RabbitMq和“致命错误:握手失败 - handshake_decode_error” [英] RabbitMq and "Fatal error: handshake failure - handshake_decode_error"

查看:2004
本文介绍了RabbitMq和“致命错误:握手失败 - handshake_decode_error”的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我正在使用Windows Server 2012,Erlang 19.2和RabbitMq 3.6.6。我在使用TLS配置端点之间的连接时遇到困难。我已经尝试了所有的答案,以及所有的RabbitMq文档 here 这里。不知道我们在做错什么。



疑难解答链接在这里所有测试通过 尝试SSL连接到代理片段。这是问题所在,我不知道为什么。



当我浏览有关故障排除的文档,看看是否可以获得超过<$ c的对等连接$ c> SSL 在端口8443,它工作正常。然后尝试连接到端口5671上的代理失败,说不好的握手。



将RabbitMq配置文件切换到8443不会使对等体工作5671,并在8443上失败。



我的配置文件:

  [
 {rabbit,[
 {ssl_listeners,[5671]},
 {ssl_options,[{cacertfile,C:\\\\\\\\\\\ testca \\\cacert.pem},
 {certfile,C:\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ :\\\\\key.pem},
 {depth,2},
 {verify,verify_peer},
 {fail_if_no_peer_cert,false} ]} 
]} 
]。

运行此命令:


c:\rabbitcerts> openssl s_client -connect localhost:5671 -cert client / cert.pem -key client / key.pem -CAfile testca / cacert.pem




产生此错误:

 加载屏幕'进入随机状态 - 完成
 CONNECTED(000001BC)
写入:errno = 10054

在日志文件中:

  = INFO REPORT ==== 19-Jan- 2017 :: 16:42:50 === 
内存限制设置为716MB,总共1791MB。 
 
 = INFO REPORT ==== 2011年1月19日:: 16:42:50 === 
无磁盘限制设置为50MB 
 
 = INFO报告==== 2011年1月19日:: 16:42:50 === 
限制为约8092个文件句柄(7280个插槽)
 
 = INFO REPORT ==== 19 -Jan-2017 :: 16:42:50 === 
 FHC读缓冲:OFF 
 FHC写缓冲:ON 
 
 = INFO REPORT ==== 19-Jan -2017 :: 16:42:50 === 
启用优先级队列,实际BQ是rabbit_variable_queue 
 
 = INFO REPORT ==== 19-Jan-2017 :: 16:42: 51 === 
启动rabbit_node_monitor 
 
 = INFO REPORT ==== 19-Jan-2017 :: 16:42:51 === 
管理插件:使用费率模式'basic'
 
 = INFO REPORT ==== 19-Jan-2017 :: 16:42:51 === 
 msg_store_transient:使用rabbit_msg_store_ets_index提供索引
 
 = INFO REPORT ==== 19-Jan-2017 :: 16:42:51 === 
 msg_store_persistent:使用rabbit_msg_store_ets_index提供索引
 
 = INFO REPORT == 2011年1月19日:: 16:42:51 === 
在[::]上启动TCP侦听器:5672 
 
 = INFO REPORT =============================================================================================================================================================================================== -2017 :: 16:42:51 === 
在[::]上启动SSL监听器:5671 
 
 = INFO REPORT ==== 19-Jan-2017 :: 16: 42:51 === 
启动SSL监听器0.0.0.0:5671 
 
 = INFO REPORT ==== 19-Jan-2017 :: 16:42:51 === 
管理插件启动。端口:15672 
 
 = INFO REPORT ==== 19-Jan-2017 :: 16:42:51 === 
统计事件收集器已启动。 
 
 ... 
 
 = INFO REPORT ==== 19-Jan-2017 :: 16:42:51 === 
统计数据库已启动。 
 
 = INFO REPORT ==== 19-Jan-2017 :: 16:42:51 === 
统计垃圾收集器开始为表格aggr_queue_stats_fine_stats与间隔5000. 
 
 = INFO REPORT ==== 19-Jan-2017 :: 16:42:51 === 
统计垃圾收集器为表格aggr_queue_stats_deliver_get启动,间隔为5000. 
 
