Ssl go tls与apple推送通知服务器的连接不工作_Ssl_Go_Apple Push Notifications

Ssl go tls与apple推送通知服务器的连接不工作

ssl go

Ssl go tls与apple推送通知服务器的连接不工作,ssl,go,apple-push-notifications,Ssl,Go,Apple Push Notifications,我的代码如下所示 package main import ( "crypto/tls" "crypto/x509" "log" "io/ioutil" ) func main() { c := "pub.pem" p := "pri.pem" cert, err := tls.LoadX509KeyPair(c, p) if err != nil { log.Fatalf("server: loadkeys: %

我的代码如下所示

package main

import (
    "crypto/tls"
    "crypto/x509"
    "log"
    "io/ioutil"
)

func main() {
    c := "pub.pem"
    p := "pri.pem"
    cert, err := tls.LoadX509KeyPair(c, p)
    if err != nil {
        log.Fatalf("server: loadkeys: %s", err)
    }

    pemData2, err := ioutil.ReadFile("entrust.pem")

    if err != nil {
        log.Fatalf("cant read ca cert: %s", err)
    }


    cacerts := x509.NewCertPool()
    cacerts.AppendCertsFromPEM(pemData2) 

    config := tls.Config{Certificates: []tls.Certificate{cert}, RootCAs: cacerts}
    conn, err := tls.Dial("tcp", "gateway.sandbox.push.apple.com:2195", &config)
    if err != nil {
        log.Fatalf("client: dial: %s", err)
    }
    defer conn.Close()
    log.Println("client: connected to: ", conn.RemoteAddr())


}

它回来了

客户：拨号：EOF

为什么它只显示EOF？有线索吗

要求使用openssl命令检查证书。输出如下。我认为这个证书有效。有什么方法可以在tls.Dial函数中获取更多调试信息吗

~/go$ openssl s_client -connect gateway.sandbox.push.apple.com:2195 -cert pub.pem -key pri.pem -CAfile entrust.pem 
CONNECTED(00000003)
depth=2 O = Entrust.net, OU = www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), OU = (c) 1999 Entrust.net Limited, CN = Entrust.net Certification Authority (2048)
verify return:1
depth=1 C = US, O = "Entrust, Inc.", OU = www.entrust.net/rpa is incorporated by reference, OU = "(c) 2009 Entrust, Inc.", CN = Entrust Certification Authority - L1C
verify return:1
depth=0 C = US, ST = California, L = Cupertino, O = Apple Inc., CN = gateway.sandbox.push.apple.com
verify return:1
140527559149216:error:140790E5:SSL routines:ssl23_write:ssl handshake failure:s23_lib.c:177:
---
Certificate chain
0 s:/C=US/ST=California/L=Cupertino/O=Apple Inc./CN=gateway.sandbox.push.apple.com
   i:/C=US/O=Entrust, Inc./OU=www.entrust.net/rpa is incorporated by reference/OU=(c) 2009 Entrust, Inc./CN=Entrust Certification Authority - L1C
 1 s:/C=US/O=Entrust, Inc./OU=www.entrust.net/rpa is incorporated by reference/OU=(c) 2009 Entrust, Inc./CN=Entrust Certification Authority - L1C
   i:/O=Entrust.net/OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.)/OU=(c) 1999 Entrust.net Limited/CN=Entrust.net Certification Authority (2048)
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgIETCMmsDANBgkqhkiG9w0BAQUFADCBsTELMAkGA1UEBhMC
................................................................
................................................................
................................................................
fwUYU5NTM3h0xi3rIlXwAKD6zLKipcQ/YXRx7oMYnAm53tfU2MxV
-----END CERTIFICATE-----
subject=/C=US/ST=California/L=Cupertino/O=Apple Inc./CN=gateway.sandbox.push.apple.com
issuer=/C=US/O=Entrust, Inc./OU=www.entrust.net/rpa is incorporated by reference/OU=(c) 2009 Entrust, Inc./CN=Entrust Certification Authority - L1C
---
Acceptable client certificate CA names
/C=US/O=Apple Inc./OU=Apple Certification Authority/CN=Apple Root CA
/C=US/O=Apple Inc./OU=Apple Worldwide Developer Relations/CN=Apple Worldwide Developer Relations Certification Authority
/C=US/O=Apple Inc./OU=Apple Certification Authority/CN=Apple Application Integration Certification Authority
Client Certificate Types: RSA sign, DSA sign, ECDSA sign
Requested Signature Algorithms: RSA+SHA512:DSA+SHA512:ECDSA+SHA512:RSA+SHA384:DSA+SHA384:ECDSA+SHA384:RSA+SHA256:DSA+SHA256:ECDSA+SHA256:RSA+SHA224:DSA+SHA224:ECDSA+SHA224:RSA+SHA1:DSA+SHA1:ECDSA+SHA1
Shared Requested Signature Algorithms: RSA+SHA512:DSA+SHA512:ECDSA+SHA512:RSA+SHA384:DSA+SHA384:ECDSA+SHA384:RSA+SHA256:DSA+SHA256:ECDSA+SHA256:RSA+SHA224:DSA+SHA224:ECDSA+SHA224:RSA+SHA1:DSA+SHA1:ECDSA+SHA1
Peer signing digest: SHA512
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 3483 bytes and written 1855 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : ECDHE-RSA-AES256-GCM-SHA384
    Session-ID: 
    Session-ID-ctx: 
    Master-Key: B6233349C3120E27078A8DD6A0C7526CD76F69A5B2A3A4036D721A768A6585FE5899D8D31560228CB3FB0170D4354577
    Key-Arg   : None
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    Start Time: 1429509932
    Timeout   : 300 (sec)
    Verify return code: 0 (ok)
---

看起来该服务需要一个客户端证书，如果它没有收到或没有收到预期的证书，则只需关闭连接（即EOF）。您还可以尝试git master提供的最新版本的Go（自go1.4以来，有一些tls更改和密码添加）？您还可以尝试连接到

tls.Config.MaxVersion=tls.VersionTLS11

。您找到了解决方案吗？我认为是证书问题。我的实现后来被修改为