys is accomplished with three settings, each in the “<cite>[communication]</cite>” section of <tt class="docutils literal"><span class="pre">bcfg2.conf</span></tt>:</p> <div class="highlight-python"><pre>key = /path/to/ssl private key certificate = /path/to/signed cert for that key ca = /path/to/cacert.pem</pre> </div> <div class="section" id="python-ssl-backport-packaging"> <h2>Python SSL Backport Packaging<a class="headerlink" href="#python-ssl-backport-packaging" title="Permalink to this headline">¶</a></h2> <p>Both the Bcfg2 server and client are able to use the in-tree ssl module included with python 2.6. The client is also able to still use M2Crypto. A python ssl backport exists for 2.3, 2.4, and 2.5. With this, M2Crypto is not needed, and tlslite is no longer included with Bcfg2 sources. See [wiki:Authentication] for details.</p> <p>To build a package of the ssl backport for .deb based distributions that don’t ship with python 2.6, you can follow these instructions, which use <a class="reference external" href="http://github.com/astraw/stdeb/tree/master">stdeb</a>. Alternatively if you happen to have .deb packaging skills, it would be great to get policy-complaint .debs into the major deb-based distributions.</p> <p>The following commands were used to generate <a class="reference download internal" href="../_downloads/python-ssl_1.14-1_amd64.deb"><tt class="xref download docutils literal"><span class="pre">this</span></tt></a> debian package The <tt class="docutils literal"><span class="pre">easy_install</span></tt> command can be found in the <cite>python-setuptools</cite> package.:</p> <div class="highlight-python"><pre>sudo aptitude install python-all-dev fakeroot sudo easy_install stdeb wget http://pypi.python.org/packages/source/s/ssl/ssl-1.14.tar.gz#md5=4e08aae0cd2c7388d1b4bbb7f374b14a tar xvfz ssl-1.14.tar.gz cd ssl-1.14 stdeb_run_setup cd deb_dist/ssl-1.14 dpkg-buildpackage -rfakeroot -uc -us sudo dpkg -i ../python-ssl_1.14-1_amd64.deb</pre> </div> <div class="admonition note"> <p class="first admonition-title">Note</p> <p class="last">Version numbers for the SSL module have changed.</p> </div> <p>For complete Bcfg2 goodness, you’ll also want to package stdeb using stdeb. The completed debian package can be grabbed from <a class="reference download internal" href="../_downloads/python-stdeb_0.3-1_all.deb"><tt class="xref download docutils literal"><span class="pre">here</span></tt></a>, which was generated using the following:</p> <div class="highlight-python"><pre>sudo aptitude install apt-file wget http://pypi.python.org/packages/source/s/stdeb/stdeb-0.3.tar.gz#md5=e692f745597dcdd9343ce133e3b910d0 tar xvfz stdeb-0.3.tar.gz cd stdeb-0.3 stdeb_run_setup cd deb_dist/stdeb-0.3 dpkg-buildpackage -rfakeroot -uc -us sudo dpkg -i ../python-stdeb_0.3-1_all.deb</pre> </div> </div> </div> </div> </div> </div> <div class="sphinxsidebar"> <div class="sphinxsidebarwrapper"> <h3><a href="../index.html">Table Of Contents</a></h3> <ul> <li><a class="reference internal" href="#">Python SSL</a><ul> <li><a class="reference internal" href="#python-ssl-backport-packaging">Python SSL Backport Packaging</a></li> </ul> </li> </ul> <h4>Previous topic</h4> <p class="topless"><a href="howtos.html" title="previous chapter">HOWTOs</a></p> <h4>Next topic</h4> <p class="topless"><a href="vim_snippet.html" title="next chapter">Vim Snippet Support</a></p> <h3>This Page</h3> <ul class="this-page-menu"> <li><a href="../_sources/unsorted/ssl.txt" rel="nofollow">Show Source</a></li> </ul> <div id="searchbox" style="display: none"> <h3>Quick search</h3> <form class="search" action="../search.html" method="get"> <input type="text" name="q" /> <input type="submit" value="Go" /> <input type="hidden" name="check_keywords" value="yes" /> <input type="hidden" name="area" value="default" /> </form> <p class="searchtip" style="font-size: 90%"> Enter search terms or a module, class or function name. </p> </div> <script type="text/javascript">$('#searchbox').show(0);</script> </div> </div> <div class="clearer"></div> </div> <div class="related"> <h3>Navigation</h3> <ul> <li class="right" style="margin-right: 10px"> <a href="../genindex.html" title="General Index" >index</a></li> <li class="right" > <a href="../py-modindex.html" title="Python Module Index" >modules</a> |</li> <li class="right" > <a href="vim_snippet.html" title="Vim Snippet Support" >next</a> |</li> <li class="right" > <a href="howtos.html" title="HOWTOs" >previous</a> |</li> <li><a href="../index.html">home</a> | </li> <!--<li><a href="../search.html">search</a> | </li>--> <li><a href="../help/index.html">help</a> | </li> <li><a href="../contents.html">documentation </a> »</li> <li><a href="../contents.html" >Bcfg2 documentation 1.3.0</a> »</li> <li><a href="index.html" >Unsorted Docs</a> »</li> </ul> </div> <div class="footer"> © Copyright 2009-2013, Narayan Desai. Last updated on Mar 20, 2013. Created using <a href="http://sphinx.pocoo.org/">Sphinx</a> 1.1.3. </div> </body> </html>