 .. 
 
 = INFO REPORT ==== 19-Jan-2017 :: 16:42:51 === 
统计垃圾回收器开始为表格aggr_queue_exchange_stats_fine_stats与间隔5000. 
 
 = INFO REPORT ==== 19-Jan-2017 :: 16:42:51 === 
统计垃圾收集器为表格aggr_vhost_stats_deliver_get启动,间隔为5000. 
 
 = INFO REPORT ==== 19-Jan-2017 :: 16:42:51 === 
统计垃圾收集器开始为表格aggr_vhost_stats_fine_stats与间隔5000. 
 
 = INFO REPORT === = 19-Jan-2017 :: 16:42:51 === 
统计垃圾收集器为表格aggr_vhost_stats_queue_msg_rates启动,间隔为5000. 
 
 = INFO REPORT ==== 19-Jan- 2017 :: 16:4 2:51 === 
统计垃圾收集器为表格aggr_vhost_stats_queue_msg_counts启动,间隔为5000. 
 
 = INFO REPORT ==== 19-Jan-2017 :: 16:42:51 == = 
统计垃圾收集器为表格aggr_vhost_stats_coarse_conn_stats启动,间隔为5000. 
 
 = INFO REPORT ==== 19-Jan-2017 :: 16:42:51 === 
统计垃圾回收器从表格aggr_channel_queue_stats_deliver_get开始,间隔为5000. 
 
 = INFO REPORT ==== 19-Jan-2017 :: 16:42:51 === 
统计垃圾收集器开始表格aggr_channel_queue_stats_fine_stats,间隔为5000. 
 
 = INFO REPORT ==== 19-Jan-2017 :: 16:42:51 === 
统计垃圾收集器为表格aggr_channel_queue_stats_queue_msg_counts启动,间隔时间为5000 
 
 = INFO REPORT ==== 19-Jan-2017 :: 16:42:51 === 
统计垃圾收集器为表格aggr_channel_stats_deliver_get启动,间隔为5000. 
 
 = INFO REPORT ==== 19-Jan-2017 :: 16:42:51 === 
统计服装年龄收集者开始为表格aggr_channel_stats_fine_stats与间隔5000. 
 
 = INFO REPORT ==== 19-Jan-2017 :: 16:42:51 === 
统计垃圾回收器开始为表aggr_channel_stats_queue_msg_counts,间隔为5000. 
 
 = INFO REPORT ==== 19-Jan-2017 :: 16:42:51 === 
统计垃圾收集器为表格aggr_channel_stats_process_stats启动,间隔为5000。 
 
 = INFO REPORT ==== 19-Jan-2017 :: 16:42:51 === 
统计垃圾回收器开始为表格aggr_channel_exchange_stats_deliver_get,间隔为5000. 
 
 = INFO REPORT ==== 19-Jan-2017 :: 16:42:51 === 
统计垃圾回收器为表格aggr_channel_exchange_stats_fine_stats启动,间隔为5000. 
 
 = INFO REPORT ==== 19-Jan-2017 :: 16:42:51 === 
统计垃圾收集器为表格aggr_exchange_stats_fine_stats启动,间隔为5000. 
 
 = INFO REPORT == 2017年1月19日:: 16:42:51 === 
统计垃圾收集器开始为表格r_node_stats_coarse_node_stats,间隔5000. 
 
 ... 
 
 = INFO REPORT ==== 19-Jan-2017 :: 16:42:51 === 
统计垃圾收集器启动时间间隔为5000的表connection_stats。
 
 = INFO REPORT ==== 19-Jan-2017 :: 16:42:51 === 
服务器启动完成; 6个插件启动。 
 * rabbitmq_management 
 * rabbitmq_web_dispatch 
 * webmachine 
 * mochiweb 
 * rabbitmq_management_agent 
 * amqp_client 
 
 =错误报告=== = 19-Jan-2017 :: 16:54:39 === 
 SSL:hello:tls_handshake.erl:202:致命错误:握手失败 -  handshake_decode_error 
  pre> 
 
 
我缺少什么地球?​​
 
 
 
我已经到了我的网络管理员看看是否根据这个答案,但我想听到别人的信息,因为我确信我不能是唯一遇到任何问题的人... 
 
