两套证书通过 openssl 测试没问题，但是一套配置 ssl 成功，一套配置失败

2024-6-19 • tag-icon

两套证书通过 openssl 测试没问题，但是一套配置 ssl 成功，一套配置失败

我在 rabbitmq 3.7.11 和 erlang 21.3 上使用 ssl。同时，我使用单向身份验证，证书仅存在于 rabbitmq 中。当我使用相同的应用客户端（python2.7.5）连接 rabbitmq 时，一个成功，另一个失败。我使用 openssl 客户端和服务器测试两个证书，它们都没有问题。有人能告诉我它们的区别吗？

这是失败的证书配置

证书链 0 s:/C=US/ST=Unset/O=Unset/CN=192.168.204.101 i:/C=US/ST=Unset/L=Unset/O=Unset/CN=192.168.204.101 1 s:/C=US/ST=Unset/L=Unset/O=Unset/CN=192.168.204.101 i:/C=US/ST=Unset/L=Unset/O=Unset/CN=192.168.204.101

服务器证书

主题 = / C = US / ST = Unset / O = Unset / CN = 192.168.204.101 发行人 = / C = US / ST = Unset / L = Unset / O = Unset / CN = 192.168.204.101

这是成功的证书配置

证书链

0 s：/CN=MYguest/O=server i：/CN=MyTestCA 1 s：/CN=MyTestCA i：/CN=MyTestCA

服务器证书

主题 = / CN = MYguest / O = 服务器发行者 = / CN = MyTestCA

这是 rabbitmq 错误日志

2019-04-25 08:38:41.826 [info] <0.566.0> TLS server: In state hello at tls_connection.erl:849 generated SERVER ALERT: Fatal - Handshake Failure - malformed_handshake_data

这是应用程序错误日志

ensure connection error: SSLError(1, u'[SSL: SSLV3_ALERT_HANDSHAKE_FAILURE] sslv3 alert handshake failure (_ssl.c:579)')

Traceback (most recent call last):
  File "/usr/lib/python2.7/site-packages/kombu/connection.py", line 494, in _ensured
    return fun(*args, **kwargs)

  File "/usr/lib/python2.7/site-packages/kombu/connection.py", line 569, in __call__
    self.revive(self.connection.default_channel)

  File "/usr/lib/python2.7/site-packages/kombu/connection.py", line 819, in default_channel
    self.connection
  File "/usr/lib/python2.7/site-packages/kombu/connection.py", line 802, in connection
    self._connection = self._establish_connection()

  File "/usr/lib/python2.7/site-packages/kombu/connection.py", line 757, in _establish_connection
    conn = self.transport.establish_connection()

  File "/usr/lib/python2.7/site-packages/kombu/transport/pyamqp.py", line 130, in establish_connection
    conn.connect()

  File "/usr/lib/python2.7/site-packages/amqp/connection.py", line 295, in connect
    self.transport.connect()

  File "/usr/lib/python2.7/site-packages/amqp/transport.py", line 122, in connect
    self.socket_settings, self.read_timeout, self.write_timeout,

  File "/usr/lib/python2.7/site-packages/amqp/transport.py", line 184, in _init_socket
    self._setup_transport()

  File "/usr/lib/python2.7/site-packages/amqp/transport.py", line 289, in _setup_transport
    self.sock = self._wrap_socket(self.sock, **self.sslopts or {})

  File "/usr/lib/python2.7/site-packages/amqp/transport.py", line 296, in _wrap_socket
    return ssl.wrap_socket(sock, **sslopts)

  File "/usr/lib64/python2.7/ssl.py", line 936, in wrap_socket
    ciphers=ciphers)

  File "/usr/lib64/python2.7/ssl.py", line 611, in __init__
    self.do_handshake()

  File "/usr/lib64/python2.7/ssl.py", line 833, in do_handshake
    self._sslobj.do_handshake()

SSLError: [SSL: SSLV3_ALERT_HANDSHAKE_FAILURE] sslv3 alert handshake failure (_ssl.c:579)

答案1

这似乎是 erlang 的问题。当我从 rabbitmq 配置中取出所有 EC 密码时，它就可以正常工作了

在此处输入链接描述

答案1

相关内容