Python http SSL webserver using self-signed certificate: OPENSSL_internal:WRONG_VERSION_NUMBER

huangapple go评论89阅读模式
英文:

Python http SSL webserver using self-signed certificate: OPENSSL_internal:WRONG_VERSION_NUMBER

问题

我正在尝试使用这个库来提供模拟的BMC Redfish服务器。它实际上是一个Python http服务器。我遇到了一个证书错误,但我不确定是因为我的证书还是因为这个库。顺便说一下:使用提供的Docker镜像并在本地用Python运行它会导致相同的错误。

我使用以下参数启动它:

python redfishMockupServer.py -D C:\mock-location  --cert C:\cert.pem --key C:\key.pem -p 443

但它在GET https://localhost时因某种证书问题而失败:

Redfish Mockup Server, version 1.2.3
Hostname: 127.0.0.1
Port: 443
Mockup directory path specified: C:\mock-location
Response time: 0 seconds
Serving Mockup in absolute path: C:\mock-location
Serving Redfish mockup on port: 443
running Server...
127.0.0.1 - - [15/Jun/2023 21:34:57] code 400, message Bad request version ('À\\x13À')
127.0.0.1 - - [15/Jun/2023 21:34:57] "\x16\x03\x01\x00÷\x01\x00\x00ó\x03\x03\x82\x8d¡\xfd\xd9\x01Uå}5éÊ4ã±2.x°!y\x8a\x0cTU¹fG½±B ,\x10\x8d\x93]^\x1b\x02P\x08º\x04¹ëÇ4¬+èÁ¡=&ÞXyõÈ\x88§Õ\x12¨\x00$\x13\x01\x13\x02\x13\x03À/À+À0À,̨̩À\x09À\x13À"" 400 -

Postman错误:

Error: write EPROTO 66780680:error:100000f7:SSL routines:OPENSSL_internal:WRONG_VERSION_NUMBER:../../../../src/third_party/boringssl/src/ssl/tls_record.cc:242:

这是我生成的自签名证书的方法:

openssl req -new -x509 -keyout cert.pem -out cert.pem -days 365 -nodes

cert.pem

-----BEGIN CERTIFICATE-----
MIIDazCCAlOgAwIBAgIUXoAL1PDRuv7F/mVBnYfEewU8tHMwDQYJKoZIhvcNAQEL
BQAwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoM
GEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDAeFw0yMzA2MTUyMzMxMjFaFw0yNDA2
MTQyMzMxMjFaMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEw
HwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwggEiMA0GCSqGSIb3DQEB
AQUAA4IBDwAwggEKAoIBAQCaIDQTlFbOIbddI7pAiKRxb++kx2hKcG3GLFRlc0D/
sZR2HRBpjqkKdMH8VRiHOahthyMT1bEFXY8k2v2qwQe7nkZ2Ti82hJ0hZFtvCyzb
UV/NcOXf/Vz3nP7qcyrrtXkcYD4lMgAFUjmeiuhxajLJyAkYXXUmjfjX593y5QGR
bipZXBW9tvfU+Aoe2JgGn+QXrHK2e0mucKyKpeUU7GFOudcR+sSQXUF/6vd09uzH
tp5i59EsWEdIvoeLilj48wgMz3eV7AhNc6qiZ5zXxTXGm3zNnamWxxKoxHN3wzsS
nWT/fzmDwdqv27hlgAO90Sw+BQSLQFjNEx+UhoWb79htAgMBAAGjUzBRMB0GA1Ud
DgQWBBSdadBQZD6yaIyeebnZE3UhBmCIRzAfBgNVHSMEGDAWgBSdadBQZD6yaIye
ebnZE3UhBmCIRzAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQB+
L1ccj/uVpoQVdBBl8n8xKT/sobjW/j+L98lxEhiBbhqkkA73HRLs9VEnCd2k5/km
qx0I8uyjJ8iaGN1iYkP0MWlJCrXpCrmqu/GieKdS1ne3/G0Ml1lv6YvvlG843eeO
25xIXqi+0m021qTdfXK/Fbr8xG4gAqX8RGpAu+5StszwMAERe/JHHV7vjkQvxM/5
MDHEAmK7lRsEpcip6lw2dT05bom0KjemDM0b0pVdBH4Tsg/NiWheuANzz7mRfSnO
D2oSKdERdnvTu6tGxQVqQWwWF14RQmF3UdmhmyPVtnIKfgLQWBOQsV9XY9Fe3nQn
kK/lA3hHv5d3ByFTRCwb
-----END CERTIFICATE-----

key.pem

-----BEGIN PRIVATE KEY-----
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCaIDQTlFbOIbdd
I7pAiKRxb++kx2hKcG3GLFRlc0D/sZR2HRBpjqkKdMH8