 
 
 更新 
 
 
 
似乎我使用@jww中的新命令越来越近了。 > 
 
 
 
 
 openssl s_client -connect mymachine:5671 -tls1 -servername mymachine 
 
  
 
 
输出:
 加载'进入随机状态
 CONNECTED(000001BC)
 depth = 1 / CN = MyTestCA 
验证错误:num = 19:证书链中的自签名证书
验证返回:0 
 --- 
证书链
 0 s:/ CN = $(主机名)/ O =服务器
i:/ CN = MyTestCA 
 1 s:/ CN = MyTestCA 
I:/ CN = MyTestCA 
 --- 
服务器证书
 ----- BEGIN CERTIFICATE ----- 
 MIIC5DCCAcygAwIBAgIBATANBgkqhkiG9w0BAQsFADATMREwDwYDVQQDEwhNeVRl 
 c3RDQTAeFw0xNzAxMTkxNjA1NDhaFw0xODAxMTkxNjA1NDhaMCcxFDASBgNVBAMU 
 CyQoaG9zdG5hbWUpMQ8wDQYDVQQKEwZzZXJ2ZXIwggEiMA0GCSqGSIb3DQEBAQUA 
 A4IBDwAwggEKAoIBAQC1WnL4V7VWwi9EytZT1UTR3ixQcXwCSWDe3aS8yk1KFadL 
 1ZPBgj3ZYDs / NwDX / KJ / d31yCgpwl / ZS6lWjn2Ect7BfHwKHd98L5SVl9Na2TPUP 
 73kLdITDYvJbACoQu + JT60CNPBXsTPww2L2OpFYUhDSXGwV721Y5rcaU9a2VPzjp 
 N0puT8qdxMmOz7Zp2WAjmkmSRpbOz2Z3 / BbVI9zPMYLenmOeoLDOpM2vGqeLRSy1 
 ruBd7Rw3gFKvYN / FLX ZyfZkqrY5FOju6okp6n9KvnibnmgATS1OuSmADFS78x0Zz 
 XM7Cep23b4Ix + ckB4PzpAwRKsiWv534veN1lK42hAgMBAAGjLzAtMAkGA1UdEwQC 
 MAAwCwYDVR0PBAQDAgUgMBMGA1UdJQQMMAoGCCsGAQUFBwMBMA0GCSqGSIb3DQEB 
 CwUAA4IBAQBolBD + sy7H1SdtgGsS45eYp1zSEPlOEZLZhmCsN4zN4rG0Qo6SGEvd 
 cODk3hIWfglgb50oouGGebE84ReTSLQvFp9eGoIokB8azy2l25weZPvyPjjkdBiF 
 / XI3Wn / oJaRX9t2nnMZjQE14W22KqwGewMh0PywdLcjV6llqmFzZAQv6GTIvyOZw 
 QqCZjanYXGtyi3QSK6D1MxBaDW7hg4 / WaUkNEhKVEQ6Vm3EvnvGVD6XZVP7RM7Iy 
 oN7wXuGlasoBx7Zs5sJh1 / uNYyN2QHYKu8z5tLgXACzA9phNLeOGaimxIZIUAjnJ 
 IY08bwLeo / hbDKNA3hvyQlgSpy7t2U4o 
 ----- END CERTIFICATE ----- 
 subject = / CN = $(hostname)/ O = server 
 issuer = / CN = MyTestCA 
 --- 
可接受的客户端证书CA名称
 / CN = MyTestCA 
 --- 
 SSL握手已读取1659字节并写入453字节
 --- 
新,TLSv1 / SSLv3,密码是AES256-SHA 
服务器公钥是2048位
压缩:NONE 
扩展:NONE 
 SSL会话:
协议:TLSv1 
 Ciph ER:AES256-SHA 
会话ID:0E00F18E516DBD5C7EE7F7FE070BDC09FBE3B731FA8D1DF2ECD75E455BB8A6EF 
会话ID-CTX:
主密钥:61F018A5B629EE6015F88B076AEA8765E153A8CCB2241766DFD0BCC369DC703C9BF42249E47C93EEA318899615732390 
键精氨酸:无
开始时间:1484872012 
超时:7200(秒)
验证返回代码:19(证书链中的自签名证书)
 --- 
关闭
  
