英文:
Python http SSL webserver using self-signed certificate: OPENSSL_internal:WRONG_VERSION_NUMBER
问题
我正在尝试使用这个库来提供模拟的BMC Redfish服务器。它实际上是一个Python http服务器。我遇到了一个证书错误,但我不确定是因为我的证书还是因为这个库。顺便说一下:使用提供的Docker镜像并在本地用Python运行它会导致相同的错误。
我使用以下参数启动它:
python redfishMockupServer.py -D C:\mock-location --cert C:\cert.pem --key C:\key.pem -p 443
但它在GET https://localhost时因某种证书问题而失败:
Redfish Mockup Server, version 1.2.3
Hostname: 127.0.0.1
Port: 443
Mockup directory path specified: C:\mock-location
Response time: 0 seconds
Serving Mockup in absolute path: C:\mock-location
Serving Redfish mockup on port: 443
running Server...
127.0.0.1 - - [15/Jun/2023 21:34:57] code 400, message Bad request version ('À\\x13À')
127.0.0.1 - - [15/Jun/2023 21:34:57] "\x16\x03\x01\x00÷\x01\x00\x00ó\x03\x03\x82\x8d¡\xfd\xd9\x01Uå}5éÊ4ã±2.x°!y\x8a\x0cTU¹fG½±B ,\x10\x8d\x93]^\x1b\x02P\x08º\x04¹ëÇ4¬+èÁ¡=&ÞXyõÈ\x88§Õ\x12¨\x00$\x13\x01\x13\x02\x13\x03À/À+À0À,̨̩À\x09À\x13À"" 400 -
Postman错误:
Error: write EPROTO 66780680:error:100000f7:SSL routines:OPENSSL_internal:WRONG_VERSION_NUMBER:../../../../src/third_party/boringssl/src/ssl/tls_record.cc:242:
这是我生成的自签名证书的方法:
openssl req -new -x509 -keyout cert.pem -out cert.pem -days 365 -nodes
cert.pem
-----BEGIN CERTIFICATE-----
MIIDazCCAlOgAwIBAgIUXoAL1PDRuv7F/mVBnYfEewU8tHMwDQYJKoZIhvcNAQEL
BQAwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoM
GEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDAeFw0yMzA2MTUyMzMxMjFaFw0yNDA2
MTQyMzMxMjFaMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEw
HwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwggEiMA0GCSqGSIb3DQEB
AQUAA4IBDwAwggEKAoIBAQCaIDQTlFbOIbddI7pAiKRxb++kx2hKcG3GLFRlc0D/
sZR2HRBpjqkKdMH8VRiHOahthyMT1bEFXY8k2v2qwQe7nkZ2Ti82hJ0hZFtvCyzb
UV/NcOXf/Vz3nP7qcyrrtXkcYD4lMgAFUjmeiuhxajLJyAkYXXUmjfjX593y5QGR
bipZXBW9tvfU+Aoe2JgGn+QXrHK2e0mucKyKpeUU7GFOudcR+sSQXUF/6vd09uzH
tp5i59EsWEdIvoeLilj48wgMz3eV7AhNc6qiZ5zXxTXGm3zNnamWxxKoxHN3wzsS
nWT/fzmDwdqv27hlgAO90Sw+BQSLQFjNEx+UhoWb79htAgMBAAGjUzBRMB0GA1Ud
DgQWBBSdadBQZD6yaIyeebnZE3UhBmCIRzAfBgNVHSMEGDAWgBSdadBQZD6yaIye
ebnZE3UhBmCIRzAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQB+
L1ccj/uVpoQVdBBl8n8xKT/sobjW/j+L98lxEhiBbhqkkA73HRLs9VEnCd2k5/km
qx0I8uyjJ8iaGN1iYkP0MWlJCrXpCrmqu/GieKdS1ne3/G0Ml1lv6YvvlG843eeO
25xIXqi+0m021qTdfXK/Fbr8xG4gAqX8RGpAu+5StszwMAERe/JHHV7vjkQvxM/5
MDHEAmK7lRsEpcip6lw2dT05bom0KjemDM0b0pVdBH4Tsg/NiWheuANzz7mRfSnO
D2oSKdERdnvTu6tGxQVqQWwWF14RQmF3UdmhmyPVtnIKfgLQWBOQsV9XY9Fe3nQn
kK/lA3hHv5d3ByFTRCwb
-----END CERTIFICATE-----
key.pem
-----BEGIN PRIVATE KEY-----
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCaIDQTlFbOIbdd
I7pAiKRxb++kx2hKcG3GLFRlc0D/sZR2HRBpjqkKdMH8
<details>
<summary>英文:</summary>
I am trying to use [this library](https://github.com/DMTF/Redfish-Mockup-Server.git) that serves mock BMC Redfish server. It's [basically a Python http server](https://github.com/DMTF/Redfish-Mockup-Server/blob/main/redfishMockupServer.py#L845). I am getting a certificate error but I am not sure if it's because of my certificate OR this library. BTW: using provided Docker image and running it locally with Python results in the same error.
