SSLError:Python服务器故障(HTTP_REQUEST_ssl.c:777)

2024-03-29 12:30:26 发布

您现在位置:Python中文网/ 问答频道 /正文

我的应用程序有一个等待连接的服务器,如下所示:

sckt = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
server = ('', port_server)
sckt.bind(server)
sckt.listen(5)
try:
    while True:
        new_sckt, client = sckt.accept()
        conn = ssl.wrap_socket(new_sckt, server_side=True, ca_certs=certClient, cert_reqs=ssl.CERT_REQUIRED, certfile=certServer, keyfile=keyServer)
        _thread.start_new_thread(self.waitUserCommand, tuple([conn, client]))
finally:
    conn.close()

客户端通过以下方式连接到服务器:

^{pr2}$

在某些客户端连接之后发生故障,并显示以下消息:

Traceback (most recent call last):
  File "server.py", line 260, in <module>
    server.startServer()
  File "server.py", line 90, in startServer
    keyfile=keyServer)
  File "/usr/local/lib/python3.6/ssl.py", line 1149, in wrap_socket
    ciphers=ciphers)
  File "/usr/local/lib/python3.6/ssl.py", line 814, in __init__
    self.do_handshake()
  File "/usr/local/lib/python3.6/ssl.py", line 1068, in do_handshake
    self._sslobj.do_handshake()
  File "/usr/local/lib/python3.6/ssl.py", line 689, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL: HTTP_REQUEST] http request (_ssl.c:777)

值得一提的是,此错误发生在连接结束之后和下一个连接开始之前。i、 例如,客户机离线,服务器只等待一个新的连接(不执行任何操作)。此外,我的应用程序使用了另一个以类似方式工作的服务器,但在我的实验中没有发生任何故障。在


Tags: inpyself服务器sslserverlibusr
1条回答
网友
1楼 · 发布于 2024-03-29 12:30:26

让我们调试一下。在

握手():

错误:

SSL_R_HTTP_REQUEST

让我们看看openssl的来源:

git clone git://git.openssl.org/openssl.git
cd openssl

HTTP_请求在哪里:

^{pr2}$

openssl中发生了什么:

 ➜  openssl git:(master) grep -Rn 'SSL_R_HTTP_REQUEST' -A 20 -B 20 openssl/ssl/record/ssl3_record.c
openssl/ssl/record/ssl3_record.c-296-                        /*
openssl/ssl/record/ssl3_record.c-297-                         * Send back error using their minor version number :-)
openssl/ssl/record/ssl3_record.c-298-                         */
openssl/ssl/record/ssl3_record.c-299-                        s->version = (unsigned short)version;
openssl/ssl/record/ssl3_record.c-300-                    }
openssl/ssl/record/ssl3_record.c-301-                    SSLfatal(s, SSL_AD_PROTOCOL_VERSION, SSL_F_SSL3_GET_RECORD,
openssl/ssl/record/ssl3_record.c-302-                             SSL_R_WRONG_VERSION_NUMBER);
openssl/ssl/record/ssl3_record.c-303-                    return -1;
openssl/ssl/record/ssl3_record.c-304-                }
openssl/ssl/record/ssl3_record.c-305-
openssl/ssl/record/ssl3_record.c-306-                if ((version >> 8) != SSL3_VERSION_MAJOR) {
openssl/ssl/record/ssl3_record.c-307-                    if (RECORD_LAYER_is_first_record(&s->rlayer)) {
openssl/ssl/record/ssl3_record.c-308-                        /* Go back to start of packet, look at the five bytes
openssl/ssl/record/ssl3_record.c-309-                         * that we have. */
openssl/ssl/record/ssl3_record.c-310-                        p = RECORD_LAYER_get_packet(&s->rlayer);
openssl/ssl/record/ssl3_record.c-311-                        if (strncmp((char *)p, "GET ", 4) == 0 ||
openssl/ssl/record/ssl3_record.c-312-                            strncmp((char *)p, "POST ", 5) == 0 ||
openssl/ssl/record/ssl3_record.c-313-                            strncmp((char *)p, "HEAD ", 5) == 0 ||
openssl/ssl/record/ssl3_record.c-314-                            strncmp((char *)p, "PUT ", 4) == 0) {
openssl/ssl/record/ssl3_record.c-315-                            SSLfatal(s, SSL_AD_NO_ALERT, SSL_F_SSL3_GET_RECORD,
openssl/ssl/record/ssl3_record.c:316:                                     SSL_R_HTTP_REQUEST);
openssl/ssl/record/ssl3_record.c-317-                            return -1;
openssl/ssl/record/ssl3_record.c-318-                        } else if (strncmp((char *)p, "CONNE", 5) == 0) {
openssl/ssl/record/ssl3_record.c-319-                            SSLfatal(s, SSL_AD_NO_ALERT, SSL_F_SSL3_GET_RECORD,
openssl/ssl/record/ssl3_record.c-320-                                     SSL_R_HTTPS_PROXY_REQUEST);
openssl/ssl/record/ssl3_record.c-321-                            return -1;
openssl/ssl/record/ssl3_record.c-322-                        }
openssl/ssl/record/ssl3_record.c-323-
openssl/ssl/record/ssl3_record.c-324-                        /* Doesn't look like TLS - don't send an alert */
openssl/ssl/record/ssl3_record.c-325-                        SSLfatal(s, SSL_AD_NO_ALERT, SSL_F_SSL3_GET_RECORD,
openssl/ssl/record/ssl3_record.c-326-                                 SSL_R_WRONG_VERSION_NUMBER);
openssl/ssl/record/ssl3_record.c-327-                        return -1;
openssl/ssl/record/ssl3_record.c-328-                    } else {
openssl/ssl/record/ssl3_record.c-329-                        SSLfatal(s, SSL_AD_PROTOCOL_VERSION,
openssl/ssl/record/ssl3_record.c-330-                                 SSL_F_SSL3_GET_RECORD,
openssl/ssl/record/ssl3_record.c-331-                                 SSL_R_WRONG_VERSION_NUMBER);
openssl/ssl/record/ssl3_record.c-332-                        return -1;
openssl/ssl/record/ssl3_record.c-333-                    }
openssl/ssl/record/ssl3_record.c-334-                }

暂定答案

ssl服务器需要一个HTTP响应,但在服务器响应时却没有收到响应?其他要问的问题是什么版本的OpenSSL?Python3.6的具体版本是什么?在

为什么它看不见?公司名称:

strncmp((char *)p, "GET ", 4) == 0 ||
strncmp((char *)p, "POST ", 5) == 0 ||
strncmp((char *)p, "HEAD ", 5) == 0 ||
strncmp((char *)p, "PUT ", 4) == 0)

也许,没有客户机连接,错误没有在空套接字请求上处理,或者类似的情况?在

相关问题 更多 >