Openssl 使用Python连接到Crossbar服务器时出现tlsv1警报未知ca错误
我一直在尝试使用Autobahn(Python)和Crossbar制作一个简单的基于WAMP RPC的应用程序。当我尝试使用不安全的WebSocket连接时,脚本会连接,并且一切正常,但我无法找出使用SSL证书连接时的错误 CrossbarOpenssl 使用Python连接到Crossbar服务器时出现tlsv1警报未知ca错误,openssl,ssl-certificate,twisted,autobahn,crossbar,Openssl,Ssl Certificate,Twisted,Autobahn,Crossbar,我一直在尝试使用Autobahn(Python)和Crossbar制作一个简单的基于WAMP RPC的应用程序。当我尝试使用不安全的WebSocket连接时,脚本会连接,并且一切正常,但我无法找出使用SSL证书连接时的错误 Crossbarconfig.json:- { "$schema": "https://raw.githubusercontent.com/crossbario/crossbar/master/crossbar.json"
config.json
:-
{
"$schema": "https://raw.githubusercontent.com/crossbario/crossbar/master/crossbar.json",
"version": 2,
"controller": {
},
"workers": [
{
"type": "router",
"realms": [
{
"name": "name_1",
"roles": [
{
"name": "anonymous",
"permissions": [
{
"uri": "",
"match": "prefix",
"allow": {
"call": true,
"register": true,
"publish": true,
"subscribe": true
},
"disclose": {
"caller": false,
"publisher": false
},
"cache": false
}
]
}
]
}
],
"transports": [
{
"type": "websocket",
"endpoint": {
"type": "tcp",
"port": 8080,
"tls": {
"key": "path/to/letsencrypt/keys/privkey.pem",
"certificate": "path/to/letsencrypt/keys/cert.pem",
"chain_certificates": ["path/to/letsencrypt/keys/chain.pem"],
"ca_certificates": [
"isrgrootx1.pem",
"letsencryptauthorityx1.pem",
"letsencryptauthorityx2.pem"
],
"ciphers": "ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AES:RSA+3DES:!ADH:!AECDH:!MD5:!DSS"
}
},
"url": "wss://[domain]",
"serializers": ["json"],
"auth": {
"ticket": {
"type": "static",
"principals": {
"user_1": {
"ticket": "ticket_1",
"role": "anonymous"
}
}
}
},
"options": {
"allowed_origins": ["*"],
"allow_null_origin": true,
"enable_webstatus": true,
"max_frame_size": 1048576,
"max_message_size": 1048576,
"auto_fragment_size": 65536,
"fail_by_drop": true,
"open_handshake_timeout": 2500,
"close_handshake_timeout": 1000,
"auto_ping_interval": 10000,
"auto_ping_timeout": 5000,
"auto_ping_size": 4,
"compression": {
"deflate": {
"request_no_context_takeover": false,
"request_max_window_bits": 13,
"no_context_takeover": false,
"max_window_bits": 13,
"memory_level": 5
}
}
}
},
{
"type": "websocket",
"endpoint": {
"type": "tcp",
"port": 8081
},
"url": "ws://[domain]",
"serializers": ["json"],
"options": {
"allowed_origins": ["*"],
"allow_null_origin": true,
"enable_webstatus": false,
"max_frame_size": 1048576,
"max_message_size": 1048576,
"auto_fragment_size": 65536,
"fail_by_drop": true,
"open_handshake_timeout": 2500,
"close_handshake_timeout": 1000,
"auto_ping_interval": 10000,
"auto_ping_timeout": 5000,
"auto_ping_size": 4,
"compression": {
"deflate": {
"request_no_context_takeover": false,
"request_max_window_bits": 13,
"no_context_takeover": false,
"max_window_bits": 13,
"memory_level": 5
}
}
}
}
]
}
]
}
Python脚本:-
import os, sys
from twisted.internet import reactor
from twisted.internet.defer import inlineCallbacks
from autobahn.twisted.wamp import ApplicationSession, ApplicationRunner
from autobahn.wamp.types import PublishOptions
PRINCIPAL = "user_1"
PRINCIPAL_TICKET = "ticket_1"
class ClientSession(ApplicationSession):
def onConnect(self):
print("Client session connected. Starting WAMP-Ticket authentication on realm '{}' as principal '{}' ..".format(self.config.realm, PRINCIPAL))
self.join(self.config.realm, ["ticket"], PRINCIPAL)
def onChallenge(self, challenge):
if challenge.method == "ticket":
print("WAMP-Ticket challenge received: {}".format(challenge))
return PRINCIPAL_TICKET
else:
raise Exception("Invalid authmethod {}".format(challenge.method))
@inlineCallbacks
def onJoin(self, details):
print("Client session joined: {}".format(details))
print("\nHooray! We've been successfully authenticated with WAMP-Ticket using static configuration!\n")
## call a procedure we are allowed to call (so this should succeed)
##
try:
res = yield self.call('com.example.add2', 2, 3)
print("call result: {}".format(res))
except Exception as e:
print("call error: {}".format(e))
## (try to) register a procedure where we are not allowed to (so this should fail)
##
try:
reg = yield self.register(lambda x, y: x * y, 'com.example.mul2')
except Exception as e:
print("registration failed (this is expected!) {}".format(e))
