使用 SSL/TLS 时 Qpid-CPP "No Protocol Received after 10s, closing"
Qpid-CPP "No Protocol Received after 10s, closing" when using SSL/TLS
我目前正在升级遗留应用程序的 QPID 通信以支持 SSL/TLS 通过 x.509 证书进行加密。我得到了一个虚拟机来测试,我想我已经解决了大部分问题。然而,在我启动我的应用程序的 10 次中,Qpid C++ 代码可能会拒绝打开与其他虚拟机的任何连接,也不会为我的应用程序托管的交换打开任何连接。
通过多次重启我的应用程序,我能够(最终)强制出现这个问题。处于此错误状态时,我不仅无法与我的测试 VM 通信,而且我也无法为我自己的交换打开连接并看到很多日志,例如“[System] error Connection qpid.10.43.1.10:31111-10.43 .1.11:51564 10 秒后未收到协议,关闭”这两个都是内部 IP 地址。
当我使用“log-enable=trace+:Protocol”启用协议日志记录并在我的应用程序处于错误状态时浏览它们时,我看到我的 VM 和测试 VM 之间有大量 SEND 和 RECV 调用,这似乎表示发生了某种程度的通信,但我不确定如何解析我所看到的内容(下面日志中的片段)。当我 运行 我的应用程序没有启用 SSL/TLS x.509 东西时,这个问题似乎从未发生过。
发生这种情况时,我尝试使用 Wireshark 窥探消息流量,当我处于错误状态时,我可以看到没有任何 TLS 流量,当事情按预期工作时,我可以看到很多 TLS 1.2 数据包来回流动。
几周来我一直在追寻这个问题,但我觉得离找到解决方案还差得很远。如果有人有任何想法可以让我走上正轨,我将不胜感激!
qpid-cpp客户端、服务端、工具均为1.39.0-1版本
协议日志的摘录,192.168.56.2 是我的虚拟机面向外部的网络接口的 IP,192.168.56.55 是我想与之交谈的测试虚拟机。 10.43.1.XX IP 地址是我负责托管的交易所的内部地址。 qpidd 日志选项是“trace+:Protocol”和“error:System”:
Dec 22 20:38:09 stbdlcp qpidd[28517]: 2020-12-22 20:38:09 [System] error Connection qpid.10.43.1.10:31111-10.43.1.11:54704 No protocol received after 10s, closing
Dec 22 20:38:10 stbdlcp qpidd[28517]: 2020-12-22 20:38:10 [Protocol] trace SENT [qpid.192.168.56.2:31111-192.168.56.55:42624]: Frame[BEbe; channel=0; {ConnectionHeartbeatBody: }]
Dec 22 20:38:10 stbdlcp qpidd[28517]: 2020-12-22 20:38:10 [Protocol] trace RECV [qpid.192.168.56.2:31111-192.168.56.55:42624]: Frame[BEbe; channel=0; {ConnectionHeartbeatBody: }]
Dec 22 20:38:09 stbdlcp qpidd[28517]: 2020-12-22 20:38:09 [Protocol] trace RECV [qpid.192.168.56.2:31111-192.168.56.55:42624]: Frame[BEbe; channel=1; {SessionKnownCompletedBody: commands={ [5708,5739] }; }]
Dec 22 20:38:09 stbdlcp qpidd[28517]: 2020-12-22 20:38:09 [Protocol] trace RECV [qpid.192.168.56.2:31111-192.168.56.55:42624]: Frame[BEbe; channel=1; {MessageReleaseBody: transfers={ }; }]
Dec 22 20:38:09 stbdlcp qpidd[28517]: 2020-12-22 20:38:09 [Protocol] trace RECV [qpid.192.168.56.2:31111-192.168.56.55:42624]: Frame[BEbe; channel=1; {MessageCancelBody: destination=a662b9ed-f116-4c91-a9aa-7e7bd58221e1#; }]
Dec 22 20:38:09 stbdlcp qpidd[28517]: 2020-12-22 20:38:09 [Protocol] trace RECV [qpid.192.168.56.2:31111-192.168.56.55:42624]: Frame[BEbe; channel=1; {QueueQueryBody: queue=a662b9ed-f116-4c91-a9aa-7e7bd58221e1#; }]
