ssl SSLError outines:SSL_CTX_use_certificate_chain_file:PEM lib

时间:2013-07-12 00:51:55

标签: python ssl openssl flask apple-push-notifications

在尝试对我的应用进行推送测试时,我收到以下错误:

Traceback (most recent call last):
  File "test.py", line 16, in <module>
    wrapper.notify()
  File "/usr/local/lib/python2.7/dist-packages/APNSWrapper-0.6.1-py2.7.egg/APNSWrapper/notifications.py", line 194, in notify
    apnsConnection.connect(apnsHost, self.apnsPort)
  File "/usr/local/lib/python2.7/dist-packages/APNSWrapper-0.6.1-py2.7.egg/APNSWrapper/connection.py", line 215, in connect
    self.context().connect(host, port)
  File "/usr/local/lib/python2.7/dist-packages/APNSWrapper-0.6.1-py2.7.egg/APNSWrapper/connection.py", line 161, in connect
    self.connectionContext.connect((host, port))
  File "/usr/lib/python2.7/ssl.py", line 331, in connect
    self._real_connect(addr, False)
  File "/usr/lib/python2.7/ssl.py", line 314, in _real_connect
    self.ca_certs, self.ciphers)
ssl.SSLError: [Errno 336445449] _ssl.c:365: error:140DC009:SSL routines:SSL_CTX_use_certificate_chain_file:PEM lib

我的脚本看起来像:

#!/usr/bin/env python
from APNSWrapper import *

deviceToken = '****************************************************************'

# create wrapper
wrapper = APNSNotificationWrapper('cert.pem', True)

# create message
message = APNSNotification()
message.token(deviceToken)
message.badge(28)

# add message to tuple and send it to APNS server
wrapper.append(message)
wrapper.notify()

此错误的原因是什么?

2 个答案:

答案 0 :(得分:11)

我之前没有在Python中遇到过那个特定错误,但它看起来非常像你的.pem文件中的OpenSSL - 我推测你使用的.pem文件不是正确的格式Python要求OpenSSL这样做。我打开了一个已知的好.pem文件,用垃圾数据替换了我的个人识别信息和公钥/私钥,这样你就可以了解非密码保护的.pem应该是什么样的。

PEM文件包含您的公钥和私钥。永远不要将其发布给其他人查看,因为他们可以查看您的私钥,然后冒充您或您的服务器!

注意:以下代码清单是一个完全伪造的随机数据集,用于演示.pem文件格式。考虑到不那么隐藏的“THIS_IS_JUST_RANDOM_CHARACTERS”文本应该有实际的密钥数据而不是随机字符数据,这个样本PEM即使是最随意的验证也会失败。

