Skip to content

Commit

Permalink
Merge pull request #2448 from kamil-certat/fix_amqp
Browse files Browse the repository at this point in the history
FIX: Correctly configure SSL context for AMQP
  • Loading branch information
sebix authored Feb 7, 2024
2 parents 3580680 + f501963 commit 5cd5a40
Show file tree
Hide file tree
Showing 4 changed files with 7 additions and 3 deletions.
4 changes: 4 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,7 @@
(PR#2408 and PR#2414 by Jan Kaliszewski).
- `intelmq.lib.upgrades`: Replace deprecated instances of `url2fqdn` experts by the new `url` expert in runtime configuration (PR#2432 by Sebastian Wagner).
- `intelmq.lib.bot`: Ensure closing log files on reloading (PR#2435 by Kamil Mankowski).
- AMQP Pipeline: fix SSL context to pointing to create a client-side connection that verifies the server (PR by Kamil Mankowski).
- Only load the config once when starting intelmqctl (which makes IntelMQ API calls take less time) (PR#2444 by DigitalTrustCenter).

### Development
Expand Down Expand Up @@ -62,6 +63,7 @@
- Remove undocumented and unused attributes of `StompCollectorBot` instances:
`ssl_ca_cert`, `ssl_cl_cert`, `ssl_cl_cert_key`.
- Minor fixes/improvements and some refactoring (see also above: *Core*...).
- `intelmq.bots.collectors.amqp`: fix SSL context to pointing to create a client-side connection that verifies the server (PR by Kamil Mankowski).
- `intelmq.bots.collectors.shadowserver.collector_reports_api`:
- The 'json' option is no longer supported as the 'csv' option provides better performance (PR#2372 by elsif2).
- `intelmq.bots.collectors.alienvault_otx.collector` (PR#2449 by qux-bbb):
Expand Down Expand Up @@ -102,6 +104,7 @@
- Try to reconnect on `NotConnectedException`.
- `intelmq.bots.outputs.smtp_batch.output` (PR #2439 by Edvard Rejthar):
- Fix ability to send with the default `bcc`
- `intelmq.bots.outputs.amqp`: fix SSL context to pointing to create a client-side connection that verifies the server (PR by Kamil Mankowski).

### Documentation
- Add a readthedocs configuration file to fix the build fail (PR#2403 by Sebastian Wagner).
Expand Down Expand Up @@ -174,6 +177,7 @@
#### Parsers
- `intelmq.bots.parsers.shadowserver._config`:
- Reset detected `feedname` at shutdown to re-detect the feedname on reloads (PR#2361 by @elsif2, fixes #2360).
- Switch to dynamic configuration to decouple report schema changes from IntelMQ releases.
- Added 'IPv6-Vulnerable-Exchange' alias and 'Accessible-WS-Discovery-Service' report. (PR#2338)
- Removed unused `p0f_genre` and `p0f_detail` from the 'DNS-Open-Resolvers' report. (PR#2338)
- Added 'Accessible-SIP' report. (PR#2348)
Expand Down
2 changes: 1 addition & 1 deletion intelmq/bots/collectors/amqp/collector_amqp.py
Original file line number Diff line number Diff line change
Expand Up @@ -55,7 +55,7 @@ def init(self):
self.password)

if self.use_ssl:
self.kwargs['ssl_options'] = pika.SSLOptions(context=ssl.create_default_context(ssl.Purpose.CLIENT_AUTH))
self.kwargs['ssl_options'] = pika.SSLOptions(context=ssl.create_default_context(ssl.Purpose.SERVER_AUTH))

self.connection_parameters = pika.ConnectionParameters(
host=self.connection_host,
Expand Down
2 changes: 1 addition & 1 deletion intelmq/bots/outputs/amqptopic/output.py
Original file line number Diff line number Diff line change
Expand Up @@ -64,7 +64,7 @@ def init(self):
self.password)

if self.use_ssl:
self.kwargs['ssl_options'] = pika.SSLOptions(context=ssl.create_default_context(ssl.Purpose.CLIENT_AUTH))
self.kwargs['ssl_options'] = pika.SSLOptions(context=ssl.create_default_context(ssl.Purpose.SERVER_AUTH))

self.connection_parameters = pika.ConnectionParameters(
host=self.connection_host,
Expand Down
2 changes: 1 addition & 1 deletion intelmq/lib/pipeline.py
Original file line number Diff line number Diff line change
Expand Up @@ -530,7 +530,7 @@ def load_configurations(self, queues_type):
if self.username and self.password:
self.kwargs['credentials'] = pika.PlainCredentials(self.username, self.password)
if self.ssl:
self.kwargs['ssl_options'] = pika.SSLOptions(context=ssl.create_default_context(ssl.Purpose.CLIENT_AUTH))
self.kwargs['ssl_options'] = pika.SSLOptions(context=ssl.create_default_context(ssl.Purpose.SERVER_AUTH))
pika_version = tuple(int(x) for x in pika.__version__.split('.'))
if pika_version < (0, 11):
self.kwargs['heartbeat_interval'] = 10
Expand Down

0 comments on commit 5cd5a40

Please sign in to comment.