Use hostname from URI when server_host is None

3 files changed, 84 insertions, 2 deletions

diff --git a/kombu/connection.py b/kombu/connection.py
index 4121f1fb..a63154f5 100644
--- a/kombu/connection.py
+++ b/kombu/connection.py
@@ -73,7 +73,8 @@ class Connection:
         URL (str, Sequence): Broker URL, or a list of URLs.
 
     Keyword Arguments:
-        ssl (bool): Use SSL to connect to the server. Default is ``False``.
+        ssl (bool/dict): Use SSL to connect to the server.
+            Default is ``False``.
             May not be supported by the specified transport.
         transport (Transport): Default transport if not specified in the URL.
         connect_timeout (float): Timeout in seconds for connecting to the
diff --git a/kombu/transport/pyamqp.py b/kombu/transport/pyamqp.py
index ced66a12..f230f911 100644
--- a/kombu/transport/pyamqp.py
+++ b/kombu/transport/pyamqp.py
@@ -31,6 +31,40 @@ Transport Options
 =================
 Transport Options are passed to constructor of underlying py-amqp
 :class:`~kombu.connection.Connection` class.
+
+Using TLS
+=========
+Transport over TLS can be enabled by ``ssl`` parameter of
+:class:`~kombu.Connection` class. By setting ``ssl=True``, TLS transport is
+used::
+
+    conn = Connect('amqp://', ssl=True)
+
+This is equivalent to ``amqps://`` transport URI::
+
+    conn = Connect('amqps://')
+
+For adding additional parameters to underlying TLS, ``ssl`` parameter should
+be set with dict instead of True::
+
+    conn = Connect('amqp://broker.example.com', ssl={
+            'keyfile': '/path/to/keyfile'
+            'certfile': '/path/to/certfile',
+            'ca_certs': '/path/to/ca_certfile'
+        }
+    )
+
+All parameters are passed to ``ssl`` parameter of
+:class:`amqp.connection.Connection` class.
+
+SSL option ``server_hostname`` can be set to ``None`` which is causing using
+hostname from broker URL. This is usefull when failover is used to fill
+``server_hostname`` with currently used broker::
+
+    conn = Connect('amqp://broker1.example.com;broker2.example.com', ssl={
+            'server_hostname': None
+        }
+    )
 """
 
 
@@ -146,6 +180,11 @@ class Transport(base.Transport):
                 setattr(conninfo, name, default_value)
         if conninfo.hostname == 'localhost':
             conninfo.hostname = '127.0.0.1'
+        # when server_hostname is None, use hostname from URI.
+        if isinstance(conninfo.ssl, dict) and \
+                'server_hostname' in conninfo.ssl and \
+                conninfo.ssl['server_hostname'] is None:
+            conninfo.ssl['server_hostname'] = conninfo.hostname
         opts = dict({
             'host': conninfo.host,
             'userid': conninfo.userid,
diff --git a/t/unit/transport/test_pyamqp.py b/t/unit/transport/test_pyamqp.py
index c7243e8e..84aa1fc2 100644
--- a/t/unit/transport/test_pyamqp.py
+++ b/t/unit/transport/test_pyamqp.py
@@ -1,9 +1,10 @@
 import sys
 from itertools import count
-from unittest.mock import Mock, patch
+from unittest.mock import Mock, patch, MagicMock
 
 from case import mock
 
+import pytest
 from kombu import Connection
 from kombu.transport import pyamqp
 
@@ -161,6 +162,47 @@ class test_pyamqp:
         c = Connection(port=1337, transport=Transport).connect()
         assert c['host'] == '127.0.0.1:1337'
 
+    def test_ssl(self):
+        # Test setting TLS by ssl=True.
+        class Transport(pyamqp.Transport):
+            Connection = MagicMock()
+
+        Connection(transport=Transport, ssl=True).connect()
+        Transport.Connection.assert_called_once()
+        _, kwargs = Transport.Connection.call_args
+        assert kwargs['ssl'] is True
+
+    def test_ssl_dict(self):
+        # Test setting TLS by setting ssl as dict.
+        class Transport(pyamqp.Transport):
+            Connection = MagicMock()
+
+        Connection(transport=Transport, ssl={'a': 1, 'b': 2}).connect()
+        Transport.Connection.assert_called_once()
+        _, kwargs = Transport.Connection.call_args
+        assert kwargs['ssl'] == {'a': 1, 'b': 2}
+
+    @pytest.mark.parametrize(
+        'hostname',
+        [
+            'broker.example.com',
+            'amqp://broker.example.com/0',
+            'amqps://broker.example.com/0',
+            'amqp://guest:guest@broker.example.com/0',
+            'amqp://broker.example.com;broker2.example.com'
+        ])
+    def test_ssl_server_hostname(self, hostname):
+        # Test setting server_hostname from URI.
+        class Transport(pyamqp.Transport):
+            Connection = MagicMock()
+
+        Connection(
+            hostname, transport=Transport, ssl={'server_hostname': None}
+        ).connect()
+        Transport.Connection.assert_called_once()
+        _, kwargs = Transport.Connection.call_args
+        assert kwargs['ssl'] == {'server_hostname': 'broker.example.com'}
+
     def test_register_with_event_loop(self):
         t = pyamqp.Transport(Mock())
         conn = Mock(name='conn')