Dec 22 20:38:09 stbdlcp qpidd[28517]: 2020-12-22 20:38:09 [Protocol] trace SENT [qpid.192.168.56.2:31111-192.168.56.55:42624]: Frame[BEbe; channel=1; {ExecutionResultBody: command-id=5743; value=\x08\x01\xFB\x00%a662b9ed-f116-4c91-a9aa-7e7bd58221e1#\x00\
Dec 22 20:38:09 stbdlcp qpidd[28517]: 2020-12-22 20:38:09 [Protocol] trace SENT [qpid.192.168.56.2:31111-192.168.56.55:42624]: Frame[BEbe; channel=1; {SessionCompletedBody: commands={ [5740,5743] }; }]
Dec 22 20:38:09 stbdlcp qpidd[28517]: 2020-12-22 20:38:09 [Protocol] trace RECV [qpid.192.168.56.2:31111-192.168.56.55:42624]: Frame[BEbe; channel=1; {MessageReleaseBody: transfers={ }; }]
Dec 22 20:38:09 stbdlcp qpidd[28517]: 2020-12-22 20:38:09 [Protocol] trace RECV [qpid.192.168.56.2:31111-192.168.56.55:42624]: Frame[BEbe; channel=1; {MessageCancelBody: destination=a662b9ed-f116-4c91-a9aa-7e7bd58221e1#; }]
Dec 22 20:38:09 stbdlcp qpidd[28517]: 2020-12-22 20:38:09 [Protocol] trace RECV [qpid.192.168.56.2:31111-192.168.56.55:42624]: Frame[BEbe; channel=1; {QueueQueryBody: queue=a662b9ed-f116-4c91-a9aa-7e7bd58221e1#; }]
Dec 22 20:38:09 stbdlcp qpidd[28517]: 2020-12-22 20:38:09 [Protocol] trace SENT [qpid.192.168.56.2:31111-192.168.56.55:42624]: Frame[BEbe; channel=1; {ExecutionResultBody: command-id=5743; value=\x08\x01\xFB\x00%a662b9ed-f116-4c91-a9aa-7e7bd58221e1#\x00\
Dec 22 20:38:09 stbdlcp qpidd[28517]: 2020-12-22 20:38:09 [Protocol] trace SENT [qpid.192.168.56.2:31111-192.168.56.55:42624]: Frame[BEbe; channel=1; {SessionCompletedBody: commands={ [5740,5743] }; }]
Dec 22 20:38:09 stbdlcp qpidd[28517]: 2020-12-22 20:38:09 [Protocol] trace RECV [qpid.192.168.56.2:31111-192.168.56.55:42624]: Frame[BEbe; channel=1; {QueueDeleteBody: queue=a662b9ed-f116-4c91-a9aa-7e7bd58221e1#; }]
Dec 22 20:38:09 stbdlcp qpidd[28517]: 2020-12-22 20:38:09 [Protocol] trace SENT [qpid.192.168.56.2:31111-192.168.56.55:42624]: Frame[BEbe; channel=1; {SessionCompletedBody: commands={ [5740,5744] }; }]
Dec 22 20:38:09 stbdlcp qpidd[28517]: 2020-12-22 20:38:09 [Protocol] trace RECV [qpid.192.168.56.2:31111-192.168.56.55:42624]: Frame[BEbe; channel=1; {ExecutionSyncBody: }]
Dec 22 20:38:09 stbdlcp qpidd[28517]: 2020-12-22 20:38:09 [Protocol] trace SENT [qpid.192.168.56.2:31111-192.168.56.55:42624]: Frame[BEbe; channel=1; {SessionCompletedBody: commands={ [5740,5745] }; }]
Dec 22 20:38:09 stbdlcp qpidd[28517]: 2020-12-22 20:38:09 [Protocol] trace RECV [qpid.192.168.56.2:31111-192.168.56.55:42624]: Frame[BEbe; channel=1; {MessageReleaseBody: transfers={ }; }]
