英文:
Qpid Proton SSL problems in Python 3.10
问题
我想创建一个带有SSL的AMQP客户端并连接到我的ActiveMQ Artemis代理。为此,我从Qpid Proton存储库中拿了一个示例项目,并进行了一些修改:
def on_start(self, event):
ssl_domain = SSLDomain(SSLDomain.MODE_CLIENT)
ssl_domain.set_credentials(cert_file=str('./ssl/cert.pem'),
key_file=str('./ssl/key.pem'),
password=str('QWErty123'))
ssl_domain.set_trusted_ca_db(certificate_db=str('./ssl/ca.pem'))
ssl_domain.set_peer_authentication(SSLDomain.VERIFY_PEER_NAME)
self.container = event.container
self.conn = event.container.connect(self.url, ssl_domain=ssl_domain, allowed_mechs="EXTERNAL")
self.server = event.container.create_sender(self.url)
cert.pem 和 ca.pem 包含 BEGIN/END CERTIFICATE,key.pem 包含 BEGIN/END PRIVATE KEY。URL是:
amqps://localhost:61616/Server.RQ
当我尝试在Windows 10中运行项目时,出现错误:
Traceback (most recent call last):
File "C:\Users\Daemon2017\PycharmProjects\python-server\server\client.py", line 43, in <module>
Container(Send("amqps://localhost:61616/Server.RQ", "Client.RQ")).run()
File "C:\Program Files\Python310\lib\site-packages\proton\_reactor.py", line 197, in run
while self.process():
...
proton._exceptions.Timeout: SSL failure.
我假设Windows库可能出了问题,尝试在Ubuntu中运行项目时出现不同的错误:
Traceback (most recent call last):
File "/home/daemon2017/python-server/server/client.py", line 43, in <module>
Container(Send("amqps://localhost:61616/Server.RQ", "Client.RQ")).run()
...
proton._exceptions.SSLUnavailable
我在做什么错了?
版本信息:
- Python 3.10.0
- python-qpid-proton 0.38.0
英文:
I want to create an AMQP client with SSL and connect to my ActiveMQ Artemis broker. For this task I took an example project from the Qpid Proton repository and modified it a bit:
def on_start(self, event):
ssl_domain = SSLDomain(SSLDomain.MODE_CLIENT)
ssl_domain.set_credentials(cert_file=str('./ssl/cert.pem'),
key_file=str('./ssl/key.pem'),
password=str('QWErty123'))
ssl_domain.set_trusted_ca_db(certificate_db=str('./ssl/ca.pem'))
ssl_domain.set_peer_authentication(SSLDomain.VERIFY_PEER_NAME)
self.container = event.container
self.conn = event.container.connect(self.url, ssl_domain=ssl_domain, allowed_mechs="EXTERNAL")
self.server = event.container.create_sender(self.url)
cert.pem and ca.pem contain BEGIN/END CERTIFICATE, and key.pem contains BEGIN/END PRIVATE KEY. URL is:
amqps://localhost:61616/Server.RQ
When I'm trying to run the project in Windows 10 I'm getting an error:
Traceback (most recent call last):
File "C:\Users\Daemon2017\PycharmProjects\python-server\server\client.py", line 43, in <module>
Container(Send("amqps://localhost:61616/Server.RQ", "Client.RQ")).run()
File "C:\Program Files\Python310\lib\site-packages\proton\_reactor.py", line 197, in run
while self.process():
File "C:\Program Files\Python310\lib\site-packages\proton\_reactor.py", line 260, in process
event.dispatch(handler)
File "C:\Program Files\Python310\lib\site-packages\proton\_events.py", line 161, in dispatch
self.dispatch(h, type)
File "C:\Program Files\Python310\lib\site-packages\proton\_events.py", line 158, in dispatch
_dispatch(handler, type.method, self)
File "C:\Program Files\Python310\lib\site-packages\proton\_events.py", line 129, in _dispatch
m(*args)
File "C:\Program Files\Python310\lib\site-packages\proton\_handlers.py", line 753, in on_reactor_init
self.on_start(event)
File "C:\Users\Daemon2017\PycharmProjects\python-server\server\client.py", line 16, in on_start
ssl_domain.set_credentials(cert_file=str('./ssl/cert.pem'),
File "C:\Program Files\Python310\lib\site-packages\proton\_transport.py", line 755, in set_credentials
return self._check(pn_ssl_domain_set_credentials(self._domain,
File "C:\Program Files\Python310\lib\site-packages\proton\_transport.py", line 725, in _check
raise exc("SSL failure.")
proton._exceptions.Timeout: SSL failure.
