我正在尝试使用 Go 建立一个简单的 TLS 连接,RabbitMQ 在尝试创建启用了 TLS 的连接(Go 客户端)时报告了这个问题:
rabbitmq_1 | 2018-04-16 13:37:54.146 [error] <0.537.0> ** State machine <0.537.0> terminating
rabbitmq_1 | ** Last event = {{call,{<0.362.0>,#Ref<0.2669730211.1202454530.228189>}},{new_user,<0.359.0>}}
rabbitmq_1 | ** When server state = {error,"tls_connection:format_status/2 crashed"}
rabbitmq_1 | ** Reason for termination = error:function_clause
rabbitmq_1 | ** Callback mode = state_functions
rabbitmq_1 | ** Stacktrace =
rabbitmq_1 | ** [{tls_connection,gen_handshake,[error,{call,{<0.362.0>,#Ref<0.2669730211.1202454530.228189>}},{new_user,<0.359.0>},{{options,{keyfil$
,"/certificates/server_key.pem",{error,eacces}}},{state,server,{#Ref<0.2669730211.1202454530.228187>,<0.362.0>},gen_tcp,tls_connection,tcp,tcp_closed,$
cp_error,"localhost",5671,#Port<0.26641>,{ssl_options,tls,[{3,3},{3,2},{3,1}],verify_none,{#Fun<ssl.8.51913203>,[]},#Fun<ssl.9.51913203>,false,false,u$
defined,1,<<"/certificates/server_certificate.pem">>,undefined,<<"/certificates/server_key.pem">>,undefined,[],undefined,<<"/certificates/ca_certifica$
e.pem">>,undefined,undefined,undefined,undefined,undefined,[<<"�,">>,<<"�0">>,<<"�$">>,<<"�(">>,<<"�.">>,<<"�2">>,<<"�&">>,<<"�*">>,<<204,20>>,<<204,1$
>>,<<204,21>>,<<0,159>>,<<0,163>>,<<0,107>>,<<0,106>>,<<0,157>>,<<0,61>>,<<"�+">>,<<"�/">>,<<"�#">>,<<"�'">>,<<"�-">>,<<"�1">>,<<"�%">>,<<"�)">>,<<0,1$
8>>,<<0,162>>,<<0,103>>,<<0,64>>,<<0,156>>,<<0,60>>,<<"�\n">>,<<192,20>>,<<0,57>>,<<0,56>>,<<192,5>>,<<192,15>>,<<0,53>>,<<"�\t">>,<<192,19>>,<<0,51>>$
<<0,50>>,<<192,4>>,<<192,14>>,<<0,47>>,<<"�\b">>,<<192,18>>,<<0,22>>,<<0,19>>,<<192,3>>,<<"�\r">>,<<0,10>>],#Fun<ssl.2.51913203>,true,268435456,false,$
rue,infinity,false,undefined,undefined,undefined,undefined,true,undefined,[],undefined,false,true,one_n_minus_one,undefined,false,{ssl_crl_cache,{inte$
nal,[]}},[{sha512,ecdsa},{sha512,rsa},{sha384,ecdsa},{sha384,rsa},{sha256,ecdsa},{sha256,rsa},{sha224,ecdsa},{sha224,rsa},{sha,ecdsa},{sha,rsa},{sha,ds
a}],{elliptic_curves,[{1,3,132,0,39},{1,3,132,0,38},{1,3,132,0,35},{1,3,36,3,3,2,8,1,1,13},{1,3,132,0,36},{1,3,132,0,37},{1,3,36,3,3,2,8,1,1,11},{1,3,1
32,0,34},{1,3,132,0,16},{1,3,132,0,17},{1,3,36,3,3,2,8,1,1,7},{1,3,132,0,10},{1,2,840,10045,3,1,7},{1,3,132,0,3},{1,3,132,0,26},{1,3,132,0,27},{1,3,132
,0,32},{1,3,132,0,33},{1,3,132,0,24},{1,3,132,0,25},{1,3,132,0,31},{1,2,840,10045,3,1,1},{1,3,132,0,1},{1,3,132,0,2},{1,3,132,0,15},{1,3,132,0,9},{1,3,
132,0,8},{1,3,132,0,30}]},false,false,262144},{socket_options,binary,raw,0,0,false},#{current_read => #{beast_mitigation => one_n_minus_one,cipher_stat
e => undefined,client_verify_data => undefined,compression_state => undefined,mac_secret => undefined,secure_renegotiation => undefined,security_parame