<details>
<summary>英文:</summary>

I am trying to use [this library](https://github.com/DMTF/Redfish-Mockup-Server.git) that serves mock BMC Redfish server. It&#39;s [basically a Python http server](https://github.com/DMTF/Redfish-Mockup-Server/blob/main/redfishMockupServer.py#L845). I am getting a certificate error but I am not sure if it&#39;s because of my certificate OR this library. BTW: using provided Docker image and running it locally with Python results in the same error.

I start it up with these parameters:

python redfishMockupServer.py -D C:\mock-location --cert C:\cert.pem --key C:\key.pem -p 443


But it fails on `GET https://localhost` because of some sort of certificate issue:


    Redfish Mockup Server, version 1.2.3
    Hostname: 127.0.0.1
    Port: 443
    Mockup directory path specified: C:\mock-location
    Response time: 0 seconds
    Serving Mockup in absolute path: C:\mock-location
    Serving Redfish mockup on port: 443
    running Server...
    127.0.0.1 - - [15/Jun/2023 21:34:57] code 400, message Bad request version (&#39;&#192;\\x13&#192;&#39;)
    127.0.0.1 - - [15/Jun/2023 21:34:57] &quot;\x16\x03\x01\x00&#247;\x01\x00\x00&#243;\x03\x03\x82\x8d&#161;&#253;&#217;\x01U&#229;}5&#233;&#202;4&#227;&#181;2.x_&#176;!y\x8a\x0cTU&#179;fG&#189;&#177;B ,\x10\x8d\x93]^\x1b\x02P\x08&#188;\x04&#179;&#235;&#199;4&#172;+&#232;&#195;&#161;=&#222;Xy&#245;&#200;\x88&#167;&#213;\x12&#168;\x00$\x13\x01\x13\x02\x13\x03&#192;/&#192;+&#192;0&#192;,&#204;&#169;&#204;&#168;&#192;\x09&#192;\x13&#192;&quot; 400 -

Postman error:

Error: write EPROTO 66780680:error:100000f7:SSL routines:OPENSSL_internal:WRONG_VERSION_NUMBER:../../../../src/third_party/boringssl/src/ssl/tls_record.cc:242:


[![enter image description here][1]][1]

[![enter image description here][2]][2]

This is how I generate my self-signed certificate:

openssl req -new -x509 -keyout cert.pem -out cert.pem -days 365 -nodes


cert.pem

-----BEGIN CERTIFICATE-----
MIIDazCCAlOgAwIBAgIUXoAL1PDRuv7F/mVBnYfEewU8tHMwDQYJKoZIhvcNAQEL
BQAwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoM
GEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDAeFw0yMzA2MTUyMzMxMjFaFw0yNDA2
MTQyMzMxMjFaMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEw
HwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwggEiMA0GCSqGSIb3DQEB
AQUAA4IBDwAwggEKAoIBAQCaIDQTlFbOIbddI7pAiKRxb++kx2hKcG3GLFRlc0D/
sZR2HRBpjqkKdMH8VRiHOahthyMT1bEFXY8k2v2qwQe7nkZ2Ti82hJ0hZFtvCyzb
UV/NcOXf/Vz3nP7qcyrrtXkcYD4lMgAFUjmeiuhxajLJyAkYXXUmjfjX593y5QGR
bipZXBW9tvfU+Aoe2JgGn+QXrHK2e0mucKyKpeUU7GFOudcR+sSQXUF/6vd09uzH
tp5i59EsWEdIvoeLilj48wgMz3eV7AhNc6qiZ5zXxTXGm3zNnamWxxKoxHN3wzsS
nWT/fzmDwdqv27hlgAO90Sw+BQSLQFjNEx+UhoWb79htAgMBAAGjUzBRMB0GA1Ud
DgQWBBSdadBQZD6yaIyeebnZE3UhBmCIRzAfBgNVHSMEGDAWgBSdadBQZD6yaIye
ebnZE3UhBmCIRzAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQB+
L1ccj/uVpoQVdBBl8n8xKT/sobjW/j+L98lxEhiBbhqkkA73HRLs9VEnCd2k5/km
qx0I8uyjJ8iaGN1iYkP0MWlJCrXpCrmqu/GieKdS1ne3/G0Ml1lv6YvvlG843eeO
25xIXqi+0m021qTdfXK/Fbr8xG4gAqX8RGpAu+5StszwMAERe/JHHV7vjkQvxM/5
MDHEAmK7lRsEpcip6lw2dT05bom0KjemDM0b0pVdBH4Tsg/NiWheuANzz7mRfSnO
D2oSKdERdnvTu6tGxQVqQWwWF14RQmF3UdmhmyPVtnIKfgLQWBOQsV9XY9Fe3nQn
kK/lA3hHv5d3ByFTRCwb
-----END CERTIFICATE-----