I assumed that something was wrong with the Windows libraries and tried to run the project in Ubuntu and got a different error:
Traceback (most recent call last):
File "/home/daemon2017/python-server/server/client.py", line 43, in <module>
Container(Send("amqps://localhost:61616/Server.RQ", "Client.RQ")).run()
File "/home/daemon2017/.local/lib/python3.10/site-packages/proton/_reactor.py", line 197, in run
while self.process():
File "/home/daemon2017/.local/lib/python3.10/site-packages/proton/_reactor.py", line 260, in process
event.dispatch(handler)
File "/home/daemon2017/.local/lib/python3.10/site-packages/proton/_events.py", line 161, in dispatch
self.dispatch(h, type)
File "/home/daemon2017/.local/lib/python3.10/site-packages/proton/_events.py", line 158, in dispatch
_dispatch(handler, type.method, self)
File "/home/daemon2017/.local/lib/python3.10/site-packages/proton/_events.py", line 129, in _dispatch
m(*args)
File "/home/daemon2017/.local/lib/python3.10/site-packages/proton/_handlers.py", line 753, in on_reactor_init
self.on_start(event)
File "/home/daemon2017/python-server/server/client.py", line 15, in on_start
ssl_domain = SSLDomain(SSLDomain.MODE_CLIENT)
File "/home/daemon2017/.local/lib/python3.10/site-packages/proton/_transport.py", line 720, in __init__
raise SSLUnavailable()
proton._exceptions.SSLUnavailable
What am I doing wrong?
Versions:
-
Python 3.10.0
-
python-qpid-proton 0.38.0
答案1
得分: 0
-
我意识到我正在处理两个不同的问题:
-
Linux: QPID Proton 无法找到 SSL/SASL;
-
Windows: Windows 无法使用 Linux 的 PEM 证书。
我成功解决了这两个问题:
-
我创建了一个 bash 管道,按正确顺序为 Ubuntu 20.04.6 LTS/22.04.1 LTS 安装所有依赖项:
sudo add-apt-repository ppa:deadsnakes/ppa
sudo apt-get install python3.9 python3-pip python3.9-dev python3.9-distutils pkg-config swig libsasl2-dev libssl-dev
python3.9 -m pip install python-qpid-proton --verbose --no-cache-dir
python3.9 -c "import proton; print('%s' % 'SSL present' if proton.SSL.present() else 'SSL NOT AVAILABLE')" -
我将我的 Linux PEM 证书转换为 Windows p12 格式:
openssl pkcs12 -export -out cert.p12 -passin pass:MYPASS -passout pass:MYPASS -inkey key.pem -in cert.pem -name cert_friendlyname
openssl pkcs12 -export -out ca.p12 -in ca.pem -name ca-certificate -nokeys -passout pass:
现在它可以正常工作:
ssl_domain.set_credentials(cert_file=str('./ssl/cert.p12'),
key_file=str('cert_friendlyname'),
password=str('QWErty123'))
ssl_domain.set_trusted_ca_db(certificate_db=str('./ssl/ca.p12'))
英文:
I realized that I was dealing with two different problems:
- Linux: QPID Proton can't find SSL/SASL;
- Windows: Windows can't use Linux's PEM certs.
I managed to solve both problems:
1)I've created a bash-pipeline, that installs all dependencies for Ubuntu 20.04.6 LTS/22.04.1 LTS in a right order:
sudo add-apt-repository ppa:deadsnakes/ppa
sudo apt-get install python3.9 python3-pip python3.9-dev python3.9-distutils pkg-config swig libsasl2-dev libssl-dev
python3.9 -m pip install python-qpid-proton --verbose --no-cache-dir
python3.9 -c "import proton; print('%s' % 'SSL present' if proton.SSL.present() else 'SSL NOT AVAILBLE')"
2)I've converted my Linux PEM to Windows p12:
openssl pkcs12 -export -out cert.p12 -passin pass:MYPASS -passout pass:MYPASS -inkey key.pem -in cert.pem -name cert_friendlyname
openssl pkcs12 -export -out ca.p12 -in ca.pem -name ca-certificate -nokeys -passout pass:
And now it works fine:
ssl_domain.set_credentials(cert_file=str('./ssl/cert.p12'),
key_file=str('cert_friendlyname'),
password=str('QWErty123'))
ssl_domain.set_trusted_ca_db(certificate_db=str('./ssl/ca.p12'))
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论