 
 
解决方案
在这种特殊情况下,一切安装正确。但是,在RabbitMq控制台中创建对等连接以进行故障排除时,似乎在尝试连接到代理程序时,通过不同的协议创建连接。
 
 
 
这不起作用:
 
 
 openssl s_client -connect localhost:5671 -cert client / cert.pem -key client / key.pem -CAfile testca / cacert.pem 
 
 
我向参数添加了 -tls1  ,每个@ jww的其他建议,这就是我需要创建安全连接。
 
 
 openssl s_client -connect localhost:5671 -tls1 -cert client / cert.pem -key client / key.pem -CAfile testca / cacert.pem 
 
 
导致验证码:(ok)
 屏幕'进入随机状态 - 完成
 CONNECTED(000001BC)
 depth = 1 / CN = MyTestCA 
验证返回:1 
 depth = 0 / CN = $(ho stname)/ O = server 
验证返回:1 
 --- 
证书链
 0 s:/ CN = $(主机名)/ O =服务器
i: / CN = MyTestCA 
 1 s:/ CN = MyTestCA 
i:/ CN = MyTestCA 
 --- 
服务器证书
 ----- BEGIN CERTIFICATE-- --- 
 MIIC5DCCAcygAwIBAgIBATANBgkqhkiG9w0BAQsFADATMREwDwYDVQQDEwhNeVRl 
 c3RDQTAeFw0xNzAxMTkxNjA1NDhaFw0xODAxMTkxNjA1NDhaMCcxFDASBgNVBAMU 
 CyQoaG9zdG5hbWUpMQ8wDQYDVQQKEwZzZXJ2ZXIwggEiMA0GCSqGSIb3DQEBAQUA 
 A4IBDwAwggEKAoIBAQC1WnL4V7VWwi9EytZT1UTR3ixQcXwCSWDe3aS8yk1KFadL 
 1ZPBgj3ZYDs / NwDX / KJ / d31yCgpwl / ZS6lWjn2Ect7BfHwKHd98L5SVl9Na2TPUP 
 73kLdITDYvJbACoQu + JT60CNPBXsTPww2L2OpFYUhDSXGwV721Y5rcaU9a2VPzjp 
 N0puT8qdxMmOz7Zp2WAjmkmSRpbOz2Z3 / BbVI9zPMYLenmOeoLDOpM2vGqeLRSy1 
 ruBd7Rw3gFKvYN / flXZyfZkqrY5FOju6okp6n9KvnibnmgATS1OuSmADFS78x0Zz 
 XM7Cep23b4Ix + ckB4PzpAwRKsiWv534veN1lK42hAgMBAAGjLzAtMAkGA1UdEwQC 
 MAAwCwYDVR0PBAQDAgUgMBMGA1UdJQQMMAoGCCsGAQUFBwMBMA0GCSqGSIb3DQEB 
 CwUAA4IBAQBolBD + sy7H1SdtgGsS45eYp1zSEPlOEZLZhmCsN4zN4rG 0Qo6SGEvd 
 cODk3hIWfglgb50oouGGebE84ReTSLQvFp9eGoIokB8azy2l25weZPvyPjjkdBiF 
 / XI3Wn / oJaRX9t2nnMZjQE14W22KqwGewMh0PywdLcjV6llqmFzZAQv6GTIvyOZw 
 QqCZjanYXGtyi3QSK6D1MxBaDW7hg4 / WaUkNEhKVEQ6Vm3EvnvGVD6XZVP7RM7Iy 
 oN7wXuGlasoBx7Zs5sJh1 / uNYyN2QHYKu8z5tLgXACzA9phNLeOGaimxIZIUAjnJ 
 IY08bwLeo / hbDKNA3hvyQlgSpy7t2U4o 
 ----- END CERTIFICATE ---- -  
 subject = / CN = $(hostname)/ O = server 
 issuer = / CN = MyTestCA 
 --- 
可接受的客户端证书CA名称
 / CN = MyTestCA 
 --- 
 SSL握手已读取1659字节并写入2163字节
 --- 
新建TLSv1 / SSLv3密码为AES256-SHA 
服务器公钥是2048位
压缩:NONE 
扩展:NONE 
 SSL会话:
协议:TLSv1 
密码:AES256-SHA 
会话ID :56CC3AB350BF91DB4CD2A89F62FD60322E553628C381E11B179BD9C8D22184BF 
会话ID-ctx:
主密钥:6FB8A241FD0A5C3ECCBE88DE4C36C412CBE5E8D58DAAB209D24438F72CCA7F9332511A277EBC0919775490057F46CCC 7 
 Key-Arg:无
开始时间:1484921846 
超时:7200(秒)
验证返回码:0(好)
  
