无法通过 python 3 的 pymqi 版本使用 SSL 连接到 public 队列

Can not connect to the public queue using SSL via pymqi version for python 3

我已经成功地使用以下 python 代码与 Python2 的旧 pymqi 版本建立了到 public 队列的连接:

import logging

import pymqi

logging.basicConfig(level=logging.INFO)

queue_manager = 'QM1'
channel = 'BZU.UAT.CHNL'
host = '245.274.46.56'
port = '1416'
queue_name = 'BZU.UAT.QUEUE'
conn_info = '%s(%s)' % (host, port)
ssl_cipher_spec = 'TLS_RSA_WITH_3DES_EDE_CBC_SHA'
key_repo_location = 'D:\App\BZU\keydb\key'
message = 'Hello from Python!'

cd = pymqi.CD()
cd.ChannelName = channel
cd.ConnectionName = conn_info
cd.ChannelType = pymqi.CMQC.MQCHT_CLNTCONN
cd.TransportType = pymqi.CMQC.MQXPT_TCP
cd.SSLCipherSpec = ssl_cipher_spec
cd.UserIdentifier = 'BZU'
cd.Password = ''

sco = pymqi.SCO()
sco.KeyRepository = key_repo_location

qmgr = pymqi.QueueManager(None)
qmgr.connect_with_options(queue_manager, cd, sco)

put_queue = pymqi.Queue(qmgr, queue_name)
put_queue.put(message)

get_queue = pymqi.Queue(qmgr, queue_name)
logging.info('Here is the message again: [%s]' % get_queue.get())

put_queue.close()
get_queue.close()
qmgr.disconnect()

不幸的是,此代码不适用于 Python 3 的 pymqi 版本 1.9.3。 在这种情况下,我收到以下错误消息:

Traceback (most recent call last):
  File ".\mq_conn_with_ssl.py", line 33, in <module>
    qmgr.connect_with_options(queue_manager, cd, sco)
  File "D:\App\BZU\arn-basis-common\py\pymqi\__init__.py", line 1347, in connect_with_options
    raise MQMIError(rv[1], rv[2])
pymqi.MQMIError: MQI Error. Comp: 2, Reason 2393: FAILED: MQRC_SSL_INITIALIZATION_ERROR

我必须将此代码中的所有字符串都转换为字节,因为程序要求所有字符串都为字节。 示例:

queue_manager = b'QM1'


在您的评论中,您发现 AMQERR01.LOG 文件中存在以下错误:

AMQ9716: Remote SSL certificate revocation status check failed for channel 'BZU.UAT.CHNL'.

比较工作服务器和非工作服务器上的 mqclient.ini 文件,了解 SSL: 节中可能导致 OCSP 检查失败的差异。

可以在 IBM MQ 知识中心页面 IBM MQ>Configuring>Configuring connections between the server and clients>Configuring a client using a configuration file>Location of the client configuration file 中找到 mqclient.ini 文件的位置。请参阅下面的摘要:

  1. The location specified by the environment variable MQCLNTCF.
  2. A file called mqclient.ini in the present working directory of the application.
  3. A file called mqclient.ini in the IBM MQ data directory for Windows, UNIX and Linux systems.
  4. A file called mqclient.ini in a standard directory appropriate to the platform, and accessible to users:

有关 mqclient.iniSSL 节的文档可以在 IBM MQ 知识中心页面 IBM MQ>Configuring>Configuring connections between the server and clients>Configuring a client using a configuration file>SSL stanza of the client configuration file 中找到。请参阅下面的摘要:

OCSPAuthentication = OPTIONAL | REQUIRED | WARN

OCSPCheckExtensions = YES | NO

SSLHTTPProxyName = string