Bag Attributes
    friendlyName: Apple Development IOS Push Services: com.mycompany.myappidentifier
    localKeyID: 01 23 45 67 89 AB CD EF 01 23 45 67 89 AB CD EF 01 23 45 67 
subject=/UID=com.mycompany.myappidentifier/CN=Apple Development IOS Push Services: com.mycompany.myappidentifier/OU=ABC1234567/C=US
issuer=/C=US/O=Apple Inc./OU=Apple Worldwide Developer Relations/CN=Apple Worldwide Developer Relations Certification Authority
-----BEGIN CERTIFICATE-----
THIS_IS_JUST_RANDOM_CHARACTERS_90f0yGqSm7JmgJ0srvviZpn6cSMoCeymB
t449Y40dVKzDM809kpexmWuMrkjdnfaQmF15lYrpKOAu6t9sZPpFfIocovuW38pH
p4U9Rtt7TC4tVnMHYYk3Dsbu6lqcMeK9sp15Ffw8vcS9AHafNWeY9sjxe8oICcAt
mXV6RCcIjqADwf5yHS283SQ45K2DMQbOQ6ScMckLO1o6SC3VqWnkInMQPeVuLkbS
77BDaRF8X32pOLrwOKyn1CLJLvTDdOb9kWWBVSfvoZwCLinA99Pikc2Cmj0AUzPE
KHc4GvyqXzotjH9HsHnt8TNPEietXPZuILApztEEoAJwPhlJIiwdCkh66KlP7QJt
3l8iGCItGoMttokGGR99d7AaPbIwb7dZPjxc8TTBEoHXrHRrVCm4ogEazFiqfG5R
SCgwK4wyxtMxzgjaUJVq598i7QDmkcQxL8nPyqKvRxURuYMr37JZRFwMQpcmaNwD
Q7REjrz0DT3qZNZbEB4kSGy9Gcf3HfVZRfzlJV3jdOnw7ACvhB9r9uKdUW5U2Vrh
Sns6NVpXLHohtXOmWcrMVJfk4wvrmfj4zbj27MO4BVSushEI8f3lOzUY5RdQIA2v
UZfj47oADpxA0BnO5vysPZ4OcwLwQLoXTEFUiTHDkx7LxNXs0JhADiWnEh8w3c7u
OeGIYYDU713iBMEUC77kRGeOHzCNYSUG88vRl93b2AKvHM5TL9CFavAr9biSWTEJ
TCSvYNGv0BjZkmKgZkNQ0Th4Ip2JEBxS8uvBvR0oaF6zLZur3bc1Qi2W3lE7Ea15
aSZ4o1wMs3TeU8fNZHSCR6NtYNNRkqkoNNYZ4P7IoSafJSnV8sfxBc627jIlUJ7p
9Xrw0pbnSv2bjcvdZHDhX2bDBYb9mqvYAzgb08diOGEvF7B2H47ScL5RXPv5iPn1
CzeVCjuByc9hgQZVEoppzyXWpdBwsLgEsSgk1nCSpNItSFqvcu4QBDWeVb9wl44A
O0SX8rll0jlpbPrWggoGjp5ibJlVXJu70cezccOeturNjhJ4jOLk4yAZsGD10uv6
yjm4VGwhAzsXgZqaKT29FmIjLVJVfOgsgxAbGI1jgt9rp5kTJZCI2EXRAOOrAUsF
KUrwynHd9PXCWJLNLHL5nzusPBtRy6C2WXJZgeFYcZ7L7hQ60Fw3IeoyU8AD8GhE
x1Cv7GADu82kmFPXrkZJgRS6cbtDavMtG8iYCg5Vw8s8l2QglaxqdkXXxcH5TG6c
Ddcapm7BDpdrvJVwnCqQ8k4i8UlRYXrjYVqh81RSfVjhkfB1QRzBMwPSX1gN61wD
5m1yiWY9kMHHLhY2jux9rr5MwrRBZLhmjgERwJu89aGIW9cAVXSITZAONTzGI2Zx
g8L3U2lr7b4zcNuq6pNKuYwpzKrQUK5ou7HWectN9g91yqqmprCO3I8WZCq4W2F2
GYmwloL1YcoOFpfLSZHijAQOmwppz9VGNbqZn9F27xNUzQhddm8F06vICjQTflBH
caViw2GaKNLMJm2c4B7saOyqLbthyI59YkyrM9hTQK3fGqQpKJosgEQyFg4KZrRx
NlkYidUDYy5htWp4kFLW9QmRgoCLtqZyNIOUbdE4dxntPCcGjU5VSGa0ofpxZaMr
pVLC1GGP4r02yP6aZj04njKJmNrvHEK9sr8S452UVwyRIkIfoiBlCkmmRCVnELa8
sraVxhpwmLIQC1E4DCIyFH6pPi7VYOh5pZewBlAiFyaHRThVKBSn11dzl714qyqy
zQaNjHXLP4oWSAEgPHtimCpLgRhhZO2neOwI7ptW7n3WncvW92Fs1Q3FaGujVw0x
NkpEf4pHfUT4ZK4UdsQzVokyMhptMg03ZLNQ7mkNhkrAPmR5Y7K2zDYBtQ45WULg
97mCUJ3TCMffVFd3szYF
-----END CERTIFICATE-----
Bag Attributes
    friendlyName: Common Name From Keychain Access CSR Wizard
    localKeyID: AB CD EF 01 23 45 67 89 AB CD EF 01 23 45 67 89 AB CD EF 01 
Key Attributes: <No Attributes>
-----BEGIN RSA PRIVATE KEY-----
THIS_IS_JUST_RANDOM_CHARACTERS_1YKVrMNhmg68Qt026SWMxtaKiVtHG2yYS
V3gdLgqujtp4rpWONYoLQKhlW923yzrxYuSUhC8LiNDlAjicrJXZVj4vYhwdydSS
QBnDaxc5U2NYev0tCEbPTpYDERAsdE7WTBwaTuEyWEoqTsPQLucohKY2E7UzoZcZ
BttZaX0vLy3W7y22dSKtIghJMEy8MENjeJkET6Xaf4ozC7DNr2g1dBICPT42Hx77
GagtxA2OyxW7qkB8GTnOncXWDbli1y5eYIjb0GZNQVSmGEBl5ykNvhbzpqc53nfN
NJNMO1mEIaDo3GZIVfv3gpiNGpaplofix2DZJOaQBh4s0X3gwc3Y9f1Ta39tYdVh
h04JCDdliIfbjp4T6pDJQeebaBPczOne2gFHMOHGlxcfYbNzlqgBhzdoqH25nKN4
hThTUQioisjUrUayiyPkMAJFdKn37iff1XHOmCFEJqL7eMayeyLk55hWLLBi4Q7I
wUH9rbR2LnfXdCf25jyRbZQx3uKhjnwZrZL9Pg2OF9nvl1B1UnTtyOHP7uP989u1
qNiNIS347PLN2tvEIEaFQ26ESY9YpPhcpMWLpJEN6nyer1LcrRQfTPXnoqPKIEDc
KBnpPyvNxC7EeruwkwWbRdpuOPJ8hFKiY9SwSbJvPb4mBXmSo5mfKaZfy2IuJdTV
dTQ49Lq3rMDwYsRTAS6Id2I9lFruU5vXR7BtCP5u8QV480f6wU17IPn3mgezXtNU
R0SSEjVCGWQUZXvEmlLTnqD5T7IHlat7IbKvcaKp6skvJUFanKgCXn7PW6FzuQyF
QfbGEAmzEIq7UT83WOxCsbUR26kJutIejjcnZWZQ3tMG9wtZysYXkAiCDEMUdSZl
Y7h5oE5rVeYyT7SXtDhVnNeDmcqIO2VcHt7HFsVQVMUAalA9mnEMjHkxAbgp1mCo
NxdMzNb44IWAaSM6CmjjMt07GTJsjthXTreFoOm9oWGSIEo67piyIRJP8xmdOitB
ITLHC9h89kV4vfAJZrrCOxSlcsNADCAS1SJW6kzJn7CxVucnszKZ8sQdc8Xqvqsu
4CpFs1arZYZ3IE9dOY28LJuuegSBSf6EOTSHK5OOzL6IenrhTUbLSFQpoYF3yNo1
OfpoyVHltjCeqTHMQjhrY9cokfHsecRR8EZMAAxFDo3YvgVyLzvjvY114NMVkxHh
5sw7wL4xKE8UxzL4Eew1t8HjSlypLF7s5plq6wtOfEn9HYRKJVGYBT5x2oZm9m6b
rlVzKeASUuzOXBeNafwYOgXAFBq0i1lw7nkLfyZaeETfE00GxhceK6bnT0UfBMb5
rvU4Yz1pNhYvG4ZhKJYaiJvzQW6jSYFEyWh8hWPrSco42eMPYms0lxK9Fy4tbHuP
0XsjURq6aY9P6Cg1ugPM5ad3kOtr8MrJwRLmp94ucwJASuWXj48QH45sVaZbcsKU
ZwVfKpGke3urr9DtznZnv4QdBSlPhS3e4CihQDdhWZJMPxh1DNRrBWBn7xiOZqEm
oC7zbfjNtpvhOThz4MCDzJeCtGfI8irjdYFi2eqefZ6lLaoZFYBi
-----END RSA PRIVATE KEY-----