 
I'm working with Windows Server 2012, Erlang 19.2, and RabbitMq 3.6.6. I'm having trouble configuring the connection between endpoints using TLS. I've tried every answer on SO, as well as all the RabbitMq docs here and here. Not sure what we're doing wrong.



In the troubleshooting link here all tests pass except the "Attempt SSL connection to broker" piece. This is where the problem lies and I'm not sure why.



When I go through the documentation on troubleshooting to see if you can get a peer connection over SSL on port 8443, it works fine. Then trying to connect to the broker on port 5671 fails, saying bad handshake.



Switching the RabbitMq config file to 8443 does nothing, other than make the peer to peer work on 5671 and fail on 8443.



My config file:
[
  {rabbit, [
     {ssl_listeners, [5671]},
     {ssl_options, [{cacertfile,"C:\\rabbitcerts\\testca\\cacert.pem"},
                    {certfile,"C:\\rabbitcerts\\server\\cert.pem"},
                    {keyfile,"C:\\rabbitcerts\\server\\key.pem"},
                    {depth, 2},
                    {verify,verify_peer},
                    {fail_if_no_peer_cert,false}]}
   ]}
].

Running this command:

  
c:\rabbitcerts>openssl s_client -connect localhost:5671 -cert client/cert.pem -key client/key.pem -CAfile testca/cacert.pem


Produces this error:
Loading 'screen' into random state - done
CONNECTED(000001BC)
write:errno=10054

And in the log file:
=INFO REPORT==== 19-Jan-2017::16:42:50 ===
Memory limit set to 716MB of 1791MB total.

=INFO REPORT==== 19-Jan-2017::16:42:50 ===
Disk free limit set to 50MB

=INFO REPORT==== 19-Jan-2017::16:42:50 ===
Limiting to approx 8092 file handles (7280 sockets)

=INFO REPORT==== 19-Jan-2017::16:42:50 ===
FHC read buffering:  OFF
FHC write buffering: ON

=INFO REPORT==== 19-Jan-2017::16:42:50 ===
Priority queues enabled, real BQ is rabbit_variable_queue

=INFO REPORT==== 19-Jan-2017::16:42:51 ===
Starting rabbit_node_monitor

=INFO REPORT==== 19-Jan-2017::16:42:51 ===
Management plugin: using rates mode 'basic'

=INFO REPORT==== 19-Jan-2017::16:42:51 ===
msg_store_transient: using rabbit_msg_store_ets_index to provide index

=INFO REPORT==== 19-Jan-2017::16:42:51 ===
msg_store_persistent: using rabbit_msg_store_ets_index to provide index

=INFO REPORT==== 19-Jan-2017::16:42:51 ===
started TCP Listener on [::]:5672

=INFO REPORT==== 19-Jan-2017::16:42:51 ===
started TCP Listener on 0.0.0.0:5672

=INFO REPORT==== 19-Jan-2017::16:42:51 ===
started SSL Listener on [::]:5671

=INFO REPORT==== 19-Jan-2017::16:42:51 ===
started SSL Listener on 0.0.0.0:5671

=INFO REPORT==== 19-Jan-2017::16:42:51 ===
Management plugin started. Port: 15672

=INFO REPORT==== 19-Jan-2017::16:42:51 ===
Statistics event collector started.