ters => {security_parameters,<<0,0>>,0,0,0,0,0,0,0,0,0,0,0,undefined,undefined,undefined,undefined},sequence_number => 0,server_verify_data => undefine
d},current_write => #{beast_mitigation => one_n_minus_one,cipher_state => undefined,client_verify_data => undefined,compression_state => undefined,mac_
secret => undefined,secure_renegotiation => undefined,security_parameters => {security_parameters,<<0,0>>,0,0,0,0,0,0,0,0,0,0,0,undefined,undefined,und
efined,undefined},sequence_number => 0,server_verify_data => undefined},pending_read => #{beast_mitigation => one_n_minus_one,cipher_state => undefined
,client_verify_data => undefined,compression_state => undefined,mac_secret => undefined,secure_renegotiation => undefined,security_parameters => {secur
ity_parameters,undefined,0,undefined,undefined,undefined,undefined,undefined,undefined,undefined,undefined,undefined,undefined,undefined,undefined,<<90
,212,167,50,197,80,21,183,229,252,83,2,191,100,222,147,149,112,255,82,15,77,192,185,123,46,121,210,16,197,219,183>>,undefined},server_verify_data => un
defined},pending_write => #{beast_mitigation => one_n_minus_one,cipher_state => undefined,client_verify_data => undefined,compression_state => undefine
d,mac_secret => undefined,secure_renegotiation => undefined,security_parameters => {security_parameters,undefined,0,undefined,undefined,undefined,undef
ined,undefined,undefined,undefined,...},...}},...}}],...},...]
rabbitmq_1 | 2018-04-16 13:37:54.146 [error] <0.537.0> CRASH REPORT Process <0.537.0> with 0 neighbours crashed with reason: no function clause matchi
ng tls_connection:gen_handshake(error, {call,{<0.362.0>,#Ref<0.2669730211.1202454530.228189>}}, {new_user,<0.359.0>}, {{options,{keyfile,"/certificates
/server_key.pem",{error,eacces}}},{state,server,{#Ref<0.2669730211.1202454530.228187>,...},...}}) line 714
rabbitmq_1 | 2018-04-16 13:37:54.148 [error] <0.203.0> Supervisor tls_connection_sup had child undefined started with {tls_connection,start_link,undef
ined} at <0.537.0> exit with reason no function clause matching tls_connection:gen_handshake(error, {call,{<0.362.0>,#Ref<0.2669730211.1202454530.22818
9>}}, {new_user,<0.359.0>}, {{options,{keyfile,"/certificates/server_key.pem",{error,eacces}}},{state,server,{#Ref<0.2669730211.1202454530.228187>,...}
,...}}) line 714 in context child_terminated
rabbitmq_1 | 2018-04-16 13:37:54.148 [error] <0.360.0> Supervisor {<0.360.0>,ranch_acceptors_sup} had child {acceptor,<0.360.0>,1} started with ranch_acceptor:start_link({sslsocket,nil,{#Port<0.26210>,{config,{ssl_options,tls,[{3,3},{3,2},{3,1}],verify_none,{#Fun<ssl.8..>,...},...},...}}}, ranch_ssl,
<0.359.0>) at <0.362.0> exit with reason {{function_clause,[{tls_connection,gen_handshake,[error,{call,{<0.362.0>,#Ref<0.2669730211.1202454530.228189>
