The ssl module can be found here.
With this change, SSL certificate based client authentication is supported. In order to use this, based CA-type capabilities are required. A central CA needs to be created, with each server and all clients getting a signed cert. See [wiki:Authentication] for details.
Setting up keys is accomplished with three settings, each in the “[communication]” section of bcfg2.conf:
key = /path/to/ssl private key certificate = /path/to/signed cert for that key ca = /path/to/cacert.pem
Both the Bcfg2 server and client are able to use the in-tree ssl module included with python 2.6. The client is also able to still use M2Crypto. A python ssl backport exists for 2.3, 2.4, and 2.5. With this, M2Crypto is not needed, and tlslite is no longer included with Bcfg2 sources. See [wiki:Authentication] for details.
To build a package of the ssl backport for .deb based distributions that don’t ship with python 2.6, you can follow these instructions, which use stdeb. Alternatively if you happen to have .deb packaging skills, it would be great to get policy-complaint .debs into the major deb-based distributions.
The following commands were used to generate this debian package The easy_install command can be found in the python-setuptools package.:
sudo aptitude install python-all-dev fakeroot sudo easy_install stdeb wget http://pypi.python.org/packages/source/s/ssl/ssl-1.14.tar.gz#md5=4e08aae0cd2c7388d1b4bbb7f374b14a tar xvfz ssl-1.14.tar.gz cd ssl-1.14 stdeb_run_setup cd deb_dist/ssl-1.14 dpkg-buildpackage -rfakeroot -uc -us sudo dpkg -i ../python-ssl_1.14-1_amd64.deb
Version numbers for the SSL module have changed.
For complete Bcfg2 goodness, you’ll also want to package stdeb using stdeb. The completed debian package can be grabbed from here, which was generated using the following:
sudo aptitude install apt-file wget http://pypi.python.org/packages/source/s/stdeb/stdeb-0.3.tar.gz#md5=e692f745597dcdd9343ce133e3b910d0 tar xvfz stdeb-0.3.tar.gz cd stdeb-0.3 stdeb_run_setup cd deb_dist/stdeb-0.3 dpkg-buildpackage -rfakeroot -uc -us sudo dpkg -i ../python-stdeb_0.3-1_all.deb