Qpid Proton在Python 3.10中的SSL问题

huangapple go评论70阅读模式
英文:

Qpid Proton SSL problems in Python 3.10

问题

我想创建一个带有SSL的AMQP客户端并连接到我的ActiveMQ Artemis代理。为此,我从Qpid Proton存储库中拿了一个示例项目,并进行了一些修改:

def on_start(self, event):
    ssl_domain = SSLDomain(SSLDomain.MODE_CLIENT)
    ssl_domain.set_credentials(cert_file=str('./ssl/cert.pem'),
                               key_file=str('./ssl/key.pem'),
                               password=str('QWErty123'))
    ssl_domain.set_trusted_ca_db(certificate_db=str('./ssl/ca.pem'))
    ssl_domain.set_peer_authentication(SSLDomain.VERIFY_PEER_NAME)

    self.container = event.container
    self.conn = event.container.connect(self.url, ssl_domain=ssl_domain, allowed_mechs="EXTERNAL")
    self.server = event.container.create_sender(self.url)

cert.pemca.pem 包含 BEGIN/END CERTIFICATE,key.pem 包含 BEGIN/END PRIVATE KEY。URL是:

amqps://localhost:61616/Server.RQ

当我尝试在Windows 10中运行项目时,出现错误:

Traceback (most recent call last):
  File "C:\Users\Daemon2017\PycharmProjects\python-server\server\client.py", line 43, in <module>
    Container(Send("amqps://localhost:61616/Server.RQ", "Client.RQ")).run()
  File "C:\Program Files\Python310\lib\site-packages\proton\_reactor.py", line 197, in run
    while self.process():
  ...
proton._exceptions.Timeout: SSL failure.

我假设Windows库可能出了问题,尝试在Ubuntu中运行项目时出现不同的错误:

Traceback (most recent call last):
  File "/home/daemon2017/python-server/server/client.py", line 43, in <module>
    Container(Send("amqps://localhost:61616/Server.RQ", "Client.RQ")).run()
  ...
proton._exceptions.SSLUnavailable

我在做什么错了?

版本信息:

  • Python 3.10.0
  • python-qpid-proton 0.38.0
英文:

I want to create an AMQP client with SSL and connect to my ActiveMQ Artemis broker. For this task I took an example project from the Qpid Proton repository and modified it a bit:

 def on_start(self, event):
        ssl_domain = SSLDomain(SSLDomain.MODE_CLIENT)
        ssl_domain.set_credentials(cert_file=str(&#39;./ssl/cert.pem&#39;),
                                   key_file=str(&#39;./ssl/key.pem&#39;),
                                   password=str(&#39;QWErty123&#39;))
        ssl_domain.set_trusted_ca_db(certificate_db=str(&#39;./ssl/ca.pem&#39;))
        ssl_domain.set_peer_authentication(SSLDomain.VERIFY_PEER_NAME)

        self.container = event.container
        self.conn = event.container.connect(self.url, ssl_domain=ssl_domain, allowed_mechs=&quot;EXTERNAL&quot;)
        self.server = event.container.create_sender(self.url)

cert.pem and ca.pem contain BEGIN/END CERTIFICATE, and key.pem contains BEGIN/END PRIVATE KEY. URL is:

amqps://localhost:61616/Server.RQ

When I'm trying to run the project in Windows 10 I'm getting an error:

Traceback (most recent call last):
  File &quot;C:\Users\Daemon2017\PycharmProjects\python-server\server\client.py&quot;, line 43, in &lt;module&gt;
    Container(Send(&quot;amqps://localhost:61616/Server.RQ&quot;, &quot;Client.RQ&quot;)).run()
  File &quot;C:\Program Files\Python310\lib\site-packages\proton\_reactor.py&quot;, line 197, in run
    while self.process():
  File &quot;C:\Program Files\Python310\lib\site-packages\proton\_reactor.py&quot;, line 260, in process
    event.dispatch(handler)
  File &quot;C:\Program Files\Python310\lib\site-packages\proton\_events.py&quot;, line 161, in dispatch
    self.dispatch(h, type)
  File &quot;C:\Program Files\Python310\lib\site-packages\proton\_events.py&quot;, line 158, in dispatch
    _dispatch(handler, type.method, self)
  File &quot;C:\Program Files\Python310\lib\site-packages\proton\_events.py&quot;, line 129, in _dispatch
    m(*args)
  File &quot;C:\Program Files\Python310\lib\site-packages\proton\_handlers.py&quot;, line 753, in on_reactor_init
    self.on_start(event)
  File &quot;C:\Users\Daemon2017\PycharmProjects\python-server\server\client.py&quot;, line 16, in on_start
    ssl_domain.set_credentials(cert_file=str(&#39;./ssl/cert.pem&#39;),
  File &quot;C:\Program Files\Python310\lib\site-packages\proton\_transport.py&quot;, line 755, in set_credentials
    return self._check(pn_ssl_domain_set_credentials(self._domain,
  File &quot;C:\Program Files\Python310\lib\site-packages\proton\_transport.py&quot;, line 725, in _check
    raise exc(&quot;SSL failure.&quot;)
proton._exceptions.Timeout: SSL failure.