key.pem

-----BEGIN PRIVATE KEY-----
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCaIDQTlFbOIbdd
I7pAiKRxb++kx2hKcG3GLFRlc0D/sZR2HRBpjqkKdMH8VRiHOahthyMT1bEFXY8k
2v2qwQe7nkZ2Ti82hJ0hZFtvCyzbUV/NcOXf/Vz3nP7qcyrrtXkcYD4lMgAFUjme
iuhxajLJyAkYXXUmjfjX593y5QGRbipZXBW9tvfU+Aoe2JgGn+QXrHK2e0mucKyK
peUU7GFOudcR+sSQXUF/6vd09uzHtp5i59EsWEdIvoeLilj48wgMz3eV7AhNc6qi
Z5zXxTXGm3zNnamWxxKoxHN3wzsSnWT/fzmDwdqv27hlgAO90Sw+BQSLQFjNEx+U
hoWb79htAgMBAAECggEBAJDdWfVZRSnkePO7ZBHKHT5eJtIrd3QYLqXI/t6IMPzk
TZWjBc0hgPNKARcKaM6ZPB0OmsLG5OcVJDlQ+IKpgnovby09mZTVmtdK+8HosBXI
a5Ku3fHls58tWlDFRP9dh+NK9r6BO5HE0lGZYJdRaUFNmnbjSPyfDtjooC3wX8Pv
YaAcRvnqVmxKcTFLj23g+VAeYl/eIsTD8re3pF16Dh4roodMSIBYj/Az25py8ob1
gEFrFejXJRusb+KzJQqwWBiKJWpvc2u1jXtRJAjlzibe1r9HT3znw+Pvu4I0pOSy
QlSeP5AksgK0pAlh9pRGxf51npdxw0y0x/er57l5zuUCgYEAzIMve5L5++QrOsAn
3g6VB/b6ve/aC1QLMMcWjNneH4yBF/zrul8DdEcKmd3DoisDfIXqaejffHEdFmM0
AeoJIUxFbi55cpCibED9a9DDAimUj+jmPzyAoP9wH5K6uMLK/KUDOE1EhfxfI2VR
/rGQGtBmhXgyy8oLsYPG000hUo8CgYEAwO2Z/EZWGVdRkZGDlgj68SKtg9OXC+WH
eg+2HFOuj3Tn9w3qX3+hmzcOlqRG10k0BMfPVn+5Wbo6vSKn8DVc0T/5nnY1v0NE
/1tOo/ivD/lAPKpopkA6oSxN9YF/nwcZ46KKlTppY+GJHPlFy7yiPZAhpO88XkSy
PUCay2ZPc0MCgYEAqeYuEz4mGWITm8o5FJwOqUBATHyvKwwWA97RWBBDHPiP4orG
lt0KNJY0M2FtfhK34cIq3POOfoZGAOxHL3PrQ9NmNsO7Nzb7CG3xWpli+C/s8KUu
ashrn9S1pDU0k/uXwM2hYCuoypq/utsYhDulGPGayjTyFiTzE/UCv1XrYfcCgYAS
v8SEOM2rPsoljG+uSAcjIgyc0BZQyKim2xoGnLdNJ75XSxno1/17mRko2KQtzeZp
RIXI0TbRGoEU2mZZuMXhbAc1OCW3BbGR42y8ELHqqn1sp97tsTZBbY3R+xjM+qKw
dZ5kLD4Lv+JUV4FJ8HYP547teXZzbtenjjy84Z99AwKBgAp7FYzfzQJQ1uBqRCC0
KfoA++J7Z3RshXsSF5JpCKssAHLKmGI9bjUgUoifnzpK7om2EkhXJQezQf/AE77k
PC4EBjASCsajoVtoKz8B9x6nAy7APgQKAYrARcyXcuOtngGS5CJkLDMGcrDR+U+w
FoZHTPq4CiUmOxE39Pw98JY9
-----END PRIVATE KEY-----


