我的服务器APNS通知最近停止工作,调试后发现SSL python库在打开套接字时抛出以下错误:
File "/home/tam/repos/rest/api/tasks/notification_tasks.py", line 17, in apns_socket
self._apns_socket = apns.open_apns_socket()
File "/home/tam/repos/rest/api/utilities/apns.py", line 64, in open_apns_socket
return _apns_create_socket((settings.APNS_HOST, settings.APNS_PORT))
File "/home/tam/repos/rest/api/utilities/apns.py", line 49, in _apns_create_socket
sock.connect(address_tuple)
File "/usr/lib64/python3.5/ssl.py", line 1014, in connect
self._real_connect(addr, False)
File "/usr/lib64/python3.5/ssl.py", line 1005, in _real_connect
self.do_handshake()
File "/usr/lib64/python3.5/ssl.py", line 983, in do_handshake
self._sslobj.do_handshake()
File "/usr/lib64/python3.5/ssl.py", line 628, in do_handshake
self._sslobj.do_handshake()
ssl.SSLError: [SSL: TLSV1_ALERT_INTERNAL_ERROR] tlsv1 alert internal error (_ssl.c:645)
服务器上的代码没有任何变化。我已检查过APNS证书(它们尚未过期),以及我们的SSL证书(也未过期)。我不确定此时还有什么可能导致此错误。
以下是来自apns.py的相关代码行:
def open_apns_socket():
return _apns_create_socket((settings.APNS_HOST, settings.APNS_PORT))
def _apns_create_socket(address_tuple, is_dev=False):
certfile = settings.APS_CERTIFICATE
if not certfile:
raise ImproperlyConfigured('You need to set settings.APNS_CERTIFICATE')
try:
with open(certfile, "r") as f:
f.read()
except Exception as e:
raise ImproperlyConfigured("The APNS certificate file at %r is not readable: %s" % (certfile, e))
ca_certs = settings.APNS_CA_CERTIFICATES
sock = socket.socket()
sock = ssl.wrap_socket(sock, ssl_version=ssl.PROTOCOL_TLSv1, certfile=certfile, ca_certs=ca_certs)
sock.connect(address_tuple)
return sock
APNS_HOST =" gateway.push.apple.com"
APNS_PORT = 2195
答案 0 :(得分:0)
此错误原来是由服务器上过期的apns证书引起的。
服务器证书与我们的版本控制中的证书不同,我们的部署软件未对其进行更新。
发行新证书解决了这个问题。