Dec 22 20:38:09 stbdlcp qpidd[28517]: 2020-12-22 20:38:09 [Protocol] trace RECV [qpid.192.168.56.2:31111-192.168.56.55:42624]: Frame[BEbe; channel=1; {ExchangeBoundBody: exchange=3c2637c8-b488-4387-82eb-7469cdf9dd0e#; queue=3c2637c8-b488-4387-82eb-7469cd
Dec 22 20:38:09 stbdlcp qpidd[28517]: 2020-12-22 20:38:09 [Protocol] trace SENT [qpid.192.168.56.2:31111-192.168.56.55:42624]: Frame[BEbe; channel=1; {ExecutionResultBody: command-id=5747; value=\x07\x02\x03\x00; }]
Dec 22 20:38:09 stbdlcp qpidd[28517]: 2020-12-22 20:38:09 [Protocol] trace SENT [qpid.192.168.56.2:31111-192.168.56.55:42624]: Frame[BEbe; channel=1; {SessionCompletedBody: commands={ [5740,5747] }; }]
Dec 22 20:38:09 stbdlcp qpidd[28517]: 2020-12-22 20:38:09 [Protocol] trace RECV [qpid.192.168.56.2:31111-192.168.56.55:42624]: Frame[BEbe; channel=1; {QueueDeclareBody: queue=3c2637c8-b488-4387-82eb-7469cdf9dd0e#; alternate-exchange=; exclusive=1; auto-d
Dec 22 20:38:09 stbdlcp qpidd[28517]: 2020-12-22 20:38:09 [Protocol] trace RECV [qpid.192.168.56.2:31111-192.168.56.55:42624]: Frame[BEbe; channel=1; {ExecutionSyncBody: }]
Dec 22 20:38:09 stbdlcp qpidd[28517]: 2020-12-22 20:38:09 [Protocol] trace SENT [qpid.192.168.56.2:31111-192.168.56.55:42624]: Frame[BEbe; channel=1; {SessionCompletedBody: commands={ [5740,5749] }; }]
Dec 22 20:38:09 stbdlcp qpidd[28517]: 2020-12-22 20:38:09 [Protocol] trace RECV [qpid.192.168.56.2:31111-192.168.56.55:42624]: Frame[BEbe; channel=1; {MessageSubscribeBody: queue=3c2637c8-b488-4387-82eb-7469cdf9dd0e#; destination=3c2637c8-b488-4387-82eb-
Dec 22 20:38:09 stbdlcp qpidd[28517]: 2020-12-22 20:38:09 [Protocol] trace RECV [qpid.192.168.56.2:31111-192.168.56.55:42624]: Frame[Bbe; channel=1; {MessageTransferBody: destination=qmf.default.direct; accept-mode=1; acquire-mode=0; }]
Dec 22 20:38:09 stbdlcp qpidd[28517]: 2020-12-22 20:38:09 [Protocol] trace RECV [qpid.192.168.56.2:31111-192.168.56.55:42624]: Frame[be; channel=1; header (198 bytes); properties={{MessageProperties: content-length=106; correlation-id=3778; reply-to={Rep
Dec 22 20:38:09 stbdlcp qpidd[28517]: 2020-12-22 20:38:09 [Protocol] trace RECV [qpid.192.168.56.2:31111-192.168.56.55:42624]: Frame[Ebe; channel=1; content (106 bytes) \x00\x00\x00f\x00\x00\x00\x02
我想我明白了。无论出于何种原因,保护我的 NSS 数据库密码似乎都是导致问题的原因。删除密码后,我无法像以前那样重现问题。