...

=INFO REPORT==== 19-Jan-2017::16:42:51 ===
Statistics database started.

=INFO REPORT==== 19-Jan-2017::16:42:51 ===
Statistics garbage collector started for table aggr_queue_stats_fine_stats with interval 5000.

=INFO REPORT==== 19-Jan-2017::16:42:51 ===
Statistics garbage collector started for table aggr_queue_stats_deliver_get with interval 5000.

...

=INFO REPORT==== 19-Jan-2017::16:42:51 ===
Statistics garbage collector started for table aggr_queue_exchange_stats_fine_stats with interval 5000.

=INFO REPORT==== 19-Jan-2017::16:42:51 ===
Statistics garbage collector started for table aggr_vhost_stats_deliver_get with interval 5000.

=INFO REPORT==== 19-Jan-2017::16:42:51 ===
Statistics garbage collector started for table aggr_vhost_stats_fine_stats with interval 5000.

=INFO REPORT==== 19-Jan-2017::16:42:51 ===
Statistics garbage collector started for table aggr_vhost_stats_queue_msg_rates with interval 5000.

=INFO REPORT==== 19-Jan-2017::16:42:51 ===
Statistics garbage collector started for table aggr_vhost_stats_queue_msg_counts with interval 5000.

=INFO REPORT==== 19-Jan-2017::16:42:51 ===
Statistics garbage collector started for table aggr_vhost_stats_coarse_conn_stats with interval 5000.

=INFO REPORT==== 19-Jan-2017::16:42:51 ===
Statistics garbage collector started for table aggr_channel_queue_stats_deliver_get with interval 5000.

=INFO REPORT==== 19-Jan-2017::16:42:51 ===
Statistics garbage collector started for table aggr_channel_queue_stats_fine_stats with interval 5000.

=INFO REPORT==== 19-Jan-2017::16:42:51 ===
Statistics garbage collector started for table aggr_channel_queue_stats_queue_msg_counts with interval 5000.

=INFO REPORT==== 19-Jan-2017::16:42:51 ===
Statistics garbage collector started for table aggr_channel_stats_deliver_get with interval 5000.

=INFO REPORT==== 19-Jan-2017::16:42:51 ===
Statistics garbage collector started for table aggr_channel_stats_fine_stats with interval 5000.

=INFO REPORT==== 19-Jan-2017::16:42:51 ===
Statistics garbage collector started for table aggr_channel_stats_queue_msg_counts with interval 5000.

=INFO REPORT==== 19-Jan-2017::16:42:51 ===
Statistics garbage collector started for table aggr_channel_stats_process_stats with interval 5000.

=INFO REPORT==== 19-Jan-2017::16:42:51 ===
Statistics garbage collector started for table aggr_channel_exchange_stats_deliver_get with interval 5000.

=INFO REPORT==== 19-Jan-2017::16:42:51 ===
Statistics garbage collector started for table aggr_channel_exchange_stats_fine_stats with interval 5000.

=INFO REPORT==== 19-Jan-2017::16:42:51 ===
Statistics garbage collector started for table aggr_exchange_stats_fine_stats with interval 5000.

=INFO REPORT==== 19-Jan-2017::16:42:51 ===
Statistics garbage collector started for table aggr_node_stats_coarse_node_stats with interval 5000.

...

=INFO REPORT==== 19-Jan-2017::16:42:51 ===
Statistics garbage collector started for table connection_stats with interval 5000.

=INFO REPORT==== 19-Jan-2017::16:42:51 ===
Server startup complete; 6 plugins started.
 * rabbitmq_management
 * rabbitmq_web_dispatch
 * webmachine
 * mochiweb
 * rabbitmq_management_agent
 * amqp_client

=ERROR REPORT==== 19-Jan-2017::16:54:39 ===
SSL: hello: tls_handshake.erl:202:Fatal error: handshake failure - handshake_decode_error

What on Earth am I missing?



I've reached out to my network admin to see if there is a configuration on the server that we might be missing, per this answer on SO, but I'd like to hear from others, as I'm sure I can't be the only one encountering any issues...