I assumed that something was wrong with the Windows libraries and tried to run the project in Ubuntu and got a different error:

Traceback (most recent call last):
  File &quot;/home/daemon2017/python-server/server/client.py&quot;, line 43, in &lt;module&gt;
    Container(Send(&quot;amqps://localhost:61616/Server.RQ&quot;, &quot;Client.RQ&quot;)).run()
  File &quot;/home/daemon2017/.local/lib/python3.10/site-packages/proton/_reactor.py&quot;, line 197, in run
    while self.process():
  File &quot;/home/daemon2017/.local/lib/python3.10/site-packages/proton/_reactor.py&quot;, line 260, in process
    event.dispatch(handler)
  File &quot;/home/daemon2017/.local/lib/python3.10/site-packages/proton/_events.py&quot;, line 161, in dispatch
    self.dispatch(h, type)
  File &quot;/home/daemon2017/.local/lib/python3.10/site-packages/proton/_events.py&quot;, line 158, in dispatch
    _dispatch(handler, type.method, self)
  File &quot;/home/daemon2017/.local/lib/python3.10/site-packages/proton/_events.py&quot;, line 129, in _dispatch
    m(*args)
  File &quot;/home/daemon2017/.local/lib/python3.10/site-packages/proton/_handlers.py&quot;, line 753, in on_reactor_init
    self.on_start(event)
  File &quot;/home/daemon2017/python-server/server/client.py&quot;, line 15, in on_start
    ssl_domain = SSLDomain(SSLDomain.MODE_CLIENT)
  File &quot;/home/daemon2017/.local/lib/python3.10/site-packages/proton/_transport.py&quot;, line 720, in __init__
    raise SSLUnavailable()
proton._exceptions.SSLUnavailable

What am I doing wrong?

Versions:

  • Python 3.10.0

  • python-qpid-proton 0.38.0

答案1

得分: 0

  1. 我意识到我正在处理两个不同的问题:

  2. Linux: QPID Proton 无法找到 SSL/SASL;

  3. Windows: Windows 无法使用 Linux 的 PEM 证书。

我成功解决了这两个问题:

  1. 我创建了一个 bash 管道,按正确顺序为 Ubuntu 20.04.6 LTS/22.04.1 LTS 安装所有依赖项:

    sudo add-apt-repository ppa:deadsnakes/ppa
    sudo apt-get install python3.9 python3-pip python3.9-dev python3.9-distutils pkg-config swig libsasl2-dev libssl-dev
    python3.9 -m pip install python-qpid-proton --verbose --no-cache-dir
    python3.9 -c "import proton; print('%s' % 'SSL present' if proton.SSL.present() else 'SSL NOT AVAILABLE')"

  2. 我将我的 Linux PEM 证书转换为 Windows p12 格式:

    openssl pkcs12 -export -out cert.p12 -passin pass:MYPASS -passout pass:MYPASS -inkey key.pem -in cert.pem -name cert_friendlyname
    openssl pkcs12 -export -out ca.p12 -in ca.pem -name ca-certificate -nokeys -passout pass:

现在它可以正常工作:

ssl_domain.set_credentials(cert_file=str('./ssl/cert.p12'),
                           key_file=str('cert_friendlyname'),
                           password=str('QWErty123'))
ssl_domain.set_trusted_ca_db(certificate_db=str('./ssl/ca.p12'))
英文:

I realized that I was dealing with two different problems:

  1. Linux: QPID Proton can't find SSL/SASL;
  2. Windows: Windows can't use Linux's PEM certs.

I managed to solve both problems:

1)I've created a bash-pipeline, that installs all dependencies for Ubuntu 20.04.6 LTS/22.04.1 LTS in a right order:

sudo add-apt-repository ppa:deadsnakes/ppa
sudo apt-get install python3.9 python3-pip python3.9-dev python3.9-distutils pkg-config swig libsasl2-dev libssl-dev
python3.9 -m pip install python-qpid-proton --verbose --no-cache-dir
python3.9 -c &quot;import proton; print(&#39;%s&#39; % &#39;SSL present&#39; if proton.SSL.present() else &#39;SSL NOT AVAILBLE&#39;)&quot;

2)I've converted my Linux PEM to Windows p12:

openssl pkcs12 -export -out cert.p12 -passin pass:MYPASS -passout pass:MYPASS -inkey key.pem -in cert.pem -name cert_friendlyname
openssl pkcs12 -export -out ca.p12 -in ca.pem -name ca-certificate -nokeys -passout pass:

And now it works fine:

ssl_domain.set_credentials(cert_file=str(&#39;./ssl/cert.p12&#39;),
                           key_file=str(&#39;cert_friendlyname&#39;),
                           password=str(&#39;QWErty123&#39;))
ssl_domain.set_trusted_ca_db(certificate_db=str(&#39;./ssl/ca.p12&#39;))

huangapple
  • 本文由 发表于 2023年4月10日 21:25:19
  • 转载请务必保留本文链接:https://go.coder-hub.com/75977531.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定