我在 rabbitmq 3.7.11 和 erlang 21.3 上使用 ssl。同时,我使用单向身份验证,证书仅存在于 rabbitmq 中。当我使用相同的应用客户端(python2.7.5)连接 rabbitmq 时,一个成功,另一个失败。我使用 openssl 客户端和服务器测试两个证书,它们都没有问题。有人能告诉我它们的区别吗?
这是失败的证书配置
证书链 0 s:/C=US/ST=Unset/O=Unset/CN=192.168.204.101 i:/C=US/ST=Unset/L=Unset/O=Unset/CN=192.168.204.101 1 s:/C=US/ST=Unset/L=Unset/O=Unset/CN=192.168.204.101 i:/C=US/ST=Unset/L=Unset/O=Unset/CN=192.168.204.101
服务器证书
-----BEGIN CERTIFICATE-----
MIIDYzCCAkugAwIBAgIBATANBgkqhkiG9w0BAQsFADBXMQswCQYDVQQGEwJVUzEO
MAwGA1UECAwFVW5zZXQxDjAMBgNVBAcMBVVuc2V0MQ4wDAYDVQQKDAVVbnNldDEY
MBYGA1UEAwwPMTkyLjE2OC4yMDQuMTAxMB4XDTE5MDQyNDA2NTAyN1oXDTI5MDQy
MTA2NTAyN1owRzELMAkGA1UEBhMCVVMxDjAMBgNVBAgMBVVuc2V0MQ4wDAYDVQQK
DAVVbnNldDEYMBYGA1UEAwwPMTkyLjE2OC4yMDQuMTAxMIIBIjANBgkqhkiG9w0B
AQEFAAOCAQ8AMIIBCgKCAQEAx5/G1p6l6n8UKI98oYgbeN0EQmcObWqOSgPaeoJA
vKEJqZ0I9krfPZQMMlsmqz5IkqSquUMU2s8xnpyLiAxQRSjoINSS2LWj866ApZqu
rRIwaBaxwoysV5MKPTrqQ7FGeUG+36ZIx6D7sr0PFnUg0j6iB+kKNfHdOcms5Y+/
q3+Sf+Mppaz3ucgh6mviovw4dzbIhGYPF+7TZ1Mr1Y3V8xtssgMa1/hrOdzezU70
5RDBT5XZR9hdo/6ateh7546EungCf+B69hu8ZTBzMLVYalZaTNPEocAn49wcLHmz
u4AqZCv685XlS8XvyLPs9JaKpIDaWEXxY0diMgPoCzC2qwIDAQABo0owSDAJBgNV
HRMEAjAAMAsGA1UdDwQEAwIF4DAuBgNVHREEJzAlggxpbnRlcm5hbF92aXCHBH8A
AAGCCWxvY2FsaG9zdIcEwKjMZTANBgkqhkiG9w0BAQsFAAOCAQEAB7br5d9LYmjB
L+u4K9v1kORzPYAN9SJp8sFLbWiQiafa6ZBEHupByA7zs4EIrnPvc//DaGOFMT+U
y5+JvWoLK5zgMsePViqUYW08d4jUvfpQQLjyNOoZCDXbrV3fB+mhmLH4exxALF2t
tYIp5bLqUxDU3AqYzNYnCQ0VleCTZfNYAM5DQ/Z1+rUsdkmE+JpnH+v0KGVYFn6Z
V2ksz6v+e3x19UeMtQqztkCdB+4WPqLff67OKuaoYl4uxx5GeNUnrxgqBrNfiryd
t+uNyiSCFyJ1982aJuL4lt1455+4SPaMftRDp8jt2YlMx7UkJ+9/+8lBqTNu5NYJ
pCSASaxyFA==
-----END CERTIFICATE-----
主题 = / C = US / ST = Unset / O = Unset / CN = 192.168.204.101 发行人 = / C = US / ST = Unset / L = Unset / O = Unset / CN = 192.168.204.101
这是成功的证书配置
证书链
0 s:/CN=MYguest/O=server i:/CN=MyTestCA 1 s:/CN=MyTestCA i:/CN=MyTestCA
服务器证书
-----BEGIN CERTIFICATE-----
MIIC4jCCAcqgAwIBAgIBATANBgkqhkiG9w0BAQUFADATMREwDwYDVQQDDAhNeVRl
c3RDQTAgFw0xOTA0MDMwOTE4NTFaGA8yMTE5MDMxMDA5MTg1MVowIzEQMA4GA1UE
AwwHTVlndWVzdDEPMA0GA1UECgwGc2VydmVyMIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEA6JTG55ohSdDYJ7cwxZq4aXku6UH1FRfACrK+pCTi+hlBvMBr
XNWCKnwFa3dAvjrfdFk8LcGT1YWI+knFJrzorHi3VAduxRiWzZSgZ3KumfBaiQaq
AeLNx4ulUk3T9nLGhadIs5VLnpb1z8a8xh3109UClm22HnEralnzH1zzQDocam1a
mLfM9Ro/KERilj8IHbi4grt3Lfm5hSjqnYcqfXXCRffnMram8qBPjF3eev0GTf5x
cazjzJs/87msX6nNkM/GV0705tz76q2+XORDx+dHFK4qmb4rW9mWzfLHaHjbkAg3
pvjOdpzVan0HzNE8J8qlgva0Tb1bLpUeJERnDwIDAQABoy8wLTAJBgNVHRMEAjAA
MAsGA1UdDwQEAwIFIDATBgNVHSUEDDAKBggrBgEFBQcDATANBgkqhkiG9w0BAQUF
