Strip the CRL server from the certificates again

[Darsstar]

Changed the gha-setup.sh as well to make it work in Git Bash on Windows.

[Gsantomaggio]

Thank you @Darsstar

  .ci/ubuntu/gha-setup.sh

error:

Traceback (most recent call last):
  File "/.../rabbitmq/rabbitmq-amqp-python-client/examples/tls/tls_example.py", line 237, in <module>
    main()
  File "/.../rabbitmq/rabbitmq-amqp-python-client/examples/tls/tls_example.py", line 158, in main
    connection = create_connection(environment)
                 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/.../rabbitmq/rabbitmq-amqp-python-client/examples/tls/tls_example.py", line 78, in create_connection
    connection.dial()
  File "/.../rabbitmq/rabbitmq-amqp-python-client/rabbitmq_amqp_python_client/connection.py", line 189, in dial
    self._ssl_domain.set_trusted_ca_db(ca_cert)
  File "/.../rabbitmq/rabbitmq-amqp-python-client/rabbitmq_amqp_python_client/qpid/proton/_transport.py", line 886, in set_trusted_ca_db
    return self._check(
           ^^^^^^^^^^^^
  File "/.../rabbitmq/rabbitmq-amqp-python-client/rabbitmq_amqp_python_client/qpid/proton/_transport.py", line 829, in _check
    raise exc("SSL failure.", err)
rabbitmq_amqp_python_client.qpid.proton._exceptions.SSLException: ('SSL failure.', -1)
 ca_cert_file exists: True
 client_cert exists: True
 client_key exists: True

[Gsantomaggio]

It fails on this check:
🚫 MAC the domain seems to be NULL:

✅ Linux OK:

[Darsstar]

That... But... How...?

rabbitmq-amqp-python-client/tests/conftest.py

Lines 93 to 101 in 7f7bf93

	else:
	return PosixSslConfigurationContext(
	ca_cert=".ci/certs/ca_certificate.pem",
	client_cert=PosixClientCert(
	client_cert=".ci/certs/client_localhost_certificate.pem",
	client_key=".ci/certs/client_localhost_key.pem",
	),
	)

should be executed on Mac.

which means that in

rabbitmq-amqp-python-client/rabbitmq_amqp_python_client/connection.py

Lines 179 to 190 in 7f7bf93

	self._ssl_domain = SSLDomain(SSLDomain.MODE_CLIENT)
	assert self._ssl_domain
	if isinstance(self._conf_ssl_context, PosixSslConfigurationContext):
	ca_cert = self._conf_ssl_context.ca_cert
	elif isinstance(self._conf_ssl_context, WinSslConfigurationContext):
	ca_cert = self._win_store_to_cert(self._conf_ssl_context.ca_store)
	else:
	typing_extensions.assert_never(self._conf_ssl_context)
	self._ssl_domain.set_trusted_ca_db(ca_cert)

constructing the SSLDomain goes wrong, I think

But then why is

rabbitmq-amqp-python-client/rabbitmq_amqp_python_client/qpid/proton/_transport.py

Lines 820 to 825 in 7f7bf93

	def __init__(self, mode: int) -> None:
	self._domain = pn_ssl_domain(mode)
	if self._domain is None:
	raise SSLUnavailable()

not raising an exception?!?!

I don't have access to a Mac, so untill I get a shower/poop/walk epifanie I am stumped.

PS. the screenshots show

rabbitmq-amqp-python-client/rabbitmq_amqp_python_client/qpid/proton/_transport.py

Lines 885 to 889 in 7f7bf93

	"""
	return self._check(
	pn_ssl_domain_set_trusted_ca_db(self._domain, certificate_db)
	)

[Darsstar]

Oh, wait, I confused null and None. Proton Qpid C code is where we should be looking apparently...
I should have waited 1min before pressing "Comment"...

[Darsstar]

@Gsantomaggio I think you should now get an exception earlier.

https://stackoverflow.com/questions/44979947/python-qpid-proton-for-mac-using-amqps seems relevant

[Gsantomaggio]

thank you @Darsstar

https://stackoverflow.com/questions/44979947/python-qpid-proton-for-mac-using-amqps seems relevant

Following this ^^^, it works! On the main branch, too.

Instead of spending hours on this, I had to Google :)!

I will update the documentation.

[Gsantomaggio]

Closed in favour of #68

[Darsstar]

Please reopen and merge, this is still required on Windows.

[Gsantomaggio]

Please reopen and merge, this is still required on Windows.

ops sorry!