我有这个Python代码,该代码应该使用证书并通过服务器的IP地址(没有可用的FQDN)连接到服务器,但是每次尝试都会出现错误:
ssl_transport_security.cc:222] LOOP - TLS client process_change_ciph - !!!!!!
ssl_transport_security.cc:222] LOOP - TLS client read_server_finishe - !!!!!!
ssl_transport_security.cc:222] LOOP - TLS client finish_client_hands - !!!!!!
ssl_transport_security.cc:222] LOOP - TLS client done - !!!!!!
ssl_transport_security.cc:222] HANDSHAKE DONE - TLS client done - !!!!!!
security_handshaker.cc:184] Security handshake failed: {"created":"@1582052112.923538253","description":"Peer name 172.18.0.14 is not in peer certificate","file":"src/core/lib/security/security_connector/ssl/ssl_security_connector.cc","file_line":55}
subchannel.cc:1003] Connect failed: {"created":"@1582052112.923538253","description":"Peer name 172.18.0.14 is not in peer certificate","file":"src/core/lib/security/security_connector/ssl/ssl_security_connector.cc","file_line":55}
subchannel.cc:940] Subchannel 0x55ad70542020: Retry immediately
subchannel.cc:967] Failed to connect to channel, retrying
据我了解,这可能是由于我连接到ip地址而不是FQDN,但它们是服务器,并且我只能访问IP地址。知道如何克服这个问题吗?
使用的Python代码:
def get_secure_channel(host, port):
if os.environ.get('https_proxy'):
del os.environ['https_proxy']
if os.environ.get('http_proxy'):
del os.environ['http_proxy']
with open(os.path.join(settings.DJANGO_ROOT, '../grpc_proto/cert/server.crt'), 'rb') as f:
cert = f.read()
credentials = grpc.ssl_channel_credentials(root_certificates=cert)
return grpc.secure_channel('{}:{}'.format(host, port), credentials)
def reset_client(channel, ip_address):
stub = dnsadblock_pb2_grpc.DnsadblockServiceStub(channel)
return stub.ResetClient(dnsadblock_pb2.ResetClientRequest(ipAddress=ip_address))
channel = get_secure_channel(c.server.hostname, settings.GRPC_PORT)
rpc.reset_client(channel, c.ip_address)
答案 0 :(得分:0)
https://support.dnsimple.com/articles/what-is-common-name/
在这种情况下,您连接的端点与对等方证书的描述不匹配。因此,连接被拒绝。您可以尝试使用证书中的CN之一来连接到服务器。或将端点添加到您的证书中。