Strip the CRL server from the certificates again

.ci/certs/client_localhost_certificate.pem

@@ -1,22 +1,22 @@
 -----BEGIN CERTIFICATE-----
-MIIDvDCCAqSgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBLMTowOAYDVQQDDDFUTFNH
-ZW5TZWxmU2lnbmVkUm9vdENBIDIwMjUtMDItMjdUMTU6NDQ6NTguODgwNTMwMQ0w
-CwYDVQQHDAQkJCQkMB4XDTI1MDIyNzE0NDQ1OVoXDTM1MDIyNTE0NDQ1OVowJTES
-MBAGA1UEAwwJbG9jYWxob3N0MQ8wDQYDVQQKDAZjbGllbnQwggEiMA0GCSqGSIb3
-DQEBAQUAA4IBDwAwggEKAoIBAQC7L/xjD4iHTCf2IfXd/fayxkX0+dI+Z2y+latM
-UFvn4GpDIz0Acfqjp3/NhShbWoHqOhR/w5l20J9Ljt2RmecpybK717Flst8Q0g0C
-xm3GaN7fVLAxoWAIbzU7cAZMv0SRuu2RIo2HTt5i2xBljA5Bf6wMZqMFxvnNWNGt
-TIWVUzCjeqWqPUi84XdHu0GWyQ11rIjCnw5zY3D8EFc+HoTgI33y81EABps7ybmH
-BdUtMsAFEXgk3lJplaLeIvlM/HzBk+ffkqpcwC6kTnoR7Nww8a2aE6wHq91Hj+R7
-mmAo8Hpx0grott/pmwWOd2Ld1w3gxC3I7D6yqjfT4Rjc6FyxAgMBAAGjgdAwgc0w
-CQYDVR0TBAIwADALBgNVHQ8EBAMCBaAwEwYDVR0lBAwwCgYIKwYBBQUHAwIwKwYD
-VR0RBCQwIoIJbG9jYWxob3N0ggpGMjNOMDQ5MlhUgglsb2NhbGhvc3QwMQYDVR0f
-BCowKDAmoCSgIoYgaHR0cDovL2NybC1zZXJ2ZXI6ODAwMC9iYXNpYy5jcmwwHQYD
-VR0OBBYEFLmThoy0pKufr0QWZRwg1FJGdcFRMB8GA1UdIwQYMBaAFDJd0t924S/4
-0cxm/LgBIUfoEhlaMA0GCSqGSIb3DQEBCwUAA4IBAQCk4Ytqqtymc8h0M2HiIyhK
-p2Dkf7GZRjBPvC6ULIxMEixslcDCkVTkLaYKRJL7xv37RNfc6kgi9K1IjPfDUtEm
-IDm56hRhIvLkH/BsUbhhJsZnYBN1GbqmFNtNP7Zj2Yt6uAwFkFB6gnK7RflSwVaG
-EYZhs8QEmZ1VhGymJorp5HGI6EcVkOhG3pScp5yaAqM2cKy7CLnZJfpCzQ12LZ7/
-2UEKRtfILvN8kWaWOaGCM7t3Z2i6bfEh/1WZBmZnyK+zDBxv/YDp2iave/i7r/dY
-tOZA1KB2OMWZY4pHmiEior05yf0o7xNctPdwy3+IvRYAH6FJhMA29XoizPW8Cvtk
+MIIDnDCCAoSgAwIBAgIUXHwqQoZiZnMEBExZooUBletJc5AwDQYJKoZIhvcNAQEL
+BQAwSzE6MDgGA1UEAwwxVExTR2VuU2VsZlNpZ25lZFJvb3RDQSAyMDI1LTAyLTI3
+VDE1OjQ0OjU4Ljg4MDUzMDENMAsGA1UEBwwEJCQkJDAeFw0yNTAzMzEwODIwMTRa
+Fw0yNjAzMzEwODIwMTRaMCUxEjAQBgNVBAMMCWxvY2FsaG9zdDEPMA0GA1UECgwG
+Y2xpZW50MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuy/8Yw+Ih0wn
+9iH13f32ssZF9PnSPmdsvpWrTFBb5+BqQyM9AHH6o6d/zYUoW1qB6joUf8OZdtCf
+S47dkZnnKcmyu9exZbLfENINAsZtxmje31SwMaFgCG81O3AGTL9EkbrtkSKNh07e
+YtsQZYwOQX+sDGajBcb5zVjRrUyFlVMwo3qlqj1IvOF3R7tBlskNdayIwp8Oc2Nw
+/BBXPh6E4CN98vNRAAabO8m5hwXVLTLABRF4JN5SaZWi3iL5TPx8wZPn35KqXMAu
+pE56EezcMPGtmhOsB6vdR4/ke5pgKPB6cdIK6Lbf6ZsFjndi3dcN4MQtyOw+sqo3
+0+EY3OhcsQIDAQABo4GdMIGaMCsGA1UdEQQkMCKCCWxvY2FsaG9zdIIKRjIzTjA0
+OTJYVIIJbG9jYWxob3N0MAkGA1UdEwQCMAAwHwYDVR0jBBgwFoAUMl3S33bhL/jR
+zGb8uAEhR+gSGVowHQYDVR0OBBYEFLmThoy0pKufr0QWZRwg1FJGdcFRMAsGA1Ud
+DwQEAwIFoDATBgNVHSUEDDAKBggrBgEFBQcDAjANBgkqhkiG9w0BAQsFAAOCAQEA
+rHwYFdoRGosO25hLiqS3Llb9idmqr7gLwZ7Xpvb9WkkoQczZyHIzld8aNVf5Jih2
+6axkl7PBegW/+2og7pdJ3pknfoHGik0NVgJVxZZ6ZK8Gp0fUvgVWM6OXilF6Vb99
+wEzyavM00Vz0P/Mts60BPmvUnH8rRIWh3qsE+CPAdqu5QJTC4toblrGw/HkXpfoq
+yqFfegYexxUE0eIH5ZraxhGdnkfWXu2uMdILmqHyetW5BKKJphK8ft5lRwBEgqcR
+btmHBxRnZDxUgK3Y9sln9XwTWmxk19MMjGvCZw/g5Iq3QNNmJToyb+9EOICVEgXj
+VY3SdWp32ADzuqOMEBNkrg==
 -----END CERTIFICATE-----

