两套证书通过 openssl 测试没问题,但是一套配置 ssl 成功,一套配置失败

两套证书通过 openssl 测试没问题,但是一套配置 ssl 成功,一套配置失败

我在 rabbitmq 3.7.11 和 erlang 21.3 上使用 ssl。同时,我使用单向身份验证,证书仅存在于 rabbitmq 中。当我使用相同的应用客户端(python2.7.5)连接 rabbitmq 时,一个成功,另一个失败。我使用 openssl 客户端和服务器测试两个证书,它们都没有问题。有人能告诉我它们的区别吗?

这是失败的证书配置

证书链 0 s:/C=US/ST=Unset/O=Unset/CN=192.168.204.101 i:/C=US/ST=Unset/L=Unset/O=Unset/CN=192.168.204.101 1 s:/C=US/ST=Unset/L=Unset/O=Unset/CN=192.168.204.101 i:/C=US/ST=Unset/L=Unset/O=Unset/CN=192.168.204.101


服务器证书

-----BEGIN CERTIFICATE-----
MIIDYzCCAkugAwIBAgIBATANBgkqhkiG9w0BAQsFADBXMQswCQYDVQQGEwJVUzEO
MAwGA1UECAwFVW5zZXQxDjAMBgNVBAcMBVVuc2V0MQ4wDAYDVQQKDAVVbnNldDEY
MBYGA1UEAwwPMTkyLjE2OC4yMDQuMTAxMB4XDTE5MDQyNDA2NTAyN1oXDTI5MDQy
MTA2NTAyN1owRzELMAkGA1UEBhMCVVMxDjAMBgNVBAgMBVVuc2V0MQ4wDAYDVQQK
DAVVbnNldDEYMBYGA1UEAwwPMTkyLjE2OC4yMDQuMTAxMIIBIjANBgkqhkiG9w0B
AQEFAAOCAQ8AMIIBCgKCAQEAx5/G1p6l6n8UKI98oYgbeN0EQmcObWqOSgPaeoJA
vKEJqZ0I9krfPZQMMlsmqz5IkqSquUMU2s8xnpyLiAxQRSjoINSS2LWj866ApZqu
rRIwaBaxwoysV5MKPTrqQ7FGeUG+36ZIx6D7sr0PFnUg0j6iB+kKNfHdOcms5Y+/
q3+Sf+Mppaz3ucgh6mviovw4dzbIhGYPF+7TZ1Mr1Y3V8xtssgMa1/hrOdzezU70
5RDBT5XZR9hdo/6ateh7546EungCf+B69hu8ZTBzMLVYalZaTNPEocAn49wcLHmz
u4AqZCv685XlS8XvyLPs9JaKpIDaWEXxY0diMgPoCzC2qwIDAQABo0owSDAJBgNV
HRMEAjAAMAsGA1UdDwQEAwIF4DAuBgNVHREEJzAlggxpbnRlcm5hbF92aXCHBH8A
AAGCCWxvY2FsaG9zdIcEwKjMZTANBgkqhkiG9w0BAQsFAAOCAQEAB7br5d9LYmjB
L+u4K9v1kORzPYAN9SJp8sFLbWiQiafa6ZBEHupByA7zs4EIrnPvc//DaGOFMT+U
y5+JvWoLK5zgMsePViqUYW08d4jUvfpQQLjyNOoZCDXbrV3fB+mhmLH4exxALF2t
tYIp5bLqUxDU3AqYzNYnCQ0VleCTZfNYAM5DQ/Z1+rUsdkmE+JpnH+v0KGVYFn6Z
V2ksz6v+e3x19UeMtQqztkCdB+4WPqLff67OKuaoYl4uxx5GeNUnrxgqBrNfiryd
t+uNyiSCFyJ1982aJuL4lt1455+4SPaMftRDp8jt2YlMx7UkJ+9/+8lBqTNu5NYJ
pCSASaxyFA==

-----END CERTIFICATE-----

主题 = / C = US / ST = Unset / O = Unset / CN = 192.168.204.101 发行人 = / C = US / ST = Unset / L = Unset / O = Unset / CN = 192.168.204.101

