“SSLError:[SSL] PEM lib (_ssl.c:2532)"是什么意思?意思是使用 Python ssl 库?

问题描述

我正在尝试使用 Python 3 asyncio 模块连接到另一方并收到此错误:

I am trying to use connect to another party using Python 3 asyncio module and get this error:

     36     sslcontext = ssl.SSLContext(ssl.PROTOCOL_TLSv1)
---> 37     sslcontext.load_cert_chain(cert, keyfile=ca_cert)
     38

SSLError: [SSL] PEM lib (_ssl.c:2532)

问题是错误的含义.我的证书是正确的,密钥文件(CA 证书)可能不正确.

The question is just what the error mean. My certificate is correct, the keyfile (CA certificate) might not.


解决方案

假设使用的是3.6版本:

Assuming that version 3.6 is being used:

参见:https://github.com/python/cpython/blob/3.6/Modules/_ssl.c#L3523-L3534

 PySSL_BEGIN_ALLOW_THREADS_S(pw_info.thread_state);
 r = SSL_CTX_check_private_key(self->ctx);
 PySSL_END_ALLOW_THREADS_S(pw_info.thread_state);
 if (r != 1) { 
    _setSSLError(NULL, 0, __FILE__, __LINE__);
    goto error;
 }

它的意思是 SSL_CTX_check_private_key 失败;因此,私钥不正确.

What it is saying is that SSL_CTX_check_private_key failed; thus, the private key is not correct.

参考可能的版本:

  • https://github.com/python/cpython/blob/3.4/Modules/_ssl.c#L2529-L2535

相关文章