.. -*- mode: rst -*- .. _unsorted-ssl: ========== Python SSL ========== The ssl module can be found `here `_. With this change, SSL certificate based client authentication is supported. In order to use this, based CA-type capabilities are required. A central CA needs to be created, with each server and all clients getting a signed cert. See [wiki:Authentication] for details. Setting up keys is accomplished with three settings, each in the "`[communication]`" section of bcfg2.conf:: key = /path/to/ssl private key certificate = /path/to/signed cert for that key ca = /path/to/cacert.pem Python SSL Backport Packaging ============================= Both the Bcfg2 server and client are able to use the in-tree ssl module included with python 2.6. The client is also able to still use M2Crypto. A python ssl backport exists for 2.3, 2.4, and 2.5. With this, M2Crypto is not needed, and tlslite is no longer included with bcfg2 sources. See [wiki:Authentication] for details. To build a package of the ssl backport for .deb based distributions that don't ship with python 2.6, you can follow these instructions, which use [http://github.com/astraw/stdeb/tree/master stdeb]. Alternatively if you happen to have .deb packaging skills, it would be great to get policy-complaint .debs into the major deb-based distributions. The following commands were used to generate :download:`this ` debian package ('''NOTE:''' Version numbers for the SSL module have changed). The `easy_install` command can be found in the `python-setuptools` package.:: sudo aptitude install python-all-dev fakeroot sudo easy_install stdeb wget http://pypi.python.org/packages/source/s/ssl/ssl-1.14.tar.gz#md5=4e08aae0cd2c7388d1b4bbb7f374b14a tar xvfz ssl-1.14.tar.gz cd ssl-1.14 stdeb_run_setup cd deb_dist/ssl-1.14 dpkg-buildpackage -rfakeroot -uc -us sudo dpkg -i ../python-ssl_1.14-1_amd64.deb For complete bcfg2 goodness, you'll also want to package stdeb using stdeb. The completed debian package can be grabbed from :download:`here `, which was generated using the following:: sudo aptitude install apt-file wget http://pypi.python.org/packages/source/s/stdeb/stdeb-0.3.tar.gz#md5=e692f745597dcdd9343ce133e3b910d0 tar xvfz stdeb-0.3.tar.gz cd stdeb-0.3 stdeb_run_setup cd deb_dist/stdeb-0.3 dpkg-buildpackage -rfakeroot -uc -us sudo dpkg -i ../python-stdeb_0.3-1_all.deb