我不确定为什么会这样,我将不得不做更多的研究来找出我到底做错了什么。如果 NSS DB 密码配置错误,我不希望 QPID 身份验证能够正常工作,而不是像以前那样出现随机连接问题。
非常混乱。
我目前正在升级遗留应用程序的 QPID 通信以支持 SSL/TLS 通过 x.509 证书进行加密。我得到了一个虚拟机来测试,我想我已经解决了大部分问题。然而,在我启动我的应用程序的 10 次中,Qpid C++ 代码可能会拒绝打开与其他虚拟机的任何连接,也不会为我的应用程序托管的交换打开任何连接。
通过多次重启我的应用程序,我能够(最终)强制出现这个问题。处于此错误状态时,我不仅无法与我的测试 VM 通信,而且我也无法为我自己的交换打开连接并看到很多日志,例如“[System] error Connection qpid.10.43.1.10:31111-10.43 .1.11:51564 10 秒后未收到协议,关闭”这两个都是内部 IP 地址。
当我使用“log-enable=trace+:Protocol”启用协议日志记录并在我的应用程序处于错误状态时浏览它们时,我看到我的 VM 和测试 VM 之间有大量 SEND 和 RECV 调用,这似乎表示发生了某种程度的通信,但我不确定如何解析我所看到的内容(下面日志中的片段)。当我 运行 我的应用程序没有启用 SSL/TLS x.509 东西时,这个问题似乎从未发生过。
发生这种情况时,我尝试使用 Wireshark 窥探消息流量,当我处于错误状态时,我可以看到没有任何 TLS 流量,当事情按预期工作时,我可以看到很多 TLS 1.2 数据包来回流动。
几周来我一直在追寻这个问题,但我觉得离找到解决方案还差得很远。如果有人有任何想法可以让我走上正轨,我将不胜感激!
qpid-cpp客户端、服务端、工具均为1.39.0-1版本
协议日志的摘录,192.168.56.2 是我的虚拟机面向外部的网络接口的 IP,192.168.56.55 是我想与之交谈的测试虚拟机。 10.43.1.XX IP 地址是我负责托管的交易所的内部地址。 qpidd 日志选项是“trace+:Protocol”和“error:System”:
Dec 22 20:38:09 stbdlcp qpidd[28517]: 2020-12-22 20:38:09 [System] error Connection qpid.10.43.1.10:31111-10.43.1.11:54704 No protocol received after 10s, closing
Dec 22 20:38:10 stbdlcp qpidd[28517]: 2020-12-22 20:38:10 [Protocol] trace SENT [qpid.192.168.56.2:31111-192.168.56.55:42624]: Frame[BEbe; channel=0; {ConnectionHeartbeatBody: }]
Dec 22 20:38:10 stbdlcp qpidd[28517]: 2020-12-22 20:38:10 [Protocol] trace RECV [qpid.192.168.56.2:31111-192.168.56.55:42624]: Frame[BEbe; channel=0; {ConnectionHeartbeatBody: }]
Dec 22 20:38:09 stbdlcp qpidd[28517]: 2020-12-22 20:38:09 [Protocol] trace RECV [qpid.192.168.56.2:31111-192.168.56.55:42624]: Frame[BEbe; channel=1; {SessionKnownCompletedBody: commands={ [5708,5739] }; }]
Dec 22 20:38:09 stbdlcp qpidd[28517]: 2020-12-22 20:38:09 [Protocol] trace RECV [qpid.192.168.56.2:31111-192.168.56.55:42624]: Frame[BEbe; channel=1; {MessageReleaseBody: transfers={ }; }]
Dec 22 20:38:09 stbdlcp qpidd[28517]: 2020-12-22 20:38:09 [Protocol] trace RECV [qpid.192.168.56.2:31111-192.168.56.55:42624]: Frame[BEbe; channel=1; {MessageCancelBody: destination=a662b9ed-f116-4c91-a9aa-7e7bd58221e1#; }]
Dec 22 20:38:09 stbdlcp qpidd[28517]: 2020-12-22 20:38:09 [Protocol] trace RECV [qpid.192.168.56.2:31111-192.168.56.55:42624]: Frame[BEbe; channel=1; {QueueQueryBody: queue=a662b9ed-f116-4c91-a9aa-7e7bd58221e1#; }]
Dec 22 20:38:09 stbdlcp qpidd[28517]: 2020-12-22 20:38:09 [Protocol] trace SENT [qpid.192.168.56.2:31111-192.168.56.55:42624]: Frame[BEbe; channel=1; {ExecutionResultBody: command-id=5743; value=\x08\x01\xFB\x00%a662b9ed-f116-4c91-a9aa-7e7bd58221e1#\x00\
