为什么oracle db 19c服务器无法打开wallet目录?
症状:在端口2484上运行的tns侦听器根本不响应客户机hello。它发送一个FIN并优雅地关闭连接。我的目标是在线路上捕获完整的ssl握手 我的oracle db 19c安装在windows 10上 listener.ora为什么oracle db 19c服务器无法打开wallet目录?,oracle,ssl,oracle-wallet,Oracle,Ssl,Oracle Wallet,症状:在端口2484上运行的tns侦听器根本不响应客户机hello。它发送一个FIN并优雅地关闭连接。我的目标是在线路上捕获完整的ssl握手 我的oracle db 19c安装在windows 10上 listener.ora SID_LIST_LISTENER = (SID_LIST = (SID_DESC = (SID_NAME = CLRExtProc) (ORACLE_HOME = C:\App\db_home) (PROGRAM = ex
SID_LIST_LISTENER =
(SID_LIST =
(SID_DESC =
(SID_NAME = CLRExtProc)
(ORACLE_HOME = C:\App\db_home)
(PROGRAM = extproc)
(ENVS = "EXTPROC_DLLS=ONLY:C:\App\db_home\bin\oraclr19.dll")
)
)
SSL_CLIENT_AUTHENTICATION = FALSE
WALLET_LOCATION =
(SOURCE =
(METHOD = FILE)
(METHOD_DATA =
(DIRECTORY = C:\App\db_home\wallet)
)
)
LISTENER =
(DESCRIPTION_LIST =
(DESCRIPTION =
(ADDRESS = (PROTOCOL = TCP)(HOST = WIN-10-ORACL-DB)(PORT = 1521))
)
(DESCRIPTION =
(ADDRESS = (PROTOCOL = TCPS)(HOST = WIN-10-ORACL-DB)(PORT = 2484))
)
(DESCRIPTION =
(ADDRESS = (PROTOCOL = IPC)(KEY = EXTPROC1521))
)
)
ADR_BASE_LISTENER = C:\App\db_home\log
sqlnet.ora
SQLNET.AUTHENTICATION_SERVICES= (BEQ, TCPS, NTS)
SSL_VERSION = 0
NAMES.DIRECTORY_PATH= (TNSNAMES, EZCONNECT)
SSL_CLIENT_AUTHENTICATION = FALSE
SQLNET.ENCRYPTION_TYPES_SERVER= (AES256)
WALLET_LOCATION =
(SOURCE =
(METHOD = FILE)
(METHOD_DATA =
(DIRECTORY = C:\App\db_home\wallet)
)
)
SSL_CIPHER_SUITES= (SSL_RSA_WITH_AES_128_GCM_SHA256, SSL_RSA_WITH_AES_128_CBC_SHA256, SSL_ECDHE_ECDSA_WITH_AES_256_CBC_SHA)
ADR_BASE = C:\App\db_home\log
特斯奈姆斯·奥拉
LISTENER_ORCL =
(ADDRESS = (PROTOCOL = TCP)(HOST = WIN-10-ORACL-DB)(PORT = 1521))
ORACLR_CONNECTION_DATA =
(DESCRIPTION =
(ADDRESS_LIST =
(ADDRESS = (PROTOCOL = IPC)(KEY = EXTPROC1521))
)
(CONNECT_DATA =
(SID = CLRExtProc)
(PRESENTATION = RO)
)
)
ORCL =
(DESCRIPTION =
(ADDRESS_LIST =
(ADDRESS = (PROTOCOL = TCP)(HOST = WIN-10-ORACL-DB)(PORT = 1521))
(ADDRESS = (PROTOCOL = TCPS)(HOST = WIN-10-ORACL-DB)(PORT = 2484))
)
(CONNECT_DATA =
(SERVER = DEDICATED)
(SERVICE_NAME = orcl.greenbuff.local)
)
)
tracefile(在C:\App\db\u home\log\diag\tnslsnr\WIN-10-ORACL-db\listener\trace中)
此跟踪文件的结果就是它如何退出并返回错误
虽然在这种情况下,客户端并不重要,但我设置了一个客户端与服务器通信以生成流量。我得到:
ERROR:
ORA-28864: SSL connection closed gracefully
SP2-0751: Unable to connect to Oracle. Exiting SQL*Plus
我还包括了客户端跟踪文件的一部分,其中显示了读取错误,因为下面没有对客户端hello的响应