## publish to a couple of topics we are allowed to publish to.
##
for topic in [
'com.example.topic1',
'com.foobar.topic1']:
try:
yield self.publish(topic, "hello", options = PublishOptions(acknowledge = True))
print("ok, event published to topic {}".format(topic))
except Exception as e:
print("publication to topic {} failed: {}".format(topic, e))
## (try to) publish to a couple of topics we are not allowed to publish to (so this should fail)
##
for topic in [
'com.example.topic2',
'com.foobar.topic2']:
try:
yield self.publish(topic, "hello", options = PublishOptions(acknowledge = True))
print("ok, event published to topic {}".format(topic))
except Exception as e:
print("publication to topic {} failed (this is expected!) {}".format(topic, e))
self.leave()
def onLeave(self, details):
print("Client session left: {}".format(details))
self.disconnect()
def onDisconnect(self):
print("Client session disconnected.")
reactor.stop()
runner = ApplicationRunner(url='wss://[domain]:8080', realm='name_1')
runner.run(ClientSession)
交叉杆轨迹:-
[Router 32589 crossbar.router.protocol.WampWebSocketServerProtocol] connection accepted from peer tcp4:[ip_address]:5259
[Router 32589 crossbar.router.protocol.WampWebSocketServerProtocol] Connection made to tcp4:[ip_address]:5259
[Router 32589 crossbar.router.protocol.WampWebSocketServerProtocol] SSL error: tlsv1 alert unknown ca (in ssl3_read_bytes)
[Router 32589 crossbar.router.protocol.WampWebSocketServerProtocol] _connectionLost: [Failure instance: Traceback: <class 'OpenSSL.SSL.Error'>: [('SSL routines', 'ssl3_read_bytes', 'tlsv1 alert unknown ca')]
[Router 32589 crossbar.Router.protocol.WampWebSocketServerProtocol]从对等tcp4接受连接:[ip_地址]:5259
[Router 32589 crossbar.Router.protocol.WampWebSocketServerProtocol]与tcp4的连接:[ip_地址]:5259
[Router 32589 crossbar.Router.protocol.WampWebSocketServerProtocol]SSL错误:tlsv1警报未知ca(以ssl3_读取字节为单位)
[Router 32589 crossbar.Router.protocol.WampWebSocketServerProtocol]\u connectionLost:[故障实例:回溯::[('SSL例程','ssl3_读取字节','tlsv1警报未知ca')]
Python错误:SSL错误:证书验证失败(在tls\u进程\u服务器\u证书中)
最初,我在Crossbar配置中没有CA证书(错误没有变化)。我想我应该添加它们,因为这可能与此有关,所以我从中获得了它们(不确定这是否正确)。也从中尝试过,但这超出了我的理解(我甚至需要什么?)
我认为这是因为试图连接的机器发送的CA未被服务器识别
现在,我不知道如何更改CA或脚本发送的证书,即使我有其他方法(我可以尝试一些替代脚本,但它们是针对普通WebSocket的),那么我应该将其更改为什么
请帮忙