Dec 22 20:38:09 stbdlcp qpidd[28517]: 2020-12-22 20:38:09 [Protocol] trace SENT [qpid.192.168.56.2:31111-192.168.56.55:42624]: Frame[BEbe; channel=1; {SessionCompletedBody: commands={ [5740,5743] }; }]
Dec 22 20:38:09 stbdlcp qpidd[28517]: 2020-12-22 20:38:09 [Protocol] trace RECV [qpid.192.168.56.2:31111-192.168.56.55:42624]: Frame[BEbe; channel=1; {MessageReleaseBody: transfers={ }; }]
Dec 22 20:38:09 stbdlcp qpidd[28517]: 2020-12-22 20:38:09 [Protocol] trace RECV [qpid.192.168.56.2:31111-192.168.56.55:42624]: Frame[BEbe; channel=1; {MessageCancelBody: destination=a662b9ed-f116-4c91-a9aa-7e7bd58221e1#; }]
Dec 22 20:38:09 stbdlcp qpidd[28517]: 2020-12-22 20:38:09 [Protocol] trace RECV [qpid.192.168.56.2:31111-192.168.56.55:42624]: Frame[BEbe; channel=1; {QueueQueryBody: queue=a662b9ed-f116-4c91-a9aa-7e7bd58221e1#; }]
Dec 22 20:38:09 stbdlcp qpidd[28517]: 2020-12-22 20:38:09 [Protocol] trace SENT [qpid.192.168.56.2:31111-192.168.56.55:42624]: Frame[BEbe; channel=1; {ExecutionResultBody: command-id=5743; value=\x08\x01\xFB\x00%a662b9ed-f116-4c91-a9aa-7e7bd58221e1#\x00\
Dec 22 20:38:09 stbdlcp qpidd[28517]: 2020-12-22 20:38:09 [Protocol] trace SENT [qpid.192.168.56.2:31111-192.168.56.55:42624]: Frame[BEbe; channel=1; {SessionCompletedBody: commands={ [5740,5743] }; }]
Dec 22 20:38:09 stbdlcp qpidd[28517]: 2020-12-22 20:38:09 [Protocol] trace RECV [qpid.192.168.56.2:31111-192.168.56.55:42624]: Frame[BEbe; channel=1; {QueueDeleteBody: queue=a662b9ed-f116-4c91-a9aa-7e7bd58221e1#; }]
Dec 22 20:38:09 stbdlcp qpidd[28517]: 2020-12-22 20:38:09 [Protocol] trace SENT [qpid.192.168.56.2:31111-192.168.56.55:42624]: Frame[BEbe; channel=1; {SessionCompletedBody: commands={ [5740,5744] }; }]
Dec 22 20:38:09 stbdlcp qpidd[28517]: 2020-12-22 20:38:09 [Protocol] trace RECV [qpid.192.168.56.2:31111-192.168.56.55:42624]: Frame[BEbe; channel=1; {ExecutionSyncBody: }]
Dec 22 20:38:09 stbdlcp qpidd[28517]: 2020-12-22 20:38:09 [Protocol] trace SENT [qpid.192.168.56.2:31111-192.168.56.55:42624]: Frame[BEbe; channel=1; {SessionCompletedBody: commands={ [5740,5745] }; }]
Dec 22 20:38:09 stbdlcp qpidd[28517]: 2020-12-22 20:38:09 [Protocol] trace RECV [qpid.192.168.56.2:31111-192.168.56.55:42624]: Frame[BEbe; channel=1; {MessageReleaseBody: transfers={ }; }]