2020-05-06 09:11:00.320 : nzosSetCipherSuite:Setting ciphers to ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:AES256-GCM-SHA384:AES256-SHA256:AES256-SHA:AES128-GCM-SHA256:AES128-SHA256:AES128-SHA:ECDH-RSA-AES256-GCM-SHA384:ECDH-RSA-AES128-GCM-SHA256:ECDH-RSA-AES256-SHA384:ECDH-RSA-AES128-SHA256:ECDH-RSA-AES256-SHA:ECDH-RSA-AES128-SHA:ECDH-ECDSA-AES256-GCM-SHA384:ECDH-ECDSA-AES128-GCM-SHA256:ECDH-ECDSA-AES256-SHA384:ECDH-ECDSA-AES128-SHA256:ECDH-ECDSA-AES256-SHA:ECDH-ECDSA-AES128-SHA:EDH-RSA-AES256-GCM-SHA384:EDH-RSA-AES128-GCM-SHA256:EDH-RSA-AES256-SHA256:EDH-RSA-AES128-SHA256:EDH-RSA-AES256-SHA:EDH-RSA-AES128-SHA
2020-05-06 09:11:00.321 : nzosSetCipherSuite:exit
2020-05-06 09:11:00.321 : nzos_SetPersona:entry
2020-05-06 09:11:00.321 : nzosAddCertChain:entry
2020-05-06 09:11:00.322 : nzosAddCertChain:exit
2020-05-06 09:11:00.322 : nzos_SetPersona:exit
2020-05-06 09:11:00.322 : nzosSetCredential:exit
2020-05-06 09:11:00.322 : nzos_Handshake:entry
2020-05-06 09:11:00.322 : SSL_Info:Handshake before/connect initialization (TLSv12 protocol)
2020-05-06 09:11:00.323 : nttwr:entry
2020-05-06 09:11:00.323 : nttwr:socket 924 had bytes written=166
2020-05-06 09:11:00.323 : nttwr:exit
2020-05-06 09:11:00.323 : nzosp_bio_write:processed=166, ret=0
2020-05-06 09:11:00.323 : nzbiowrite: write 166/166 bytes
2020-05-06 09:11:00.323 : 0: 16030200 a1010000 9d03025e b2e194d7 |...........^....|
16: 9b23fc0e 9bd6897c 28ff1d22 e9282f0a |.#.....|(..".(/.|
32: 845770af b370ccea af5d7a00 004ac030 |.Wp..p...]z..J.0|
48: c028c014 c02fc027 c013c02c c024c00a |.(.../.'...,.$..|
64: c02bc023 c009009d 003d0035 009c003c |.+.#.....=.5...<|
80: 002fc032 c031c02a c029c00f c00ec02e |./.2.1.*.)......|
96: c02dc026 c025c005 c004009f 009e006b |.-.&...........k|
112: 00670039 003300ff 0100002a 000a0020 |.g.9.3.....*... |
128: 001e0017 0019000d 000e0018 000b000c |................|
144: 0009000a 00150006 00070013 00010003 |................|
160: 000b0002 0100---- -------- -------- |...... |
2020-05-06 09:11:00.323 : SSL_Info:SSLv2/v3 write client hello A (TLSv11 protocol)
2020-05-06 09:11:00.323 : nttrd:entry
2020-05-06 09:11:00.323 : ntt2err:entry
2020-05-06 09:11:00.323 : ntt2err:soc 924 error - operation=5, ntresnt[0]=530, ntresnt[1]=53, ntresnt[2]=0
2020-05-06 09:11:00.323 : ntt2err:exit
2020-05-06 09:11:00.323 : nttrd:exit
