0

相同的代码可以在 Ubuntu 上运行,而不是在 Centos 上运行!防火墙已经关闭!

Ubuntu 16.04,python 版本 3.5.2。

Centos 7,python 版本 3.5.2。

Ubuntu和centos是virtualbox新安装的!RabbitMq 配置 tls!</p>

在 Centos 上,如果 connect rabbitmq disable ssl 是可以的,但是如果 connect rabbitmq enable ssl 失败。

你能帮助我吗?非常感谢!

这是 rabbitmq 配置:

rabbit, [
        { loopback_users, [ ] },
        { tcp_listeners, [ 5672 ] },
        { ssl_listeners, [ 5671 ] },
        { ssl_options, [
                { cacertfile, "/ca/private/ca.crt" },
                { certfile, "/ca/server/server.pem" },
                { fail_if_no_peer_cert, false },
                { keyfile, "/ca/server/server.key" },
                { verify, verify_peer }
        ] },
        { hipe_compile, false }
]

这是代码:

#!/usr/bin/env python3.5
import pika
import ssl

ssl_options = {    
    "ca_certs":"/root/ca/private/ca.crt",
    "certfile": "/root/ca/rbq/client.crt",
    "keyfile": "/root/ca/rbq/client.key",
    "cert_reqs": ssl.CERT_REQUIRED,
    "ssl_version":ssl.PROTOCOL_TLSv1_2
}
credentials = pika.PlainCredentials('ttttt', '123456')
parameters = pika.ConnectionParameters(host='192.168.1.164',
                                       port=5671,
                                       virtual_host='/',
                                       heartbeat_interval = 0,
                                       credentials=credentials,
                                       ssl = True,
                                       ssl_options = ssl_options)
connection = pika.BlockingConnection(parameters)
connection.close()

这是错误消息:

Traceback (most recent call last):
  File "./rb.py", line 20, in <module>
    connection = pika.BlockingConnection(parameters)
  File "/usr/local/lib/python3.5/site-packages/pika/adapters/blocking_connection.py", line 339, in __init__
    self._process_io_for_connection_setup()
  File "/usr/local/lib/python3.5/site-packages/pika/adapters/blocking_connection.py", line 374, in _process_io_for_connection_setup
    self._open_error_result.is_ready)
  File "/usr/local/lib/python3.5/site-packages/pika/adapters/blocking_connection.py", line 395, in _flush_output
    raise exceptions.ConnectionClosed()
pika.exceptions.ConnectionClosed

这个rabbitmq服务器日志:

[root@master1 rabbitmq]# tail rabbit@master1.log 
SSL: certify: ssl_alert.erl:93:Fatal error: decrypt error

=INFO REPORT==== 22-Aug-2016::12:50:48 ===
accepting AMQP connection <0.22118.20> (192.168.1.131:48526 -> 192.168.1.164:5671)

=INFO REPORT==== 22-Aug-2016::12:50:48 ===
closing AMQP connection <0.22118.20> (192.168.1.131:48526 -> 192.168.1.164:5671)

=ERROR REPORT==== 22-Aug-2016::12:54:04 ===
SSL: certify: ssl_alert.erl:93:Fatal error: decrypt error
4

1 回答 1

0

我的服务器证书使用 md5WithRSAEncryption 作为签名算法

关于 openssl 的 redhat 文档

我将算法更新为 SHA256。我工作正常!:)

谢谢阿飞!

于 2016-08-24T10:04:01.930 回答