I start it up with these parameters:
python redfishMockupServer.py -D C:\mock-location --cert C:\cert.pem --key C:\key.pem -p 443
But it fails on `GET https://localhost` because of some sort of certificate issue:
Redfish Mockup Server, version 1.2.3
Hostname: 127.0.0.1
Port: 443
Mockup directory path specified: C:\mock-location
Response time: 0 seconds
Serving Mockup in absolute path: C:\mock-location
Serving Redfish mockup on port: 443
running Server...
127.0.0.1 - - [15/Jun/2023 21:34:57] code 400, message Bad request version ('À\\x13À')
127.0.0.1 - - [15/Jun/2023 21:34:57] "\x16\x03\x01\x00÷\x01\x00\x00ó\x03\x03\x82\x8d¡ýÙ\x01Uå}5éÊ4ãµ2.x_°!y\x8a\x0cTU³fG½±B ,\x10\x8d\x93]^\x1b\x02P\x08¼\x04³ëÇ4¬+èá=ÞXyõÈ\x88§Õ\x12¨\x00$\x13\x01\x13\x02\x13\x03À/À+À0À,̨̩À\x09À\x13À" 400 -
Postman error:
Error: write EPROTO 66780680:error:100000f7:SSL routines:OPENSSL_internal:WRONG_VERSION_NUMBER:../../../../src/third_party/boringssl/src/ssl/tls_record.cc:242:
[![enter image description here][1]][1]
[![enter image description here][2]][2]
This is how I generate my self-signed certificate:
openssl req -new -x509 -keyout cert.pem -out cert.pem -days 365 -nodes
cert.pem
-----BEGIN CERTIFICATE-----
MIIDazCCAlOgAwIBAgIUXoAL1PDRuv7F/mVBnYfEewU8tHMwDQYJKoZIhvcNAQEL
BQAwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoM
GEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDAeFw0yMzA2MTUyMzMxMjFaFw0yNDA2
MTQyMzMxMjFaMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEw
HwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwggEiMA0GCSqGSIb3DQEB
AQUAA4IBDwAwggEKAoIBAQCaIDQTlFbOIbddI7pAiKRxb++kx2hKcG3GLFRlc0D/
sZR2HRBpjqkKdMH8VRiHOahthyMT1bEFXY8k2v2qwQe7nkZ2Ti82hJ0hZFtvCyzb
UV/NcOXf/Vz3nP7qcyrrtXkcYD4lMgAFUjmeiuhxajLJyAkYXXUmjfjX593y5QGR
bipZXBW9tvfU+Aoe2JgGn+QXrHK2e0mucKyKpeUU7GFOudcR+sSQXUF/6vd09uzH
tp5i59EsWEdIvoeLilj48wgMz3eV7AhNc6qiZ5zXxTXGm3zNnamWxxKoxHN3wzsS
nWT/fzmDwdqv27hlgAO90Sw+BQSLQFjNEx+UhoWb79htAgMBAAGjUzBRMB0GA1Ud
DgQWBBSdadBQZD6yaIyeebnZE3UhBmCIRzAfBgNVHSMEGDAWgBSdadBQZD6yaIye
