我的应用程序有一个服务器,其中等待连接如下:
json.dump客户端通过以下方式连接到服务器:
sckt = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
server = ('', port_server)
sckt.bind(server)
sckt.listen(5)
try:
while True:
new_sckt, client = sckt.accept()
conn = ssl.wrap_socket(new_sckt, server_side=True, ca_certs=certClient, cert_reqs=ssl.CERT_REQUIRED, certfile=certServer, keyfile=keyServer)
_thread.start_new_thread(self.waitUserCommand, tuple([conn, client]))
finally:
conn.close()
在某些客户端连接后发生故障,出现以下消息:
sckt = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
conn = ssl.wrap_socket(sckt, server_side=False, ca_certs=certServer, cert_reqs = ssl.CERT_REQUIRED, certfile=certClient, keyfile=keyClient)
conn.connect((ip_server, port_server))
有趣的是,在连接结束后和下一次连接开始之前会发生此错误。即,客户端处于脱机状态,服务器只等待新连接(不执行任何操作)。此外,我的应用程序使用另一台以类似方式工作的服务器,但在我的实验中没有发生任何故障。
答案 0 :(得分:1)
让我们调试一下。
do_handshake():
错误:
SSL_R_HTTP_REQUEST:
让我们看一下openssl的来源:
git clone git://git.openssl.org/openssl.git
cd openssl
其中是HTTP_REQUEST:
➜ openssl git:(master) grep -Rn 'HTTP_REQUEST' .
./crypto/err/openssl.txt:2454:SSL_R_HTTP_REQUEST:156:http request
./include/openssl/sslerr.h:530:# define SSL_R_HTTP_REQUEST 156
./ssl/record/ssl3_record.c:316: SSL_R_HTTP_REQUEST);
./ssl/ssl_err.c:845: {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_HTTP_REQUEST), "http request"},
./test/ossl_shim/ossl_config.json:260: ":HTTP_REQUEST:":"http request",
在openssl中发生了什么:
➜ openssl git:(master) grep -Rn 'SSL_R_HTTP_REQUEST' -A 20 -B 20 openssl/ssl/record/ssl3_record.c
openssl/ssl/record/ssl3_record.c-296- /*
openssl/ssl/record/ssl3_record.c-297- * Send back error using their minor version number :-)
openssl/ssl/record/ssl3_record.c-298- */
openssl/ssl/record/ssl3_record.c-299- s->version = (unsigned short)version;
openssl/ssl/record/ssl3_record.c-300- }
openssl/ssl/record/ssl3_record.c-301- SSLfatal(s, SSL_AD_PROTOCOL_VERSION, SSL_F_SSL3_GET_RECORD,
openssl/ssl/record/ssl3_record.c-302- SSL_R_WRONG_VERSION_NUMBER);
openssl/ssl/record/ssl3_record.c-303- return -1;
openssl/ssl/record/ssl3_record.c-304- }
openssl/ssl/record/ssl3_record.c-305-
openssl/ssl/record/ssl3_record.c-306- if ((version >> 8) != SSL3_VERSION_MAJOR) {
openssl/ssl/record/ssl3_record.c-307- if (RECORD_LAYER_is_first_record(&s->rlayer)) {
openssl/ssl/record/ssl3_record.c-308- /* Go back to start of packet, look at the five bytes
openssl/ssl/record/ssl3_record.c-309- * that we have. */
openssl/ssl/record/ssl3_record.c-310- p = RECORD_LAYER_get_packet(&s->rlayer);
openssl/ssl/record/ssl3_record.c-311- if (strncmp((char *)p, "GET ", 4) == 0 ||
openssl/ssl/record/ssl3_record.c-312- strncmp((char *)p, "POST ", 5) == 0 ||
openssl/ssl/record/ssl3_record.c-313- strncmp((char *)p, "HEAD ", 5) == 0 ||
openssl/ssl/record/ssl3_record.c-314- strncmp((char *)p, "PUT ", 4) == 0) {
openssl/ssl/record/ssl3_record.c-315- SSLfatal(s, SSL_AD_NO_ALERT, SSL_F_SSL3_GET_RECORD,
openssl/ssl/record/ssl3_record.c:316: SSL_R_HTTP_REQUEST);
openssl/ssl/record/ssl3_record.c-317- return -1;
openssl/ssl/record/ssl3_record.c-318- } else if (strncmp((char *)p, "CONNE", 5) == 0) {
openssl/ssl/record/ssl3_record.c-319- SSLfatal(s, SSL_AD_NO_ALERT, SSL_F_SSL3_GET_RECORD,
openssl/ssl/record/ssl3_record.c-320- SSL_R_HTTPS_PROXY_REQUEST);
openssl/ssl/record/ssl3_record.c-321- return -1;
openssl/ssl/record/ssl3_record.c-322- }
openssl/ssl/record/ssl3_record.c-323-
openssl/ssl/record/ssl3_record.c-324- /* Doesn't look like TLS - don't send an alert */
openssl/ssl/record/ssl3_record.c-325- SSLfatal(s, SSL_AD_NO_ALERT, SSL_F_SSL3_GET_RECORD,
openssl/ssl/record/ssl3_record.c-326- SSL_R_WRONG_VERSION_NUMBER);
openssl/ssl/record/ssl3_record.c-327- return -1;
openssl/ssl/record/ssl3_record.c-328- } else {
openssl/ssl/record/ssl3_record.c-329- SSLfatal(s, SSL_AD_PROTOCOL_VERSION,
openssl/ssl/record/ssl3_record.c-330- SSL_F_SSL3_GET_RECORD,
openssl/ssl/record/ssl3_record.c-331- SSL_R_WRONG_VERSION_NUMBER);
openssl/ssl/record/ssl3_record.c-332- return -1;
openssl/ssl/record/ssl3_record.c-333- }
openssl/ssl/record/ssl3_record.c-334- }
暂定答案
当服务器响应时,ssl服务器期待HTTP响应,但没有收到响应?要问的其他问题是什么版本的OpenSSL?什么版本的Python3.6到底是什么?
为什么没有看到? :
strncmp((char *)p, "GET ", 4) == 0 ||
strncmp((char *)p, "POST ", 5) == 0 ||
strncmp((char *)p, "HEAD ", 5) == 0 ||
strncmp((char *)p, "PUT ", 4) == 0)
也许,没有客户端连接,并且没有在空的套接字请求上处理错误,或类似的东西?