猿问

asyncio 挂在 SSL 握手上

我目前正在将一些遗留代码迁移到 asyncio 并遇到有关 SSL 握手的问题。


我正在创建一个 SSL 服务器:


import os

import socket

import asyncio


from myexample import Connection


storage_path = '.' # Path where certificates are stored (self-signed)


ssl_context = ssl.SSLContext(ssl.PROTOCOL_TLSv1_2)


ssl_context.load_verify_locations(

    cafile = os.path.join(storage_path, 'root.cert')

)


ssl_context.load_cert_chain(

    certfile = os.path.join(storage_path, 'test-server.cert'), 

    keyfile  = os.path.join(storage_path, 'test-server.key')

)


ssl_context.verify_mode = ssl.VerifyMode.CERT_REQUIRED


loop = asyncio.new_event_loop()

loop.set_debug(True)

async def create_server_wrapped():

    server = await self.loop.create_server(

        Connection, # Connection class; Doesn't matter which one, issue also happens with examples from Python wiki

        '127.0.0.1', 

        20000,

        ssl = ssl_context,

        reuse_port      = True,

        reuse_address   = False,

        backlog         = 1000

    )

    await server.serve_forever()


loop.run_until_complete(create_server_wrapped())

loop.run_forever()

我通过普通插座连接:


import os

import ssl

import socket


storage_path = '.' # Path where certificates are stored (self-signed)


cert_file   = os.path.join(storage_path, 'client.cert')

pkey_file   = os.path.join(storage_path, 'client.key')


context = ssl.create_default_context(

    purpose = ssl.Purpose.SERVER_AUTH, 

    cafile = os.path.join(storage_path, 'root.cert')

)

context.load_cert_chain(cert_file, pkey_file)

context.check_hostname = False # Connecting by IP


plain_socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM)


plain_socket.settimeout(5)

if not plain_socket.getsockopt(socket.SOL_SOCKET, socket.SO_KEEPALIVE):

    plain_socket.setsockopt(socket.SOL_SOCKET, socket.SO_KEEPALIVE, 1)

    plain_socket.setsockopt(socket.SOL_TCP, socket.TCP_KEEPINTVL, 2)

    

sock = context.wrap_socket(plain_socket, server_side = False)


sock.connect(('127.0.0.1', 20700))

尝试连接时,大多数时候我会得到一个socket.error: _ssl.c:1039: The handshake operation timed out


慕运维8079593
浏览 131回答 1
1回答

开满天机

问题是通过启用reuse_port. 虽然这是想要的行为(使用同一端口运行多个进程以实现负载平衡),但它会以某种方式导致问题。禁用它并利用正常的负载平衡解决了我遇到的问题。
随时随地看视频慕课网APP

相关分类

Python
我要回答