这是成功的证书配置

证书链

0 s:/CN=MYguest/O=server i:/CN=MyTestCA 1 s:/CN=MyTestCA i:/CN=MyTestCA


服务器证书

-----BEGIN CERTIFICATE-----
MIIC4jCCAcqgAwIBAgIBATANBgkqhkiG9w0BAQUFADATMREwDwYDVQQDDAhNeVRl
c3RDQTAgFw0xOTA0MDMwOTE4NTFaGA8yMTE5MDMxMDA5MTg1MVowIzEQMA4GA1UE
AwwHTVlndWVzdDEPMA0GA1UECgwGc2VydmVyMIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEA6JTG55ohSdDYJ7cwxZq4aXku6UH1FRfACrK+pCTi+hlBvMBr
XNWCKnwFa3dAvjrfdFk8LcGT1YWI+knFJrzorHi3VAduxRiWzZSgZ3KumfBaiQaq
AeLNx4ulUk3T9nLGhadIs5VLnpb1z8a8xh3109UClm22HnEralnzH1zzQDocam1a
mLfM9Ro/KERilj8IHbi4grt3Lfm5hSjqnYcqfXXCRffnMram8qBPjF3eev0GTf5x
cazjzJs/87msX6nNkM/GV0705tz76q2+XORDx+dHFK4qmb4rW9mWzfLHaHjbkAg3
pvjOdpzVan0HzNE8J8qlgva0Tb1bLpUeJERnDwIDAQABoy8wLTAJBgNVHRMEAjAA
MAsGA1UdDwQEAwIFIDATBgNVHSUEDDAKBggrBgEFBQcDATANBgkqhkiG9w0BAQUF
AAOCAQEAC7lFT4FxNTPavbeYsNJ5i0a8aT4r207rGHJdNKfmKuF7XCg3/haRBY1o
v8F2WVM5BqirPrL6jn7stcK8hoLzZhYAYLndIRGPm5iLWEgK5yftTbWXh00naks+
ugzD4dMK8MCPLYly47juF/8wdyUlQN1Xhbz08ua4MXqbMQsgqFHgNcjqspX0ZRB0
unZ09V6zPFzq9rPYE2G3jixu17gHDlIH0B2BIRJNRUolFO4S/8u9fuC0MNs/oQ9h
hMp3Z0QIJ+Jaj48Cbox7mISV4SIJFS1FzftgIoCOAn0H3NqSLwAiXrXmvd/BBkEo
Qd1XwPiBo+71W7x713mTEbMPeubnEA==

-----END CERTIFICATE-----

主题 = / CN = MYguest / O = 服务器发行者 = / CN = MyTestCA

这是 rabbitmq 错误日志

2019-04-25 08:38:41.826 [info] <0.566.0> TLS server: In state hello at tls_connection.erl:849 generated SERVER ALERT: Fatal - Handshake Failure - malformed_handshake_data

这是应用程序错误日志

ensure connection error: SSLError(1, u'[SSL: SSLV3_ALERT_HANDSHAKE_FAILURE] sslv3 alert handshake failure (_ssl.c:579)')

Traceback (most recent call last):
  File "/usr/lib/python2.7/site-packages/kombu/connection.py", line 494, in _ensured
    return fun(*args, **kwargs)

  File "/usr/lib/python2.7/site-packages/kombu/connection.py", line 569, in __call__
    self.revive(self.connection.default_channel)

  File "/usr/lib/python2.7/site-packages/kombu/connection.py", line 819, in default_channel
    self.connection
  File "/usr/lib/python2.7/site-packages/kombu/connection.py", line 802, in connection
    self._connection = self._establish_connection()

  File "/usr/lib/python2.7/site-packages/kombu/connection.py", line 757, in _establish_connection
    conn = self.transport.establish_connection()

  File "/usr/lib/python2.7/site-packages/kombu/transport/pyamqp.py", line 130, in establish_connection
    conn.connect()

  File "/usr/lib/python2.7/site-packages/amqp/connection.py", line 295, in connect
    self.transport.connect()

  File "/usr/lib/python2.7/site-packages/amqp/transport.py", line 122, in connect
    self.socket_settings, self.read_timeout, self.write_timeout,

  File "/usr/lib/python2.7/site-packages/amqp/transport.py", line 184, in _init_socket
    self._setup_transport()

  File "/usr/lib/python2.7/site-packages/amqp/transport.py", line 289, in _setup_transport
    self.sock = self._wrap_socket(self.sock, **self.sslopts or {})

  File "/usr/lib/python2.7/site-packages/amqp/transport.py", line 296, in _wrap_socket
    return ssl.wrap_socket(sock, **sslopts)

  File "/usr/lib64/python2.7/ssl.py", line 936, in wrap_socket
    ciphers=ciphers)

  File "/usr/lib64/python2.7/ssl.py", line 611, in __init__
    self.do_handshake()

  File "/usr/lib64/python2.7/ssl.py", line 833, in do_handshake
    self._sslobj.do_handshake()

SSLError: [SSL: SSLV3_ALERT_HANDSHAKE_FAILURE] sslv3 alert handshake failure (_ssl.c:579)

答案1

这似乎是 erlang 的问题。当我从 rabbitmq 配置中取出所有 EC 密码时,它就可以正常工作了

在此处输入链接描述

相关内容