我目前正在将一些遗留代码迁移到 asyncio 并遇到有关 SSL 握手的问题。我正在创建一个 SSL 服务器:import osimport socketimport asynciofrom myexample import Connectionstorage_path = '.' # Path where certificates are stored (self-signed)ssl_context = ssl.SSLContext(ssl.PROTOCOL_TLSv1_2)ssl_context.load_verify_locations( cafile = os.path.join(storage_path, 'root.cert'))ssl_context.load_cert_chain( certfile = os.path.join(storage_path, 'test-server.cert'), keyfile = os.path.join(storage_path, 'test-server.key'))ssl_context.verify_mode = ssl.VerifyMode.CERT_REQUIREDloop = asyncio.new_event_loop()loop.set_debug(True)async def create_server_wrapped(): server = await self.loop.create_server( Connection, # Connection class; Doesn't matter which one, issue also happens with examples from Python wiki '127.0.0.1', 20000, ssl = ssl_context, reuse_port = True, reuse_address = False, backlog = 1000 ) await server.serve_forever()loop.run_until_complete(create_server_wrapped())loop.run_forever()我通过普通插座连接:import osimport sslimport socketstorage_path = '.' # Path where certificates are stored (self-signed)cert_file = os.path.join(storage_path, 'client.cert')pkey_file = os.path.join(storage_path, 'client.key')context = ssl.create_default_context( purpose = ssl.Purpose.SERVER_AUTH, cafile = os.path.join(storage_path, 'root.cert'))context.load_cert_chain(cert_file, pkey_file)context.check_hostname = False # Connecting by IPplain_socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM)plain_socket.settimeout(5)if not plain_socket.getsockopt(socket.SOL_SOCKET, socket.SO_KEEPALIVE): plain_socket.setsockopt(socket.SOL_SOCKET, socket.SO_KEEPALIVE, 1) plain_socket.setsockopt(socket.SOL_TCP, socket.TCP_KEEPINTVL, 2) sock = context.wrap_socket(plain_socket, server_side = False)sock.connect(('127.0.0.1', 20700))尝试连接时,大多数时候我会得到一个socket.error: _ssl.c:1039: The handshake operation timed out
1 回答
开满天机
TA贡献1786条经验 获得超13个赞
问题是通过启用reuse_port. 虽然这是想要的行为(使用同一端口运行多个进程以实现负载平衡),但它会以某种方式导致问题。
禁用它并利用正常的负载平衡解决了我遇到的问题。
添加回答
举报
0/150
提交
取消