}},{new_user,<0.359.0>},{{options,{keyfile,"/certificates/server_key.pem",{error,eacces}}},{state,server,{#Ref<0.2669730211.1202454530.228187>,<0.362.0
>},gen_tcp,tls_connection,tcp,tcp_closed,tcp_error,"localhost",5671,#Port<0.26641>,{ssl_options,tls,[{3,3},{3,2},{3,1}],verify_none,{#Fun<ssl.8.5191320
3>,[]},#Fun<ssl.9.51913203>,false,false,undefined,1,<<"/certificates/server_certifica...">>,...},...}}],...},...]},...} in context child_terminated
这是我的 Go 客户端:
package main
import (
"fmt"
"log"
"crypto/tls"
"crypto/x509"
"io/ioutil"
"github.com/streadway/amqp"
)
func failOnError(err error, msg string) {
if err != nil {
log.Fatalf("%s: %s", msg, err)
panic(fmt.Sprintf("%s: %s", msg, err))
}
}
func main() {
cfg := new(tls.Config)
cfg.RootCAs = x509.NewCertPool()
if ca, err := ioutil.ReadFile("/certificates/ca_certificate.pem"); err == nil {
cfg.RootCAs.AppendCertsFromPEM(ca)
}
if cert, err := tls.LoadX509KeyPair("/certificates/client_certificate.pem", "/certificates/client_key.pem"); err == nil {
cfg.Certificates = append(cfg.Certificates, cert)
}
conn, err := amqp.DialTLS("amqps://guest:guest@rabbitmq:5671", cfg)
failOnError(err, "Failed to connect to RabbitMQ")
defer conn.Close()
ch, err := conn.Channel()
failOnError(err, "Failed to open a channel")
defer ch.Close()
q, err := ch.QueueDeclare(
"hello", // name
false, // durable
false, // delete when unused
false, // exclusive
false, // no-wait
nil, // arguments
)
failOnError(err, "Failed to declare a queue")
msgs, err := ch.Consume(
q.Name, // queue
"", // consumer
true, // auto-ack
false, // exclusive
false, // no-local
false, // no-wait
nil, // args
)
failOnError(err, "Failed to register a consumer")
forever := make(chan bool)
go func() {
for d := range msgs {
log.Printf("Received a message: %s", d.Body)
}
}()
log.Printf(" [*] Waiting for messages. To exit press CTRL+C")
<-forever
}
这是我的 RabbitMQ 配置文件:
loopback_users.guest = false
listeners.tcp.default = 5672
hipe_compile = false
management.listener.port = 15672
management.listener.ssl = false
listeners.ssl.1 = 5671
ssl_options.cacertfile = /certificates/ca_certificate.pem
ssl_options.certfile = /certificates/server_certificate.pem
ssl_options.keyfile = /certificates/server_key.pem
我不了解 Erlang,也没有使用过 RabbitMQ 本身,甚至没有使用过 TLS,这个论坛帖子是我得到的最接近这个问题的帖子:
https://bugs.erlang.org/browse/ERL-539
有什么可能导致这种情况的想法吗?
一些额外的细节:
docker-compose 中运行最佳答案
这一行:
"/certificates/server_key.pem",{error,eacces}
这意味着RabbitMQ没有读取文件的权限,所以运行:
chmod 0644 /certificates/server_key.pem
解决了问题。
关于ssl - RabbitMQ TLS tls_connection :format_status/2 crashed,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/49859274/