UPDATE



It appears I'm getting closer using the new command from @jww.

  
openssl s_client -connect mymachine:5671 -tls1 -servername mymachine


Output:
Loading 'screen' into random state - done
CONNECTED(000001BC)
depth=1 /CN=MyTestCA
verify error:num=19:self signed certificate in certificate chain
verify return:0
---
Certificate chain
 0 s:/CN=$(hostname)/O=server
   i:/CN=MyTestCA
 1 s:/CN=MyTestCA
   i:/CN=MyTestCA
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIC5DCCAcygAwIBAgIBATANBgkqhkiG9w0BAQsFADATMREwDwYDVQQDEwhNeVRl
c3RDQTAeFw0xNzAxMTkxNjA1NDhaFw0xODAxMTkxNjA1NDhaMCcxFDASBgNVBAMU
CyQoaG9zdG5hbWUpMQ8wDQYDVQQKEwZzZXJ2ZXIwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC1WnL4V7VWwi9EytZT1UTR3ixQcXwCSWDe3aS8yk1KFadL
1ZPBgj3ZYDs/NwDX/KJ/d31yCgpwl/ZS6lWjn2Ect7BfHwKHd98L5SVl9Na2TPUP
73kLdITDYvJbACoQu+JT60CNPBXsTPww2L2OpFYUhDSXGwV721Y5rcaU9a2VPzjp
N0puT8qdxMmOz7Zp2WAjmkmSRpbOz2Z3/BbVI9zPMYLenmOeoLDOpM2vGqeLRSy1
ruBd7Rw3gFKvYN/flXZyfZkqrY5FOju6okp6n9KvnibnmgATS1OuSmADFS78x0Zz
XM7Cep23b4Ix+ckB4PzpAwRKsiWv534veN1lK42hAgMBAAGjLzAtMAkGA1UdEwQC
MAAwCwYDVR0PBAQDAgUgMBMGA1UdJQQMMAoGCCsGAQUFBwMBMA0GCSqGSIb3DQEB
CwUAA4IBAQBolBD+sy7H1SdtgGsS45eYp1zSEPlOEZLZhmCsN4zN4rG0Qo6SGEvd
cODk3hIWfglgb50oouGGebE84ReTSLQvFp9eGoIokB8azy2l25weZPvyPjjkdBiF
/XI3Wn/oJaRX9t2nnMZjQE14W22KqwGewMh0PywdLcjV6llqmFzZAQv6GTIvyOZw
QqCZjanYXGtyi3QSK6D1MxBaDW7hg4/WaUkNEhKVEQ6Vm3EvnvGVD6XZVP7RM7Iy
oN7wXuGlasoBx7Zs5sJh1/uNYyN2QHYKu8z5tLgXACzA9phNLeOGaimxIZIUAjnJ
IY08bwLeo/hbDKNA3hvyQlgSpy7t2U4o
-----END CERTIFICATE-----
subject=/CN=$(hostname)/O=server
issuer=/CN=MyTestCA
---
Acceptable client certificate CA names
/CN=MyTestCA
---
SSL handshake has read 1659 bytes and written 453 bytes
---
New, TLSv1/SSLv3, Cipher is AES256-SHA
Server public key is 2048 bit
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1
    Cipher    : AES256-SHA
    Session-ID: 0E00F18E516DBD5C7EE7F7FE070BDC09FBE3B731FA8D1DF2ECD75E455BB8A6EF
    Session-ID-ctx:
    Master-Key: 61F018A5B629EE6015F88B076AEA8765E153A8CCB2241766DFD0BCC369DC703C9BF42249E47C93EEA318899615732390
    Key-Arg   : None
    Start Time: 1484872012
    Timeout   : 7200 (sec)
    Verify return code: 19 (self signed certificate in certificate chain)
---
closed



 解决方案 
In this particular case, everything was setup correctly. However, it seems when creating a peer connection in the RabbitMq Console for troubleshooting, it creates a connection over a different protocol than when trying to connect to the broker.