.ci/certs/server_localhost_certificate.pem

@@ -1,22 +1,22 @@
 -----BEGIN CERTIFICATE-----
-MIIDvDCCAqSgAwIBAgIBATANBgkqhkiG9w0BAQsFADBLMTowOAYDVQQDDDFUTFNH
-ZW5TZWxmU2lnbmVkUm9vdENBIDIwMjUtMDItMjdUMTU6NDQ6NTguODgwNTMwMQ0w
-CwYDVQQHDAQkJCQkMB4XDTI1MDIyNzE0NDQ1OVoXDTM1MDIyNTE0NDQ1OVowJTES
-MBAGA1UEAwwJbG9jYWxob3N0MQ8wDQYDVQQKDAZzZXJ2ZXIwggEiMA0GCSqGSIb3
-DQEBAQUAA4IBDwAwggEKAoIBAQCn1MRZTV3ATEvS8jFXhci/HGup4acSa1AduNak
-8fpGHSFFmrywY6cl00rmPa95nfGloqbkRydqOwMn1Pv3XfHc3UeaiBgU+FNRj9u6
-NOwJ0zR3QkqLxvQqbjrvxMN/IaZ2WL0Zem+j8YIY9yHytjkLEX2AH9AZLwHpdBLI
-vSVeS3BNF/gKpXYExGNNfG47/Lo0fIgwboN069pHY/Ff80SAzUkzRcOxDplJoMWp
-wym15ssmAnGzAzTrMhKIJ7rUyaE0ZNAIcid7KQ1VzB+yMpeYz5pdbx0G4U/DuVXf
-j8FnwlGwGAw05CckDjZcgrWNgLz1kqEcMV/UEFlbQuEzl5kTAgMBAAGjgdAwgc0w
-CQYDVR0TBAIwADALBgNVHQ8EBAMCBaAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwKwYD
-VR0RBCQwIoIJbG9jYWxob3N0ggpGMjNOMDQ5MlhUgglsb2NhbGhvc3QwHQYDVR0O
-BBYEFGv69aUODEtJA5QWU4KalMtGvuGYMB8GA1UdIwQYMBaAFDJd0t924S/40cxm
-/LgBIUfoEhlaMDEGA1UdHwQqMCgwJqAkoCKGIGh0dHA6Ly9jcmwtc2VydmVyOjgw
-MDAvYmFzaWMuY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQBQxX+IwLmt9emhC/of3riN
-wQaLXGYKKMHcsimGkBsQbitWlwWtBZwR2F9aOlvcOAlFbQ2Enldbdpkens1YwR4k
-Fsx2VdOnumSYbq6DKZg0mMrg3AqufYLBGVPSGNksQ6qERZVD5NGATLh0kA9R3q0h
-eGKJbHyrdI6fkSELkmBGbuetjmGIfmYh+OjYZhqvU5mutjdOfY9k1t08eRvdNiIB
-4HxFVEk/S0opA98LkjY0wjPSAMZAWPNxHD5vHoaI6VwYnxLadD1NcasfEpae6uLW
-t7CT+v6rtfBXvczfdd9rmhCmcHR5ckrL/wbpnvgkloQqxclw5IpDt/JkPyGghWx3
+MIIDnDCCAoSgAwIBAgIUTaKkqSIB0UooOSRvfT8BletD6xswDQYJKoZIhvcNAQEL
+BQAwSzE6MDgGA1UEAwwxVExTR2VuU2VsZlNpZ25lZFJvb3RDQSAyMDI1LTAyLTI3
+VDE1OjQ0OjU4Ljg4MDUzMDENMAsGA1UEBwwEJCQkJDAeFw0yNTAzMzEwODE0MTFa
+Fw0yNjAzMzEwODE0MTFaMCUxEjAQBgNVBAMMCWxvY2FsaG9zdDEPMA0GA1UECgwG