I created a [GitHub issue](https://github.com/DMTF/Redfish-Mockup-Server/issues/96) with more details.


  [1]: https://i.stack.imgur.com/fsQoB.png
  [2]: https://i.stack.imgur.com/6vypV.png

</details>


# 答案1
**得分**: 1

&gt; OPENSSL_internal:WRONG_VERSION_NUMBER ... I am getting a certificate error
这是关于TLS握手的错误,但与证书验证无关。这是在更早的阶段发生的。

&gt; 127.0.0.1 - - [15/Jun/2023 21:34:57] code 400, message Bad request version ('À\x13À')
&gt; 127.0.0.1 - - [15/Jun/2023 21:34:57] "\x16\x03\x01\x00÷\x01\x00\x00ó\x03\x03\x82\x8d¡ýÙ\x01Uå}5éÊ4ç±2.x°!y\x8a\x0cTU¹fG±B,\x8d\x93]^\x1b\x02P\x08º\x04¹ëÇ4¬+èÁ¡=ÞXyõȈ§Õ¨$À/À+À0À,̨̩À	ÀÀ" 400 -

这显示了客户端开始的TLS握手,被解释为普通HTTP。看起来你的服务器收到了HTTPS请求,但只期望普通HTTP。

&gt; python redfishMockupServer.py -D C:\mock-location --cert C:\cert.pem --key C:\key.pem -p 443
根据你提供的代码,服务器期望在命令行上使用 `-s|-ssl` 参数来执行HTTPS。如果没有这个参数,它将只执行普通HTTP,并简单地忽略提供的证书和密钥。

<details>
<summary>英文:</summary>

&gt;  OPENSSL_internal:WRONG_VERSION_NUMBER ... I am getting a certificate error

This is an error about the TLS handshake, but nothing about certificate validation. It comes earlier.

&gt;     127.0.0.1 - - [15/Jun/2023 21:34:57] code 400, message Bad request version (&#39;&#192;\\x13&#192;&#39;)
&gt;     127.0.0.1 - - [15/Jun/2023 21:34:57] &quot;\x16\x03\x01\x00&#247;\x01\x00\x00&#243;\x03\x03\x82\x8d&#161;&#253;&#217;\x01U&#229;}5&#233;&#202;4&#227;&#181;2.x_&#176;!y\x8a\x0cTU&#179;fG&#189;&#177;B,\x10\x8d\x93]^\x1b\x02P\x08&#188;\x04&#179;&#235;&#199;4&#172;+&#232;&#195;&#161;=&#222;Xy&#245;&#200;\x88&#167;&#213;\x12&#168;\x00$\x13\x01\x13\x02\x13\x03&#192;/&#192;+&#192;0&#192;,&#204;&#169;&#204;&#168;&#192;\x09&#192;\x13&#192;&quot; 400 -

This shows the beginning of a TLS handshake from the client interpreted as plain HTTP. Looks like your server gets HTTPS but only expects plain HTTP.

&gt;     python redfishMockupServer.py -D C:\mock-location  --cert C:\cert.pem --key C:\key.pem -p 443

Based on the code you linked to the server expects a `-s|-ssl` argument on the command line in order to actually do HTTPS. Without this it will only do plain HTTP and will simply ignore the given certificate and key.


</details>



huangapple
  • 本文由 发表于 2023年6月16日 10:43:52
  • 转载请务必保留本文链接:https://go.coder-hub.com/76486653.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定