Two set of certificates test well by openssl ,but one succeeds to config ssl,the other fails

0

I use ssl on rabbitmq 3.7.11 and erlang 21.3 .At the same time,i use One-way authentication the certificates only exist in rabbitmq.when i use the same app client(python2.7.5) to connect rabbitmq,one succeeds ,the other fails.I use openssl client and server to test both of certificates,both of they are ok. Anyone can tell me the differences?

this is failed certificates config

Certificate chain 0 s:/C=US/ST=Unset/O=Unset/CN=192.168.204.101 i:/C=US/ST=Unset/L=Unset/O=Unset/CN=192.168.204.101 1 s:/C=US/ST=Unset/L=Unset/O=Unset/CN=192.168.204.101 i:/C=US/ST=Unset/L=Unset/O=Unset/CN=192.168.204.101

Server certificate

-----BEGIN CERTIFICATE-----
MIIDYzCCAkugAwIBAgIBATANBgkqhkiG9w0BAQsFADBXMQswCQYDVQQGEwJVUzEO
MAwGA1UECAwFVW5zZXQxDjAMBgNVBAcMBVVuc2V0MQ4wDAYDVQQKDAVVbnNldDEY
MBYGA1UEAwwPMTkyLjE2OC4yMDQuMTAxMB4XDTE5MDQyNDA2NTAyN1oXDTI5MDQy
MTA2NTAyN1owRzELMAkGA1UEBhMCVVMxDjAMBgNVBAgMBVVuc2V0MQ4wDAYDVQQK
DAVVbnNldDEYMBYGA1UEAwwPMTkyLjE2OC4yMDQuMTAxMIIBIjANBgkqhkiG9w0B
AQEFAAOCAQ8AMIIBCgKCAQEAx5/G1p6l6n8UKI98oYgbeN0EQmcObWqOSgPaeoJA
vKEJqZ0I9krfPZQMMlsmqz5IkqSquUMU2s8xnpyLiAxQRSjoINSS2LWj866ApZqu
rRIwaBaxwoysV5MKPTrqQ7FGeUG+36ZIx6D7sr0PFnUg0j6iB+kKNfHdOcms5Y+/
q3+Sf+Mppaz3ucgh6mviovw4dzbIhGYPF+7TZ1Mr1Y3V8xtssgMa1/hrOdzezU70
5RDBT5XZR9hdo/6ateh7546EungCf+B69hu8ZTBzMLVYalZaTNPEocAn49wcLHmz
u4AqZCv685XlS8XvyLPs9JaKpIDaWEXxY0diMgPoCzC2qwIDAQABo0owSDAJBgNV
HRMEAjAAMAsGA1UdDwQEAwIF4DAuBgNVHREEJzAlggxpbnRlcm5hbF92aXCHBH8A
AAGCCWxvY2FsaG9zdIcEwKjMZTANBgkqhkiG9w0BAQsFAAOCAQEAB7br5d9LYmjB
L+u4K9v1kORzPYAN9SJp8sFLbWiQiafa6ZBEHupByA7zs4EIrnPvc//DaGOFMT+U
y5+JvWoLK5zgMsePViqUYW08d4jUvfpQQLjyNOoZCDXbrV3fB+mhmLH4exxALF2t
tYIp5bLqUxDU3AqYzNYnCQ0VleCTZfNYAM5DQ/Z1+rUsdkmE+JpnH+v0KGVYFn6Z
V2ksz6v+e3x19UeMtQqztkCdB+4WPqLff67OKuaoYl4uxx5GeNUnrxgqBrNfiryd
t+uNyiSCFyJ1982aJuL4lt1455+4SPaMftRDp8jt2YlMx7UkJ+9/+8lBqTNu5NYJ
pCSASaxyFA==

-----END CERTIFICATE-----

subject=/C=US/ST=Unset/O=Unset/CN=192.168.204.101 issuer=/C=US/ST=Unset/L=Unset/O=Unset/CN=192.168.204.101

