0

由于无效的 ssl 证书,我很难尝试将 errbot 连接到开发 HipChat 服务器。

日志:

21:16:01 DEBUG    sleekxmpp.xmlstream.xmlst Event triggered: ssl_cert
21:16:01 ERROR    sleekxmpp.xmlstream.xmlst Could not match certficate against hostname: chat.btf.hipchat.com
21:16:01 DEBUG    sleekxmpp.xmlstream.xmlst Event triggered: session_end
21:16:01 DEBUG    sleekxmpp.xmlstream.xmlst Event triggered: disconnected
21:16:01 INFO     errbot.core               Disconnect callback, deactivating all the plugins.
21:16:01 DEBUG    sleekxmpp.thirdparty.stat  ==== TRANSITION connected -> disconnected
21:16:01 DEBUG    sleekxmpp.xmlstream.xmlst SEND (IMMED): <stream:stream to='chat.btf.hipchat.com' xmlns:stream='http://etherx.jabber.org/streams' xmlns='jabber:client' xml:lang='en' version='1.0'>
21:16:01 DEBUG    sleekxmpp.xmlstream.xmlst Event triggered: socket_error
21:16:01 WARNING  sleekxmpp.xmlstream.xmlst Failed to send b"<stream:stream to='chat.btf.hipchat.com' xmlns:stream='http://etherx.jabber.org/streams' xmlns='jabber:client' xml:lang='en' version='1.0'>"
21:16:01 DEBUG    sleekxmpp.xmlstream.xmlst Event triggered: session_end
21:16:01 DEBUG    sleekxmpp.xmlstream.xmlst Event triggered: socket_error
21:16:01 DEBUG    sleekxmpp.xmlstream.xmlst Event triggered: disconnected
21:16:01 INFO     errbot.core               Disconnect callback, deactivating all the plugins.
21:16:01 DEBUG    sleekxmpp.thirdparty.stat  ==== TRANSITION connected -> disconnected
21:16:01 DEBUG    sleekxmpp.xmlstream.xmlst Event triggered: socket_error
21:16:01 ERROR    sleekxmpp.xmlstream.xmlst Socket Error #9: Bad file descriptor

即使我在 BOT_IDENTITY 以及 XMPP_CA_CERT_FILE = None 在配置中指定了“'verify': False”,Errbot 也会保留验证证书。

部分配置:

BOT_IDENTITY = {
    ## HipChat mode (Comment the above if using this mode)
    'username' : '1_2@chat.btf.hipchat.com',
    'password' : '123qweASD',
    ## Group admins can create/view tokens on the settings page after logging
    ## in on HipChat's website
    'token'    : 'sometoken',
    ## If you're using HipChat server (self-hosted HipChat) then you should set
    ## the endpoint below. If you don't use HipChat server but use the hosted version
    ## of HipChat then you may leave this commented out.
    'endpoint' : 'hipchat.test.intra',
    'verify': False,
}
XMPP_CA_CERT_FILE = None

任何如何使它工作的想法都非常感谢。

4

1 回答 1

0

此错误的根源发生在验证证书在主机名和有效日期方面有效的验证函数中。

XMPP_CA_CERT_FILEerrbot 配置中的 set 值最终会传递给ca_certsXMLStream 类,用于影响cert_policy. 设置ssl.CERT_NONE,但即便如此,它仍然调用 verify

这意味着目前您可以拥有没有有效信任根的(可能是自签名的)证书,但您仍然必须确保您连接的主机名与证书的主机名 (CN) 匹配。(这是 errbot 使用的底层 XMPP 库 SleekXMPP 强加给我们的东西,而不是直接来自 errbot 本身的东西)。

于 2017-01-28T22:36:26.013 回答