+c2VydmVyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp9TEWU1dwExL
+0vIxV4XIvxxrqeGnEmtQHbjWpPH6Rh0hRZq8sGOnJdNK5j2veZ3xpaKm5EcnajsD
+J9T7913x3N1HmogYFPhTUY/bujTsCdM0d0JKi8b0Km4678TDfyGmdli9GXpvo/GC
+GPch8rY5CxF9gB/QGS8B6XQSyL0lXktwTRf4CqV2BMRjTXxuO/y6NHyIMG6DdOva
+R2PxX/NEgM1JM0XDsQ6ZSaDFqcMptebLJgJxswM06zISiCe61MmhNGTQCHIneykN
+VcwfsjKXmM+aXW8dBuFPw7lV34/BZ8JRsBgMNOQnJA42XIK1jYC89ZKhHDFf1BBZ
+W0LhM5eZEwIDAQABo4GdMIGaMCsGA1UdEQQkMCKCCWxvY2FsaG9zdIIKRjIzTjA0
+OTJYVIIJbG9jYWxob3N0MAkGA1UdEwQCMAAwHwYDVR0jBBgwFoAUMl3S33bhL/jR
+zGb8uAEhR+gSGVowHQYDVR0OBBYEFGv69aUODEtJA5QWU4KalMtGvuGYMAsGA1Ud
+DwQEAwIFoDATBgNVHSUEDDAKBggrBgEFBQcDATANBgkqhkiG9w0BAQsFAAOCAQEA
+BiEO0HkTJV7EmFaieTrmygwhd5oPLjNQNSEZERQpdnFiE3cwCSEsMX+/NlGG0k/R
+7I0hzEZahPVpAa5U4iBrLDFdH59bfG519MhwK0sOGq83qMIIOuG/D4y6AfYppBJS
+z9/CriQ3mk4m6hSkk25Pf3c2gRsDQH/dMReCIFBrAshGhNwGQEPCXGWDz4k7cRwp
+ZCDt+Bxw3ukWv3sZJhMBXs/G9LTfRbSHlE5ejHAMSszx0CiW7GRwVFmYyHx8kyFo
+ejr2/PtCuamDzkGjQEYxCuY/b67oVTyV8R9b3zmxo893IO5udja7V+ep9q7SeD9V
+9WiyRZIfZDjieDX7FvhziQ==
 -----END CERTIFICATE-----

.ci/ubuntu/gha-setup.sh

@@ -13,6 +13,9 @@ readonly rabbitmq_image=rabbitmq:4.1.0-management
 readonly docker_name_prefix='rabbitmq-amqp-python-client'
 readonly docker_network_name="$docker_name_prefix-network"
 
+readonly rabbitmq_docker_name="$docker_name_prefix-rabbitmq"
+readonly toxiproxy_docker_name="$docker_name_prefix-toxiproxy"
+
 if [[ ! -v GITHUB_ACTIONS ]]
 then
     GITHUB_ACTIONS='false'
@@ -49,9 +52,6 @@ fi
 
 set -o nounset
 
-declare -r rabbitmq_docker_name="$docker_name_prefix-rabbitmq"
-declare -r toxiproxy_docker_name="$docker_name_prefix-toxiproxy"
-
 function start_toxiproxy
 {
     if [[ $run_toxiproxy == 'true' ]]