ebnZE3UhBmCIRzAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQB+
L1ccj/uVpoQVdBBl8n8xKT/sobjW/j+L98lxEhiBbhqkkA73HRLs9VEnCd2k5/km
qx0I8uyjJ8iaGN1iYkP0MWlJCrXpCrmqu/GieKdS1ne3/G0Ml1lv6YvvlG843eeO
25xIXqi+0m021qTdfXK/Fbr8xG4gAqX8RGpAu+5StszwMAERe/JHHV7vjkQvxM/5
MDHEAmK7lRsEpcip6lw2dT05bom0KjemDM0b0pVdBH4Tsg/NiWheuANzz7mRfSnO
D2oSKdERdnvTu6tGxQVqQWwWF14RQmF3UdmhmyPVtnIKfgLQWBOQsV9XY9Fe3nQn
kK/lA3hHv5d3ByFTRCwb
-----END CERTIFICATE-----
key.pem
-----BEGIN PRIVATE KEY-----
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCaIDQTlFbOIbdd
I7pAiKRxb++kx2hKcG3GLFRlc0D/sZR2HRBpjqkKdMH8VRiHOahthyMT1bEFXY8k
2v2qwQe7nkZ2Ti82hJ0hZFtvCyzbUV/NcOXf/Vz3nP7qcyrrtXkcYD4lMgAFUjme
iuhxajLJyAkYXXUmjfjX593y5QGRbipZXBW9tvfU+Aoe2JgGn+QXrHK2e0mucKyK
peUU7GFOudcR+sSQXUF/6vd09uzHtp5i59EsWEdIvoeLilj48wgMz3eV7AhNc6qi
Z5zXxTXGm3zNnamWxxKoxHN3wzsSnWT/fzmDwdqv27hlgAO90Sw+BQSLQFjNEx+U
hoWb79htAgMBAAECggEBAJDdWfVZRSnkePO7ZBHKHT5eJtIrd3QYLqXI/t6IMPzk
TZWjBc0hgPNKARcKaM6ZPB0OmsLG5OcVJDlQ+IKpgnovby09mZTVmtdK+8HosBXI
a5Ku3fHls58tWlDFRP9dh+NK9r6BO5HE0lGZYJdRaUFNmnbjSPyfDtjooC3wX8Pv
YaAcRvnqVmxKcTFLj23g+VAeYl/eIsTD8re3pF16Dh4roodMSIBYj/Az25py8ob1
gEFrFejXJRusb+KzJQqwWBiKJWpvc2u1jXtRJAjlzibe1r9HT3znw+Pvu4I0pOSy
QlSeP5AksgK0pAlh9pRGxf51npdxw0y0x/er57l5zuUCgYEAzIMve5L5++QrOsAn
3g6VB/b6ve/aC1QLMMcWjNneH4yBF/zrul8DdEcKmd3DoisDfIXqaejffHEdFmM0
AeoJIUxFbi55cpCibED9a9DDAimUj+jmPzyAoP9wH5K6uMLK/KUDOE1EhfxfI2VR
/rGQGtBmhXgyy8oLsYPG000hUo8CgYEAwO2Z/EZWGVdRkZGDlgj68SKtg9OXC+WH
eg+2HFOuj3Tn9w3qX3+hmzcOlqRG10k0BMfPVn+5Wbo6vSKn8DVc0T/5nnY1v0NE
/1tOo/ivD/lAPKpopkA6oSxN9YF/nwcZ46KKlTppY+GJHPlFy7yiPZAhpO88XkSy
PUCay2ZPc0MCgYEAqeYuEz4mGWITm8o5FJwOqUBATHyvKwwWA97RWBBDHPiP4orG
lt0KNJY0M2FtfhK34cIq3POOfoZGAOxHL3PrQ9NmNsO7Nzb7CG3xWpli+C/s8KUu
ashrn9S1pDU0k/uXwM2hYCuoypq/utsYhDulGPGayjTyFiTzE/UCv1XrYfcCgYAS
v8SEOM2rPsoljG+uSAcjIgyc0BZQyKim2xoGnLdNJ75XSxno1/17mRko2KQtzeZp
RIXI0TbRGoEU2mZZuMXhbAc1OCW3BbGR42y8ELHqqn1sp97tsTZBbY3R+xjM+qKw
dZ5kLD4Lv+JUV4FJ8HYP547teXZzbtenjjy84Z99AwKBgAp7FYzfzQJQ1uBqRCC0
KfoA++J7Z3RshXsSF5JpCKssAHLKmGI9bjUgUoifnzpK7om2EkhXJQezQf/AE77k