So, where this didn't work:

  
openssl s_client -connect localhost:5671 -cert client/cert.pem -key client/key.pem -CAfile testca/cacert.pem


I added -tls1 to the arguments, per @jww's other recommendation, and that was all I needed to create the secure connection.

  
openssl s_client -connect localhost:5671 -tls1 -cert client/cert.pem -key client/key.pem -CAfile testca/cacert.pem


Resulting in a Verify code: (ok).
Loading 'screen' into random state - done
CONNECTED(000001BC)
depth=1 /CN=MyTestCA
verify return:1
depth=0 /CN=$(hostname)/O=server
verify return:1
---
Certificate chain
 0 s:/CN=$(hostname)/O=server
   i:/CN=MyTestCA
 1 s:/CN=MyTestCA
   i:/CN=MyTestCA
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIC5DCCAcygAwIBAgIBATANBgkqhkiG9w0BAQsFADATMREwDwYDVQQDEwhNeVRl
c3RDQTAeFw0xNzAxMTkxNjA1NDhaFw0xODAxMTkxNjA1NDhaMCcxFDASBgNVBAMU
CyQoaG9zdG5hbWUpMQ8wDQYDVQQKEwZzZXJ2ZXIwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC1WnL4V7VWwi9EytZT1UTR3ixQcXwCSWDe3aS8yk1KFadL
1ZPBgj3ZYDs/NwDX/KJ/d31yCgpwl/ZS6lWjn2Ect7BfHwKHd98L5SVl9Na2TPUP
73kLdITDYvJbACoQu+JT60CNPBXsTPww2L2OpFYUhDSXGwV721Y5rcaU9a2VPzjp
N0puT8qdxMmOz7Zp2WAjmkmSRpbOz2Z3/BbVI9zPMYLenmOeoLDOpM2vGqeLRSy1
ruBd7Rw3gFKvYN/flXZyfZkqrY5FOju6okp6n9KvnibnmgATS1OuSmADFS78x0Zz
XM7Cep23b4Ix+ckB4PzpAwRKsiWv534veN1lK42hAgMBAAGjLzAtMAkGA1UdEwQC
MAAwCwYDVR0PBAQDAgUgMBMGA1UdJQQMMAoGCCsGAQUFBwMBMA0GCSqGSIb3DQEB
CwUAA4IBAQBolBD+sy7H1SdtgGsS45eYp1zSEPlOEZLZhmCsN4zN4rG0Qo6SGEvd
cODk3hIWfglgb50oouGGebE84ReTSLQvFp9eGoIokB8azy2l25weZPvyPjjkdBiF
/XI3Wn/oJaRX9t2nnMZjQE14W22KqwGewMh0PywdLcjV6llqmFzZAQv6GTIvyOZw
QqCZjanYXGtyi3QSK6D1MxBaDW7hg4/WaUkNEhKVEQ6Vm3EvnvGVD6XZVP7RM7Iy
oN7wXuGlasoBx7Zs5sJh1/uNYyN2QHYKu8z5tLgXACzA9phNLeOGaimxIZIUAjnJ
IY08bwLeo/hbDKNA3hvyQlgSpy7t2U4o
-----END CERTIFICATE-----
subject=/CN=$(hostname)/O=server
issuer=/CN=MyTestCA
---
Acceptable client certificate CA names
/CN=MyTestCA
---
SSL handshake has read 1659 bytes and written 2163 bytes
---
New, TLSv1/SSLv3, Cipher is AES256-SHA
Server public key is 2048 bit
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1
    Cipher    : AES256-SHA
    Session-ID: 56CC3AB350BF91DB4CD2A89F62FD60322E553628C381E11B179BD9C8D22184BF
    Session-ID-ctx:
    Master-Key: 6FB8A241FD0A5C3ECCBE88DE4C36C412CBE5E8D58DAAB209D24438F72CCA7F9332511A277EBC0919775490057F46CCC7
    Key-Arg   : None
    Start Time: 1484921846
    Timeout   : 7200 (sec)
    Verify return code: 0 (ok)



                        
这篇关于RabbitMq和“致命错误:握手失败 -  handshake_decode_error”的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文
相关文章
其他开发语言最新文章
热门教程
热门工具
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