AAOCAQEAC7lFT4FxNTPavbeYsNJ5i0a8aT4r207rGHJdNKfmKuF7XCg3/haRBY1o
v8F2WVM5BqirPrL6jn7stcK8hoLzZhYAYLndIRGPm5iLWEgK5yftTbWXh00naks+
ugzD4dMK8MCPLYly47juF/8wdyUlQN1Xhbz08ua4MXqbMQsgqFHgNcjqspX0ZRB0
unZ09V6zPFzq9rPYE2G3jixu17gHDlIH0B2BIRJNRUolFO4S/8u9fuC0MNs/oQ9h
hMp3Z0QIJ+Jaj48Cbox7mISV4SIJFS1FzftgIoCOAn0H3NqSLwAiXrXmvd/BBkEo
Qd1XwPiBo+71W7x713mTEbMPeubnEA==
-----END CERTIFICATE-----
主题 = / CN = MYguest / O = 服务器发行者 = / CN = MyTestCA
这是 rabbitmq 错误日志
2019-04-25 08:38:41.826 [info] <0.566.0> TLS server: In state hello at tls_connection.erl:849 generated SERVER ALERT: Fatal - Handshake Failure - malformed_handshake_data
这是应用程序错误日志
ensure connection error: SSLError(1, u'[SSL: SSLV3_ALERT_HANDSHAKE_FAILURE] sslv3 alert handshake failure (_ssl.c:579)')
Traceback (most recent call last):
File "/usr/lib/python2.7/site-packages/kombu/connection.py", line 494, in _ensured
return fun(*args, **kwargs)
File "/usr/lib/python2.7/site-packages/kombu/connection.py", line 569, in __call__
self.revive(self.connection.default_channel)
File "/usr/lib/python2.7/site-packages/kombu/connection.py", line 819, in default_channel
self.connection
File "/usr/lib/python2.7/site-packages/kombu/connection.py", line 802, in connection
self._connection = self._establish_connection()
File "/usr/lib/python2.7/site-packages/kombu/connection.py", line 757, in _establish_connection
conn = self.transport.establish_connection()
File "/usr/lib/python2.7/site-packages/kombu/transport/pyamqp.py", line 130, in establish_connection
conn.connect()
File "/usr/lib/python2.7/site-packages/amqp/connection.py", line 295, in connect
self.transport.connect()
File "/usr/lib/python2.7/site-packages/amqp/transport.py", line 122, in connect
self.socket_settings, self.read_timeout, self.write_timeout,
File "/usr/lib/python2.7/site-packages/amqp/transport.py", line 184, in _init_socket
self._setup_transport()
File "/usr/lib/python2.7/site-packages/amqp/transport.py", line 289, in _setup_transport
self.sock = self._wrap_socket(self.sock, **self.sslopts or {})
File "/usr/lib/python2.7/site-packages/amqp/transport.py", line 296, in _wrap_socket
return ssl.wrap_socket(sock, **sslopts)
File "/usr/lib64/python2.7/ssl.py", line 936, in wrap_socket
ciphers=ciphers)
File "/usr/lib64/python2.7/ssl.py", line 611, in __init__
self.do_handshake()
File "/usr/lib64/python2.7/ssl.py", line 833, in do_handshake
self._sslobj.do_handshake()
SSLError: [SSL: SSLV3_ALERT_HANDSHAKE_FAILURE] sslv3 alert handshake failure (_ssl.c:579)
答案1
这似乎是 erlang 的问题。当我从 rabbitmq 配置中取出所有 EC 密码时,它就可以正常工作了