python - GSM SSL 握手 ssl.py
问题描述
我正在通过 Python 脚本进行 SSL 连接。当我使用高速连接时,它是成功的,但是当使用慢速 GSM 连接时,我得到一个错误:
File "/usr/lib/python2.7/ssl.py", line 831, in do_handshake
self._sslobj.do_handshake()
我在 Linux (debian) 系统上使用 SIM800L 进行 GSM 连接。我可以通过终端中的“openssl s_client -connect ...”进行 SSL 连接,因此我认为 ssl.py 中设置了一些限制(似乎总是需要大约 60 秒才能出现上述错误)。
上述握手是否有约 60 秒的限制?如果是这样,如何增加?
编辑更多细节:
开 WIFI
Openssl 在几秒钟内连接。Python 脚本成功。
name@name:~ $ openssl s_client -connect string-ats.iot.eu-west-1.amazonaws.com:8883 -tls1_2 -CAfile /cert/AmazonRootCA1.pem -cert /cert/certificate.pem.key -key /证书/private.pem.key
CONNECTED(00000003)
depth=2 C = US, O = Amazon, CN = Amazon Root CA 1
verify return:1
depth=1 C = US, O = Amazon, OU = Server CA 1B, CN = Amazon
verify return:1
depth=0 CN = *.iot.eu-west-1.amazonaws.com
verify return:1
---
Certificate chain
0 s:CN = *.iot.eu-west-1.amazonaws.com
i:C = US, O = Amazon, OU = Server CA 1B, CN = Amazon
1 s:C = US, O = Amazon, OU = Server CA 1B, CN = Amazon
i:C = US, O = Amazon, CN = Amazon Root CA 1
2 s:C = US, O = Amazon, CN = Amazon Root CA 1
i:C = US, ST = Arizona, L = Scottsdale, O = "Starfield Technologies, Inc.", CN = Starfield Services Root Certificate Authority - G2
3 s:C = US, ST = Arizona, L = Scottsdale, O = "Starfield Technologies, Inc.", CN = Starfield Services Root Certificate Authority - G2
i:C = US, O = "Starfield Technologies, Inc.", OU = Starfield Class 2 Certification Authority
---
Server certificate
-----BEGIN CERTIFICATE-----
MI....3h9VY=
-----END CERTIFICATE-----
subject=CN = *.iot.eu-west-1.amazonaws.com
issuer=C = US, O = Amazon, OU = Server CA 1B, CN = Amazon
---
No client certificate CA names sent
Client Certificate Types: RSA sign, DSA sign, ECDSA sign
Requested Signature Algorithms: ECDSA+SHA512:RSA+SHA512:ECDSA+SHA384:RSA+SHA384:ECDSA+SHA256:RSA+SHA256:DSA+SHA256:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:ECDSA+SHA1:RSA+SHA1:DSA+SHA1
Shared Requested Signature Algorithms: ECDSA+SHA512:RSA+SHA512:ECDSA+SHA384:RSA+SHA384:ECDSA+SHA256:RSA+SHA256:DSA+SHA256:ECDSA+SHA224:RSA+SHA224:DSA+SHA224
Peer signing digest: SHA256
Peer signature type: RSA
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 5400 bytes and written 1514 bytes
Verification: OK
---
New, TLSv1.2, Cipher is ECDHE-RSA-AES128-GCM-SHA256
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES128-GCM-SHA256
Session-ID: 51...9
Session-ID-ctx:
Master-Key: 9...F
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1598423483
Timeout : 7200 (sec)
Verify return code: 0 (ok)
Extended master secret: yes
---
名称@名称:~ $ sudo python /application/awsiotpub.py
Loaded MQTT configuration information.
