来自文档的Python SSL示例给出“对等重置连接”错误
[英]Python SSL example from docs gives “Connection reset by peer” error
问题描述
I'm trying to run the example code provided in the documentation for the ssl module here: http://docs.python.org/2/library/ssl.html#client-side-operation 
我试图在此处运行ssl模块的文档中提供的示例代码: http : //docs.python.org/2/library/ssl.html#client-side-operation
The server-side code is similar to the example given in the documentation, and it throws this exception: 服务器端代码与文档中给出的示例相似,并且抛出此异常:
Traceback (most recent call last):
File "serve.py", line 16, in <module>
ssl_version=ssl.PROTOCOL_TLSv1)
File "/usr/lib/python2.7/ssl.py", line 381, in wrap_socket
ciphers=ciphers)
File "/usr/lib/python2.7/ssl.py", line 143, in __init__
self.do_handshake()
File "/usr/lib/python2.7/ssl.py", line 305, in do_handshake
self._sslobj.do_handshake()
socket.error: [Errno 104] Connection reset by peer
And the client-side code, also similar to the example in the documentation, throws this exception: 客户端代码(也类似于文档中的示例)抛出此异常:
Traceback (most recent call last):
File "client.py", line 8, in <module>
ssl_sock.connect((host, port))
File "/usr/lib/python2.7/ssl.py", line 331, in connect
self._real_connect(addr, False)
File "/usr/lib/python2.7/ssl.py", line 324, in _real_connect
raise e
socket.error: [Errno 104] Connection reset by peer
As far as I can see, I've copied the examples provided in the documentation quite closely, so I don't know what the problem is. 据我所知,我已经非常接近地复制了文档中提供的示例,所以我不知道问题出在哪里。 All of my TCP, UDP and ICMP ports are open, so I don't think it is a firewall issue. 我所有的TCP,UDP和ICMP端口都是开放的,因此我认为这不是防火墙问题。
(I've edited this question to cut out my code for brevity, as it really is quite similar to the example provided in the link. If you want to see my code, look at the history of this question.) (为了简化起见,我已经编辑了这个问题,以简化我的代码,因为它确实与链接中提供的示例非常相似。如果要查看我的代码,请查看此问题的历史记录。)
1 个解决方案
解决方案1
5 已采纳 2013-04-12 09:12:06
I found the problem. 我发现了问题。 I generated the private key and the certificate using command like this: 我使用如下命令生成了私钥和证书:
$ openssl req -new -x509 -days 365 -nodes -out cert.pem -keyout key.pem
Generating a 1024 bit RSA private key
# ...
Country Name (2 letter code) [AU]:US
State or Province Name (full name) [Some-State]:MyState
Locality Name (eg, city) []:Some City
Organization Name (eg, company) [Internet Widgits Pty Ltd]:My Organization, Inc.
Organizational Unit Name (eg, section) []:My Group
Common Name (eg, YOUR name) []:myserver.mygroup.myorganization.com
Email Address []:ops@myserver.mygroup.myorganization.com
$
The crucial part is that the "common name" entered must match the domain name of the server. 关键部分是输入的“公用名”必须与服务器的域名匹配。 I thought that when cacerts is ssl.CERT_NONE , which it is by default for wrap_socket , this wouldn't be checked, but I was wrong. 我以为当cacerts是ssl.CERT_NONE时(默认情况下是wrap_socket ,将不会进行检查,但是我错了。 It's always checked. 它总是被检查。 One night's sleep and it's the first thing I thought of to verify! 一晚的睡眠,这是我想到验证的第一件事!
Hopefully this will be useful to someone else who gets this cryptic error message. 希望这对收到此错误消息的其他人有用。
If this doesn't solve it, you might be suffering from deep packet inspection . 如果这不能解决问题,则可能是您在进行深度数据包检查 。 I got this error again when I was on a university network, but not on any other network, and I'm fairly certain it was because of deep packet inspection. 当我在大学网络上,但在其他任何网络上都没有时,我再次遇到此错误,我可以肯定这是由于深度数据包检查所致。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.