Dec 22 20:38:09 stbdlcp qpidd[28517]: 2020-12-22 20:38:09 [Protocol] trace RECV [qpid.192.168.56.2:31111-192.168.56.55:42624]: Frame[BEbe; channel=1; {ExchangeBoundBody: exchange=3c2637c8-b488-4387-82eb-7469cdf9dd0e#; queue=3c2637c8-b488-4387-82eb-7469cd
Dec 22 20:38:09 stbdlcp qpidd[28517]: 2020-12-22 20:38:09 [Protocol] trace SENT [qpid.192.168.56.2:31111-192.168.56.55:42624]: Frame[BEbe; channel=1; {ExecutionResultBody: command-id=5747; value=\x07\x02\x03\x00; }]
Dec 22 20:38:09 stbdlcp qpidd[28517]: 2020-12-22 20:38:09 [Protocol] trace SENT [qpid.192.168.56.2:31111-192.168.56.55:42624]: Frame[BEbe; channel=1; {SessionCompletedBody: commands={ [5740,5747] }; }]
Dec 22 20:38:09 stbdlcp qpidd[28517]: 2020-12-22 20:38:09 [Protocol] trace RECV [qpid.192.168.56.2:31111-192.168.56.55:42624]: Frame[BEbe; channel=1; {QueueDeclareBody: queue=3c2637c8-b488-4387-82eb-7469cdf9dd0e#; alternate-exchange=; exclusive=1; auto-d
Dec 22 20:38:09 stbdlcp qpidd[28517]: 2020-12-22 20:38:09 [Protocol] trace RECV [qpid.192.168.56.2:31111-192.168.56.55:42624]: Frame[BEbe; channel=1; {ExecutionSyncBody: }]
Dec 22 20:38:09 stbdlcp qpidd[28517]: 2020-12-22 20:38:09 [Protocol] trace SENT [qpid.192.168.56.2:31111-192.168.56.55:42624]: Frame[BEbe; channel=1; {SessionCompletedBody: commands={ [5740,5749] }; }]
Dec 22 20:38:09 stbdlcp qpidd[28517]: 2020-12-22 20:38:09 [Protocol] trace RECV [qpid.192.168.56.2:31111-192.168.56.55:42624]: Frame[BEbe; channel=1; {MessageSubscribeBody: queue=3c2637c8-b488-4387-82eb-7469cdf9dd0e#; destination=3c2637c8-b488-4387-82eb-
Dec 22 20:38:09 stbdlcp qpidd[28517]: 2020-12-22 20:38:09 [Protocol] trace RECV [qpid.192.168.56.2:31111-192.168.56.55:42624]: Frame[Bbe; channel=1; {MessageTransferBody: destination=qmf.default.direct; accept-mode=1; acquire-mode=0; }]
Dec 22 20:38:09 stbdlcp qpidd[28517]: 2020-12-22 20:38:09 [Protocol] trace RECV [qpid.192.168.56.2:31111-192.168.56.55:42624]: Frame[be; channel=1; header (198 bytes); properties={{MessageProperties: content-length=106; correlation-id=3778; reply-to={Rep
Dec 22 20:38:09 stbdlcp qpidd[28517]: 2020-12-22 20:38:09 [Protocol] trace RECV [qpid.192.168.56.2:31111-192.168.56.55:42624]: Frame[Ebe; channel=1; content (106 bytes) \x00\x00\x00f\x00\x00\x00\x02
我想我明白了。无论出于何种原因,保护我的 NSS 数据库密码似乎都是导致问题的原因。删除密码后,我无法像以前那样重现问题。
我不确定为什么会这样,我将不得不做更多的研究来找出我到底做错了什么。如果 NSS DB 密码配置错误,我不希望 QPID 身份验证能够正常工作,而不是像以前那样出现随机连接问题。
非常混乱。