2020-05-06 09:11:00.323 : nzospRead:I/O error - closing connection (-6992)
2020-05-06 09:11:00.323 : SSL_Info:error in SSLv3 read server hello A
2020-05-06 09:11:00.324 : nzos_Handshake:Handshake returned failure code -1
2020-05-06 09:11:00.324 : nzos_Handshake:exit
2020-05-06 09:11:00.320:nzosSetCipherSuite:将密码设置为ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDHE-ECDSA-ECDSA-128-SA256-AESSA:256-AESSA:ECDHE-ECDSA-AESSA:S128-GCM-SHA256:AES128-SHA256:AES285-SHA:ECDH-RSA-AES256-GCM-SHA384:ECDH-RSA-AES256-SHA384:ECDH-RSA-AES228-SHA256:ECDH-RSA-AES256-SHA:ECDH-RSA-AES128-SHA:ECDH-ECDSA-AES256-GCM-SHA384:ECDH-ECDSA-ECDSA-AES128-GCM-SHA256:ECDH-ECDH-ECDSA-ECDSA-AES256-SA384:ECDH-ECDH-ECDH-ECDH-128-ECDH-AES256-ECDH-AES256-AESSA-EDSCM-SHA384:EDH-RSA-AES128-GCM-SHA256:EDH-RSA-AES256-SHA256:EDH-RSA-AES128-SHA256:EDH-RSA-AES256-SHA:EDH-RSA-AES128-SHA
2020-05-06 09:11:00.321:nzosSetCipherSuite:出口
2020-05-06 09:11:00.321:nzos_SetPersona:entry
2020-05-06 09:11:00.321:nzosAddCertChain:入口
2020-05-06 09:11:00.322:nzosAddCertChain:出口
2020-05-06 09:11:00.322:nzos_SetPersona:退出
2020-05-06 09:11:00.322:nzosSetCredential:退出
2020-05-06 09:11:00.322:nzos_握手:进入
2020-05-06 09:11:00.322:SSL_信息:初始化/连接之前的握手(TLSv12协议)
2020-05-06 09:11:00.323:nttwr:入口
2020-05-06 09:11:00.323:nttwr:socket 924写入的字节数=166
2020-05-06 09:11:00.323:nttwr:出口
2020-05-06 09:11:00.323:nzosp_bio_write:processed=166,ret=0
2020-05-06 09:11:00.323:nzbioswrite:write 166/166字节
2020-05-06 09:11:00.323:0:16030200 a1010000 9d03025e b2e194d7|
16:9b23fc0e 9bd6897c 28ff1d22 e9282f0a|
32:845770af b370ccea af5d7a00 004ac030 | Wp..p..z..J.0|
48:c028c014 c02fc027 c013c02c c024c00a |.(./....,.$.)|
64:c02bc023 c009009d 003d0035 009c003c |+.#…=.5…这篇文章可能会帮助任何人。我找到了答案。在考虑了模糊的无法打开钱包错误消息后,我开始纠结钱包无法读取的原因。我检查了所需钱包的实际位置,并将其与配置文件中指定的位置进行了比较d查找输入错误。然后我认为权限可能是个问题,所以我继续对wallet目录中的每个文件启用了继承,并重新启动了listener。瞧,成功了。因为JDBC URL是DB_URL=“JDBC:oracle:thin:@dbname_high?TNS_ADMIN=/Users/test/wallet_dbname“,我建议将电子钱包目录设置为与TNS_ADMIN相同的目录,与您放置tnsnames.ora的目录相同。我将所有电子钱包文件放在那里,而不是我最初放置的ORACLE_BASE/wallet,放在“/ORACLE/product/12.2.0/dbhome_1/network/ADMIN”中,最后它成功了。