我有一个对象has_many应呈现为xml的子对象。这不是问题。我的问题是我创建了一个Hash包含此数据,就像解析器需要它一样。但是rails自动将整个文件包含在.........我需要摆脱type="array"和我该如何处理?我没有在文档中找到任何内容。 最佳答案 我遇到了同样的问题;这是我的XML:我在用这个:entries.to_xml将散列数据转换为XML,但这会将条目的数据包装到中所以我修改了:entries.to_xml(root:"Contacts")但这仍然将转换后的XML包装在“联系人”中,将我的XML代码修改为
我正在尝试在ruby脚本中连接到服务器https://www.xpiron.com/schedule。但是,当我尝试连接时:require'open-uri'doc=open('https://www.xpiron.com/schedule')我收到以下错误消息:OpenSSL::SSL::SSLError:SSL_connectreturned=1errno=0state=SSLv2/v3readserverhelloA:sslv3alertunexpectedmessagefrom/usr/local/lib/ruby/1.9.1/net/http.rb:678:in`conn
如何通过HTTPClient使用持久HTTP连接?发送HTTP请求时是否只是设置KeepAlive的问题?文档指出支持持久连接,但没有告诉我们如何使用它们。 最佳答案 是availableinNet::HTTP如文档中所写,Net::HTTP.startimmediatelycreatesaconnectiontoanHTTPserverwhichiskeptopenforthedurationoftheblock.Theconnectionwillremainopenformultiplerequestsintheblockift
我正在使用Rails3.2.6和Stipe进行支付。是否有可能在不购买ssl证书的情况下进行付款。我可以使用Stripe页面作为我的支付页面吗? 最佳答案 您可以使用stripe.js在技术上跳过SSL但我强烈建议您设置SSL。它所做的是将信用卡信息直接传递给stripe,然后stripe会给你一个token,用于实际进行收费。这样做意味着信用卡信息永远不会接触您的服务器,您不必担心PCI合规性。但是,您仍应设置SSL以防止中间人攻击。您可以在https://stripe.com/docs/tutorials/forms找到有关如何
@scores_raw.eachdo|score_raw|#belowiscodeiftimewasbeingsentinmillisecondshh=((score_raw.score.to_i)/100)/3600mm=(hh-hh.to_i)*60ss=(mm-mm.to_i)*60crumbs=[hh,mm,ss]sum=crumbs.first.to_i*3600+crumbs[1].to_i*60+crumbs.last.to_i@scoressum,:hms=>hh.round.to_s+":"+mm.round.to_s+":"+ss.round.to_s}@score
尝试通过SSL连接到ImgurAPI时出现错误。这是代码和错误:API_URI=URI.parse('https://api.imgur.com')API_PUBLIC_KEY='Client-ID--'ENDPOINTS={:image=>'/3/image',:gallery=>'/3/gallery'}#Public:Uploadanimage##args-Theimagepathfortheimagetoupload#defupload(image_path)http=Net::HTTP.new(API_URI.host)http.use_ssl=truehttp.verify
我编写了一个使用ruby线程的代码。require'rubygems'require'net/http'require'uri'defget_response()uri=URI.parse('https://..........')http=Net::HTTP.new(uri.host,uri.port)http.use_ssl=true----------endt1=[]15.timesdo|i|t1[i]=Thread.new{hit_mdm(i)sleep(rand(0)/10.0)}endt1.each{|t|t.join}代码工作正常,但是当程序执行到最后时它会抛出以下错
我正在运行本地puma服务器,但无法在SSL下加载资源。我有一个本地签名的证书。我正在尝试使用以下配置运行服务器:puma-b'ssl://127.0.0.1:9292?key=/path/to/certs/localhost.unecrypted.key&cert=/path/to/certs/localhost.crt'现在,当我访问https://localhost:9292或https://127.0.0.1:9292时,浏览器只是旋转并且没有来自服务器的响应。不返回任何资源。它两次向我显示HTML标题标签,但几乎总是什么也得不到。有什么想法吗?其他想法?确实需要在本地运行此应
在安装了openssllib的linux机器上,当您执行带有“-nodes”选项的“opensslpkcs12”时,您将获得带有未加密私钥的输出,但如果您跳过–nodes选项,则输出将具有加密的私钥。e.g.opensslpkcs12-intest.pfx-outtest.pem你应该看到像下面这样加密的私钥-----BEGINENCRYPTEDPRIVATEKEY-----MIIFDjBABgkqhkiGG7s=-----ENDENCRYPTEDPRIVATEKEY-----如何使用ruby的开放ssl库实现上述目标?这就是我用ruby生成私钥的方式:@private_key
我正在尝试使用RubyEventMachine访问使用SSL证书身份验证的HTTPSWeb服务,但我没有让它工作。我编写了以下简单代码块来对其进行端到端测试:require'rubygems'require'em-http'EventMachine.rundourl='https://foobar.com/'ssl_opts={:private_key_file=>'/tmp/private.key',:cert_chain_file=>'/tmp/ca.pem',:verify_peer=>false}http=EventMachine::HttpRequest.new(url).g