设置 SSL 时 RabbitMQ 的鼠兔握手失败

我正在服务器和客户端上的 RabbitMQ 上设置 SSL 层。但客户端在创建与服务器的连接时失败。此时，我正在本地 docker 上运行 RabbitMQ 服务器，并使用 conda 环境在本地运行客户端。

RabbitMQ 服务器启动后，我看到安全连接正在接受传入连接：

test-rabbitmq-1  | 2023-01-20 08:22:01.692731+00:00 [info] <0.726.0> started TCP listener on [::]:5672
test-rabbitmq-1  | 2023-01-20 08:22:01.694836+00:00 [info] <0.746.0> started TLS (SSL) listener on [::]:7575

但客户端拒绝连接：

(rabbitmq-test) ➜  RabbitMQ-TSL ✗ python3 test.py
Enter PEM pass phrase: ********
INFO:pika.adapters.utils.connection_workflow:Pika version 1.3.1 connecting to ('127.0.0.1', 7575)
INFO:pika.adapters.utils.io_services_utils:Socket connected: <socket.socket fd=6, family=AddressFamily.AF_INET, type=SocketKind.SOCK_STREAM, proto=6, laddr=('127.0.0.1', 43142), raddr=('127.0.0.1', 7575)>
ERROR:pika.adapters.utils.io_services_utils:SSL do_handshake failed: error=SSLZeroReturnError(6, 'TLS/SSL connection has been closed (EOF) (_ssl.c:997)'); <ssl.SSLSocket fd=6, family=AddressFamily.AF_INET, type=SocketKind.SOCK_STREAM, proto=6, laddr=('127.0.0.1', 43142), raddr=('127.0.0.1', 7575)>
Traceback (most recent call last):
  File "/.../.local/lib/python3.10/site-packages/pika/adapters/utils/io_services_utils.py", line 636, in _do_ssl_handshake
    self._sock.do_handshake()
  File "/usr/lib/python3.10/ssl.py", line 1342, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLZeroReturnError: TLS/SSL connection has been closed (EOF) (_ssl.c:997)
ERROR:pika.adapters.utils.connection_workflow:Attempt to create the streaming transport failed: SSLZeroReturnError(6, 'TLS/SSL connection has been closed (EOF) (_ssl.c:997)'); 'localhost'/(<AddressFamily.AF_INET: 2>, <SocketKind.SOCK_STREAM: 1>, 6, '', ('127.0.0.1', 7575)); ssl=True
ERROR:pika.adapters.utils.connection_workflow:AMQPConnector - reporting failure: AMQPConnectorTransportSetupError: SSLZeroReturnError(6, 'TLS/SSL connection has been closed (EOF) (_ssl.c:997)')
ERROR:pika.adapters.utils.connection_workflow:AMQP connection workflow failed: AMQPConnectionWorkflowFailed: 1 exceptions in all; last exception - AMQPConnectorTransportSetupError: SSLZeroReturnError(6, 'TLS/SSL connection has been closed (EOF) (_ssl.c:997)'); first exception - None.
ERROR:pika.adapters.utils.connection_workflow:AMQPConnectionWorkflow - reporting failure: AMQPConnectionWorkflowFailed: 1 exceptions in all; last exception - AMQPConnectorTransportSetupError: SSLZeroReturnError(6, 'TLS/SSL connection has been closed (EOF) (_ssl.c:997)'); first exception - None
ERROR:pika.adapters.blocking_connection:Connection workflow failed: AMQPConnectionWorkflowFailed: 1 exceptions in all; last exception - AMQPConnectorTransportSetupError: SSLZeroReturnError(6, 'TLS/SSL connection has been closed (EOF) (_ssl.c:997)'); first exception - None
ERROR:pika.adapters.blocking_connection:Error in _create_connection().
Traceback (most recent call last):
  File "/.../.local/lib/python3.10/site-packages/pika/adapters/blocking_connection.py", line 451, in _create_connection
    raise self._reap_last_connection_workflow_error(error)
  File "/.../.local/lib/python3.10/site-packages/pika/adapters/utils/io_services_utils.py", line 636, in _do_ssl_handshake
    self._sock.do_handshake()
  File "/usr/lib/python3.10/ssl.py", line 1342, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLZeroReturnError: TLS/SSL connection has been closed (EOF) (_ssl.c:997)
Traceback (most recent call last):
  File "/.../test.py", line 16, in <module>
    with pika.BlockingConnection(conn_params) as conn:
  File "/.../.local/lib/python3.10/site-packages/pika/adapters/blocking_connection.py", line 360, in __init__
    self._impl = self._create_connection(parameters, _impl_class)
  File "/.../.local/lib/python3.10/site-packages/pika/adapters/blocking_connection.py", line 451, in _create_connection
    raise self._reap_last_connection_workflow_error(error)
  File "/.../.local/lib/python3.10/site-packages/pika/adapters/utils/io_services_utils.py", line 636, in _do_ssl_handshake
    self._sock.do_handshake()
  File "/usr/lib/python3.10/ssl.py", line 1342, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLZeroReturnError: TLS/SSL connection has been closed (EOF) (_ssl.c:997)

知道我在 pika 或 RabbitMQ 服务器上没有正确设置什么吗？

在服务器端，我将 SSL 层设置为：

docker compose 文件包含：

# Enable AMQPS listeners.ssl.default = 7575 ssl_options.cacertfile = /etc/rabbitmq/cer/ca_certificate.pem ssl_options.certfile = /etc/rabbitmq/cer/server_certificate.pem ssl_options.keyfile = /etc/rabbitmq/cer/server_key.pem ssl_options.verify = verify_peer ssl_options.fail_if_no_peer_cert = true # Enable HTTPS management.listener.port = 15671 management.listener.ssl = true management.listener.ssl_opts.cacertfile = /etc/rabbitmq/cer/ca_certificate.pem management.listener.ssl_opts.certfile = /etc/rabbitmq/cer/server_certificate.pem management.listener.ssl_opts.keyfile = /etc/rabbitmq/cer/server_key.pem

然后，简单来说，我使用 

中的演示客户端： version: '3.8' services: rabbitmq: image: rabbitmq:3-management hostname: rabbitmq-server volumes: - ./rabbitmq-config/rabbitmq-cert:/etc/rabbitmq/cer - ./rabbitmq-config/rabbitmq.conf:/etc/rabbitmq/rabbitmq.conf - ./rabbitmq/data:/var/lib/rabbitmq/mnesia/rabbit@my-rabbit - ./rabbitmq/logs:/var/log/rabbitmq/log ports: - 5672:5672 - 7575:7575 - 15672:15672