2020-05-06 09:11:00.320 : nzosSetCipherSuite:Setting ciphers to ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:AES256-GCM-SHA384:AES256-SHA256:AES256-SHA:AES128-GCM-SHA256:AES128-SHA256:AES128-SHA:ECDH-RSA-AES256-GCM-SHA384:ECDH-RSA-AES128-GCM-SHA256:ECDH-RSA-AES256-SHA384:ECDH-RSA-AES128-SHA256:ECDH-RSA-AES256-SHA:ECDH-RSA-AES128-SHA:ECDH-ECDSA-AES256-GCM-SHA384:ECDH-ECDSA-AES128-GCM-SHA256:ECDH-ECDSA-AES256-SHA384:ECDH-ECDSA-AES128-SHA256:ECDH-ECDSA-AES256-SHA:ECDH-ECDSA-AES128-SHA:EDH-RSA-AES256-GCM-SHA384:EDH-RSA-AES128-GCM-SHA256:EDH-RSA-AES256-SHA256:EDH-RSA-AES128-SHA256:EDH-RSA-AES256-SHA:EDH-RSA-AES128-SHA
2020-05-06 09:11:00.321 : nzosSetCipherSuite:exit
2020-05-06 09:11:00.321 : nzos_SetPersona:entry
2020-05-06 09:11:00.321 : nzosAddCertChain:entry
2020-05-06 09:11:00.322 : nzosAddCertChain:exit
2020-05-06 09:11:00.322 : nzos_SetPersona:exit
2020-05-06 09:11:00.322 : nzosSetCredential:exit
2020-05-06 09:11:00.322 : nzos_Handshake:entry
2020-05-06 09:11:00.322 : SSL_Info:Handshake before/connect initialization (TLSv12 protocol)
2020-05-06 09:11:00.323 : nttwr:entry
2020-05-06 09:11:00.323 : nttwr:socket 924 had bytes written=166
2020-05-06 09:11:00.323 : nttwr:exit
2020-05-06 09:11:00.323 : nzosp_bio_write:processed=166, ret=0
2020-05-06 09:11:00.323 : nzbiowrite: write 166/166 bytes
2020-05-06 09:11:00.323 : 0: 16030200 a1010000 9d03025e b2e194d7 |...........^....|
16: 9b23fc0e 9bd6897c 28ff1d22 e9282f0a |.#.....|(..".(/.|
32: 845770af b370ccea af5d7a00 004ac030 |.Wp..p...]z..J.0|
48: c028c014 c02fc027 c013c02c c024c00a |.(.../.'...,.$..|
64: c02bc023 c009009d 003d0035 009c003c |.+.#.....=.5...<|
80: 002fc032 c031c02a c029c00f c00ec02e |./.2.1.*.)......|
96: c02dc026 c025c005 c004009f 009e006b |.-.&...........k|
112: 00670039 003300ff 0100002a 000a0020 |.g.9.3.....*... |
128: 001e0017 0019000d 000e0018 000b000c |................|
144: 0009000a 00150006 00070013 00010003 |................|
160: 000b0002 0100---- -------- -------- |...... |
2020-05-06 09:11:00.323 : SSL_Info:SSLv2/v3 write client hello A (TLSv11 protocol)
2020-05-06 09:11:00.323 : nttrd:entry
2020-05-06 09:11:00.323 : ntt2err:entry
2020-05-06 09:11:00.323 : ntt2err:soc 924 error - operation=5, ntresnt[0]=530, ntresnt[1]=53, ntresnt[2]=0
2020-05-06 09:11:00.323 : ntt2err:exit
2020-05-06 09:11:00.323 : nttrd:exit
2020-05-06 09:11:00.323 : nzospRead:I/O error - closing connection (-6992)
2020-05-06 09:11:00.323 : SSL_Info:error in SSLv3 read server hello A
2020-05-06 09:11:00.324 : nzos_Handshake:Handshake returned failure code -1
2020-05-06 09:11:00.324 : nzos_Handshake:exit