Makefile

@@ -8,10 +8,10 @@ rabbitmq-server-stop:
 	 ./.ci/ubuntu/gha-setup.sh stop
 
 format:
-	poetry run isort --skip rabbitmq_amqp_python_client/qpid  .
+	poetry run isort --skip rabbitmq_amqp_python_client/qpid --skip .venv .
 	poetry run black rabbitmq_amqp_python_client/
 	poetry run black tests/
-	poetry run flake8 --exclude=venv,local_tests,docs/examples,rabbitmq_amqp_python_client/qpid --max-line-length=120 --ignore=E203,W503
+	poetry run flake8 --exclude=venv,.venv,local_tests,docs/examples,rabbitmq_amqp_python_client/qpid --max-line-length=120 --ignore=E203,W503
 
 test: format
 	poetry run pytest .

rabbitmq_amqp_python_client/qpid/proton/_message.py

@@ -84,10 +84,7 @@
 from ._common import millis2secs, secs2millis
 from ._data import AnnotationDict, Data, char, symbol, ulong
 from ._endpoints import Link
-from ._exceptions import (
-    EXCEPTIONS,
-    MessageException,
-)
+from ._exceptions import EXCEPTIONS, MessageException
 
 if TYPE_CHECKING:
     from proton._data import PythonAMQPData

rabbitmq_amqp_python_client/qpid/proton/_transport.py

@@ -820,7 +820,7 @@ class SSLDomain(object):
 
     def __init__(self, mode: int) -> None:
         self._domain = pn_ssl_domain(mode)
-        if self._domain is None:
+        if isnull(self._domain):
             raise SSLUnavailable()
 
     def _check(self, err: int) -> int:

rabbitmq_amqp_python_client/ssl_configuration.py

@@ -48,10 +48,10 @@ class WinClientCert:
 @dataclass
 class PosixSslConfigurationContext:
     ca_cert: str
-    client_cert: Union[PosixClientCert, WinClientCert, None] = None
+    client_cert: Union[PosixClientCert, None] = None
 
 
 @dataclass
 class WinSslConfigurationContext:
     ca_store: Union[LocalMachineStore, CurrentUserStore, PKCS12Store]
-    client_cert: Union[PosixClientCert, WinClientCert, None] = None
+    client_cert: Union[WinClientCert, None] = None

tests/conftest.py

@@ -84,7 +84,7 @@ def connection_with_reconnect(pytestconfig):
 def ssl_context(pytestconfig):
     if sys.platform == "win32":
         return WinSslConfigurationContext(
-            ca_store=PKCS12Store(path=".ci/certs/server_localhost.p12"),
+            ca_store=PKCS12Store(path=".ci/certs/ca.p12"),
             client_cert=WinClientCert(
                 store=PKCS12Store(path=".ci/certs/client_localhost.p12"),
                 disambiguation_method=FriendlyName(name="1"),

tests/test_connection.py

@@ -2,13 +2,18 @@
 from datetime import datetime, timedelta
 from pathlib import Path
 
+import pytest
+
 from rabbitmq_amqp_python_client import (
     ConnectionClosed,
     Environment,
+    PKCS12Store,
+    PosixSslConfigurationContext,
     QuorumQueueSpecification,
     RecoveryConfiguration,
     StreamSpecification,
     ValidationCodeException,
+    WinSslConfigurationContext,
 )
 
 from .http_requests import delete_all_connections
@@ -39,15 +44,30 @@ def test_connection_ssl(ssl_context) -> None:
         "amqps://guest:guest@localhost:5671/",
         ssl_context=ssl_context,
     )
-    path = Path(ssl_context.ca_cert)
-    assert path.is_file() is True
-    assert path.exists() is True
-
-    path = Path(ssl_context.client_cert.client_cert)
-    assert path.is_file() is True
-
-    path = Path(ssl_context.client_cert.client_key)
-    assert path.is_file() is True
+    if isinstance(ssl_context, PosixSslConfigurationContext):
+        path = Path(ssl_context.ca_cert)
+        assert path.is_file() is True
+        assert path.exists() is True
+
+        path = Path(ssl_context.client_cert.client_cert)
+        assert path.is_file() is True
+        assert path.exists() is True
+
+        path = Path(ssl_context.client_cert.client_key)
+        assert path.is_file() is True
+        assert path.exists() is True
+    elif isinstance(ssl_context, WinSslConfigurationContext):
+        assert isinstance(ssl_context.ca_store, PKCS12Store)
+        path = Path(ssl_context.ca_store.path)
+        assert path.is_file() is True
+        assert path.exists() is True
+
+        assert isinstance(ssl_context.client_cert.store, PKCS12Store)
+        path = Path(ssl_context.client_cert.store.path)
+        assert path.is_file() is True
+        assert path.exists() is True
+    else:
+        pytest.fail("Unsupported ssl context")
 
     connection = environment.connection()
     connection.dial()