PC4EBjASCsajoVtoKz8B9x6nAy7APgQKAYrARcyXcuOtngGS5CJkLDMGcrDR+U+w
FoZHTPq4CiUmOxE39Pw98JY9
-----END PRIVATE KEY-----
I created a [GitHub issue](https://github.com/DMTF/Redfish-Mockup-Server/issues/96) with more details.
[1]: https://i.stack.imgur.com/fsQoB.png
[2]: https://i.stack.imgur.com/6vypV.png
</details>
# 答案1
**得分**: 1
> OPENSSL_internal:WRONG_VERSION_NUMBER ... I am getting a certificate error
这是关于TLS握手的错误,但与证书验证无关。这是在更早的阶段发生的。
> 127.0.0.1 - - [15/Jun/2023 21:34:57] code 400, message Bad request version ('À\x13À')
> 127.0.0.1 - - [15/Jun/2023 21:34:57] "\x16\x03\x01\x00÷\x01\x00\x00ó\x03\x03\x82\x8d¡ýÙ\x01Uå}5éÊ4ç±2.x°!y\x8a\x0cTU¹fG±B,\x8d\x93]^\x1b\x02P\x08º\x04¹ëÇ4¬+èÁ¡=ÞXyõȧը�$À/À+À0À,̨̩À ÀÀ" 400 -
这显示了客户端开始的TLS握手,被解释为普通HTTP。看起来你的服务器收到了HTTPS请求,但只期望普通HTTP。
> python redfishMockupServer.py -D C:\mock-location --cert C:\cert.pem --key C:\key.pem -p 443
根据你提供的代码,服务器期望在命令行上使用 `-s|-ssl` 参数来执行HTTPS。如果没有这个参数,它将只执行普通HTTP,并简单地忽略提供的证书和密钥。
<details>
<summary>英文:</summary>
> OPENSSL_internal:WRONG_VERSION_NUMBER ... I am getting a certificate error
This is an error about the TLS handshake, but nothing about certificate validation. It comes earlier.
> 127.0.0.1 - - [15/Jun/2023 21:34:57] code 400, message Bad request version ('À\\x13À')
> 127.0.0.1 - - [15/Jun/2023 21:34:57] "\x16\x03\x01\x00÷\x01\x00\x00ó\x03\x03\x82\x8d¡ýÙ\x01Uå}5éÊ4ãµ2.x_°!y\x8a\x0cTU³fG½±B,\x10\x8d\x93]^\x1b\x02P\x08¼\x04³ëÇ4¬+èá=ÞXyõÈ\x88§Õ\x12¨\x00$\x13\x01\x13\x02\x13\x03À/À+À0À,̨̩À\x09À\x13À" 400 -
This shows the beginning of a TLS handshake from the client interpreted as plain HTTP. Looks like your server gets HTTPS but only expects plain HTTP.
> python redfishMockupServer.py -D C:\mock-location --cert C:\cert.pem --key C:\key.pem -p 443
Based on the code you linked to the server expects a `-s|-ssl` argument on the command line in order to actually do HTTPS. Without this it will only do plain HTTP and will simply ignore the given certificate and key.
</details>
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论