SSL with gremlinclient
¶
Setting up SSL with gremlinclient
is straightforward, but different
depending on which client you choose. The following demonstrates using SSL with
both the aiohttp_client
and tornado_client
modules.
SSL certs and server config are generally up to the user, but for testing you can get going with OpenSSL self-signed certificates. Something like:
$ openssl req -nodes -x509 -newkey rsa:2048 -keyout key.pem -out cert.pem -days XXX
Then add something like this to the conf/gremlin-server.yaml file:
ssl: {
enabled: true,
keyCertChainFile: /path/to/cert.pem,
keyFile: /path/to/key.pem}
Okay, both aiohttp and Tornado use Python’s ssl
module to create an
ssl.SSLContext
:
>>> import ssl
>>> sslcontext = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
>>> sslcontext.load_cert_chain(
... '/path/to/cert.pem', keyfile='/path/to/key.pem')
aiohttp_client
¶
To set up SSL with aiohttp_client
,
use the aiohttp.TCPConnector
class:
>>> connector = aiohttp.TCPConnector(ssl_context=sslcontext)
Then pass this object as a kwarg to
submit
,
create_connection
,
GraphDatabase
,
or Pool
:
>>> stream = yield from submit(
... "wss://localhost:8182/", "1 + 1", connector=connector)
Don’t forget to use the “wss” protocol.
tornado_client
¶
To set up SSL with tornado_client
,
we create a request_factory()
that creates
HTTPRequest
objects with the
ssl.SSLContext
as a frozen kwarg and use this as our connector
:
>>> from functools import partial
>>> request_factory = partial(
... httpclient.HTTPRequest, ssl_options=sslcontext)
Then pass this object as a kwarg to
submit
,
create_connection
,
GraphDatabase
,
or Pool
:
>>> stream = yield from submit(
... "wss://localhost:8182/", "1 + 1", connector=request_factory)
Again, don’t forget to use the “wss” protocol.