如果您的PEM具有不同的格式(可能是Binary?缺少公钥或私钥部分?此示例中没有的其他部分?)那么您需要从PKCS#12导出运行转换或重新导出PEM来自OS X中的Keychain Access。转换步骤会根据您实际拥有的文件类型而有所不同,因此我无法在没有其他信息的情况下向您提供任何指导,但我可以为您提供有关如何进行重新操作的说明。从OS X中的Keychain Access导出PEM:

  1. 打开钥匙串访问。
  2. 在“登录”钥匙串中,搜索“我的证书”或“所有项目”类别,查找“Apple Production iOS推送服务:your.apps.app.id”
  3. 右键单击从该搜索返回的项目,然后选择“导出”选项。
  4. 将“个人信息交换(.p12)”文件保存在易于访问的位置。
  5. 指定您可以记住的.p12文件的密码,并按照屏幕上的提示通过Keychain进行身份验证以导出数据。
  6. 打开终端并将'cd'放入上一步包含.p12的目录中。
  7. 对.p12文件名执行以下命令:openssl pkcs12 -in FILENAME.p12 -out FILENAME.pem -nodes
  8. 出现提示时,输入您在步骤5中创建的.p12文件密码,然后按enter键。
  9. 将PEM移至您的服务器并在必要时更新任何代码引用。
  10. 同样,这是基于您在问题中列出的错误代码的所有推测,但请试一试,让我们知道事情的进展情况。

答案 1 :(得分:0)

据我所知,我得到了同样的错误,因为我忽略了在openssl命令中使用-x509标志。 According to the documentation,没有此命令,openssl只生成“证书请求”,而不是实际的自签名证书,这就是我想要的。

openssl req -x509 -nodes -newkey rsa:2048 -keyout key.pem -out cert.pem -subj "/CN=*.example.com"
              ^
   (make sure you use this)

如果我错了,请纠正我。我只是把它放在这里,以防它帮助某人。