我正在为 RabbitMQ 设置 TLS 并遇到握手问题。
关于建立连接的 RabbitMq 显示
error on AMQP connection <0.1019.0>: {ssl_upgrade_failure,
{{{badmatch,
{error,
{asn1,
{'Type not compatible with table constraint',
{{component,'Type'},
{value,{5,<<>>}},
{unique_name_and_value,id,
{1,2,840,113549,1,1,11}}}}}}},
[{public_key,pkix_decode_cert,2},
{ssl_cipher,filter,2},
{ssl_handshake,select_session,8},
{ssl_handshake,hello,4},
{ssl_connection,hello,2},
{ssl_connection,next_state,3},
{gen_fsm,handle_msg,7},
{proc_lib,init_p_do_apply,3}]},
{gen_fsm,sync_send_all_state_event,
[<0.1020.0>,start,5000]}}} (unknown POSIX error)
问题 1)这是一个二郎问题。我运行一个相当旧的 erlang 版本。 (Erlang R14B04 (erts-5.8.5)) ?
2) 是否是 TLS 版本的问题?
额外信息:
ssl:versions().
[{ssl_app,"4.1.6"},
{supported,[tlsv1,sslv3]},
{available,[tlsv1,sslv3]}]
rabbitMq 配置:
{ssl_listeners, [5671]},
{ssl_options, [{cacertfile,"/etc/rabbitmq/certs/dev/ca_certificate.pem"},
{certfile, "/etc/rabbitmq/certs/dev/server_certificate.pem"},
{keyfile, "/etc/rabbitmq/certs/dev/server_key.pem"},
{verify, verify_none},
{depth, 3},
{versions, ['tlsv1.1', 'tlsv1']},
{fail_if_no_peer_cert, false}]}
另外,关于运行
openssl s_client -connect localhost:5672 -cert client_certificate.pem -key client_key.pem -CAfile ca_certificate.pem
CONNECTED(00000003)
139969158874952:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:s23_clnt.c:769:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 247 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE`enter code here`
Expansion: NONE
---
感谢所有帮助!
最佳答案
升级到最新版本的 Erlang 修复了 TLS 问题。
关于ssl - 类型与表约束不兼容的 RabbitMq TLS/SSL 连接错误,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/57367831/