this is successful certificates config

Certificate chain

0 s:/CN=MYguest/O=server i:/CN=MyTestCA 1 s:/CN=MyTestCA i:/CN=MyTestCA

Server certificate

-----BEGIN CERTIFICATE-----
MIIC4jCCAcqgAwIBAgIBATANBgkqhkiG9w0BAQUFADATMREwDwYDVQQDDAhNeVRl
c3RDQTAgFw0xOTA0MDMwOTE4NTFaGA8yMTE5MDMxMDA5MTg1MVowIzEQMA4GA1UE
AwwHTVlndWVzdDEPMA0GA1UECgwGc2VydmVyMIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEA6JTG55ohSdDYJ7cwxZq4aXku6UH1FRfACrK+pCTi+hlBvMBr
XNWCKnwFa3dAvjrfdFk8LcGT1YWI+knFJrzorHi3VAduxRiWzZSgZ3KumfBaiQaq
AeLNx4ulUk3T9nLGhadIs5VLnpb1z8a8xh3109UClm22HnEralnzH1zzQDocam1a
mLfM9Ro/KERilj8IHbi4grt3Lfm5hSjqnYcqfXXCRffnMram8qBPjF3eev0GTf5x
cazjzJs/87msX6nNkM/GV0705tz76q2+XORDx+dHFK4qmb4rW9mWzfLHaHjbkAg3
pvjOdpzVan0HzNE8J8qlgva0Tb1bLpUeJERnDwIDAQABoy8wLTAJBgNVHRMEAjAA
MAsGA1UdDwQEAwIFIDATBgNVHSUEDDAKBggrBgEFBQcDATANBgkqhkiG9w0BAQUF
AAOCAQEAC7lFT4FxNTPavbeYsNJ5i0a8aT4r207rGHJdNKfmKuF7XCg3/haRBY1o
v8F2WVM5BqirPrL6jn7stcK8hoLzZhYAYLndIRGPm5iLWEgK5yftTbWXh00naks+
ugzD4dMK8MCPLYly47juF/8wdyUlQN1Xhbz08ua4MXqbMQsgqFHgNcjqspX0ZRB0
unZ09V6zPFzq9rPYE2G3jixu17gHDlIH0B2BIRJNRUolFO4S/8u9fuC0MNs/oQ9h
hMp3Z0QIJ+Jaj48Cbox7mISV4SIJFS1FzftgIoCOAn0H3NqSLwAiXrXmvd/BBkEo
Qd1XwPiBo+71W7x713mTEbMPeubnEA==

-----END CERTIFICATE-----

subject=/CN=MYguest/O=server issuer=/CN=MyTestCA

this is rabbitmq error log

2019-04-25 08:38:41.826 [info] <0.566.0> TLS server: In state hello at tls_connection.erl:849 generated SERVER ALERT: Fatal - Handshake Failure - malformed_handshake_data

this is app error log

ensure connection error: SSLError(1, u'[SSL: SSLV3_ALERT_HANDSHAKE_FAILURE] sslv3 alert handshake failure (_ssl.c:579)')

Traceback (most recent call last):
  File "/usr/lib/python2.7/site-packages/kombu/connection.py", line 494, in _ensured
    return fun(*args, **kwargs)

  File "/usr/lib/python2.7/site-packages/kombu/connection.py", line 569, in __call__
    self.revive(self.connection.default_channel)

  File "/usr/lib/python2.7/site-packages/kombu/connection.py", line 819, in default_channel
    self.connection
  File "/usr/lib/python2.7/site-packages/kombu/connection.py", line 802, in connection
    self._connection = self._establish_connection()

  File "/usr/lib/python2.7/site-packages/kombu/connection.py", line 757, in _establish_connection
    conn = self.transport.establish_connection()

  File "/usr/lib/python2.7/site-packages/kombu/transport/pyamqp.py", line 130, in establish_connection
    conn.connect()

  File "/usr/lib/python2.7/site-packages/amqp/connection.py", line 295, in connect
    self.transport.connect()

  File "/usr/lib/python2.7/site-packages/amqp/transport.py", line 122, in connect
    self.socket_settings, self.read_timeout, self.write_timeout,

  File "/usr/lib/python2.7/site-packages/amqp/transport.py", line 184, in _init_socket
    self._setup_transport()

  File "/usr/lib/python2.7/site-packages/amqp/transport.py", line 289, in _setup_transport
    self.sock = self._wrap_socket(self.sock, **self.sslopts or {})

  File "/usr/lib/python2.7/site-packages/amqp/transport.py", line 296, in _wrap_socket
    return ssl.wrap_socket(sock, **sslopts)

  File "/usr/lib64/python2.7/ssl.py", line 936, in wrap_socket
    ciphers=ciphers)

  File "/usr/lib64/python2.7/ssl.py", line 611, in __init__
    self.do_handshake()

  File "/usr/lib64/python2.7/ssl.py", line 833, in do_handshake
    self._sslobj.do_handshake()

SSLError: [SSL: SSLV3_ALERT_HANDSHAKE_FAILURE] sslv3 alert handshake failure (_ssl.c:579)

user10313671

Posted 2019-04-25T07:17:32.803

Reputation: 1

What do you mean by "failed"? More details would help you get an answer. – garethTheRed – 2019-04-25T10:07:23.387

Answers

0

It seems erlang's problem.when i take out all of the EC ciphers from the rabbitmq configuration. then it works

enter link description here

user10313671

Posted 2019-04-25T07:17:32.803

Reputation: 1

Asked: 2019-04-25T07:17:32.803

Viewed: 175 times

Active: 2019-04-29T01:30:13.720