Endpoint URL: string-ats.iot.eu-west-1.amazonaws.com
Root Cert: /cert/AmazonRootCA1.pem
Device Cert: /cert/certificate.pem.key
Private Key: /cert/private.pem.key
Connecting to AWS IoT Broker...
ssl.py : SSLSocket.__init__ if connected
ssl.py : SSLSocket.__init__ if connected, self._sslobj = :
<_ssl._SSLSocket object at 0xb62480c0>
ssl.py - do_handshake()
ssl.py - do_handshake() - _check_connected START
ssl.py - do_handshake() - _check_connected DONE
ssl.py - do_handshake() - try do_handshake() START
ssl.py - do_handshake() - try do_handshake() DONE
Connected with status: 0
True
Publishing...
Published: 123
在 GSM 上
Openssl 在67sec后成功连接。约 60 秒后,Python 脚本在 ssl.py 握手时失败。
name@name:~ $ openssl s_client -connect string-ats.iot.eu-west-1.amazonaws.com:8883 -tls1_2 -CAfile /cert/AmazonRootCA1.pem -cert /cert/certificate.pem.key -key /证书/private.pem.key
CONNECTED(00000003)
.....
名称@名称:~ $ sudo python /application/awsiotpub.py
Loaded MQTT configuration information.
Endpoint URL: string-ats.iot.eu-west-1.amazonaws.com
Root Cert: /cert/AmazonRootCA1.pem
Device Cert: /cert/certificate.pem.key
Private Key: /cert/private.pem.key
Connecting to AWS IoT Broker...
ssl.py : SSLSocket.__init__ if connected
ssl.py : SSLSocket.__init__ if connected, self._sslobj = :
<_ssl._SSLSocket object at 0xb62480c0>
ssl.py - do_handshake()
ssl.py - do_handshake() - _check_connected START
ssl.py - do_handshake() - _check_connected DONE
ssl.py - do_handshake() - try do_handshake() START
ssl.py - do_handshake() - finally settimeout START
ssl.py - do_handshake() - finally settimeout DONE
Traceback (most recent call last):
File "awsiotpub.py", line 40, in <module>
Client.connect(mqtt_url, port = 8883, keepalive=240)
File "../paho/mqtt/client.py", line 937, in connect
Return self.reconnect()
File "../paho/mqtt/client.py" line 1100, in reconnect
Sock.do_handshake()
File "/user/lib/python2.7/ssl.py", line 839, in do_handshake
Self._sslobj.do_handshake()
Soket.error: [Errno 0] Error
握手的 ssl.py 提取
.
.
.
def do_handshake(self, block=False):
"""Perform a TLS/SSL handshake."""
print("ssl.py - do_handshake()")
print("ssl.py - do_handshake() - _check_connected START")
self._check_connected()
print("ssl.py - do_handshake() - _check_connected DONE")
timeout = self.gettimeout()
try:
if timeout == 0.0 and block:
print("ssl.py - do_handshake() - if timeout == 0.0")
self.settimeout(None)
print("ssl.py - do_handshake() - try do_handshake() START")
self._sslobj.do_handshake()
print("ssl.py - do_handshake() - try do_handshake() DONE")
finally:
print("ssl.py - do_handshake() - finally settimeout START")
self.settimeout(timeout)
print("ssl.py - do_handshake() - finally settimeout DONE")
if self.context.check_hostname:
print("ssl.py - do_handshake() - context.check_hostname START")
if not self.server_hostname:
print("ssl.py - do_handshake() - context.check_hostname - if not server_hostname")
raise ValueError("check_hostname needs server_hostname "
"argument")
match_hostname(self.getpeercert(), self.server_hostname)
print("ssl.py - do_handshake() - context.check_hostname DONE")
.
.
.
解决方案
推荐阅读
- javascript - 您可以在 chrome devtool 中查看以前/当前的值吗?
- javascript - 在 Firebase 存储上完成上传后如何获取下载 URL
- java - 如何使用流计算列表的总和?
- mysql - 仅当状态更改为与先前相反的值时才对行进行分组
- excel - VBA excel连接数组UDF的有效方法
- mips - 多 MIPS 平台编译
- javascript - 按钮的背景图像不会缩小
- django - 如何使用 taggit-selectize 以便所有用户制作的标签都显示在自动完成中?
- python - 8皇后拼图的遗传算法
- python - python kivy在for循环中生成链接到jsonstore项目的按钮