您的位置: 首页  >  技术问答  >  Apache Http客户端SSL证书错误

Apache Http客户端SSL证书错误

分类: 技术问答 2022-07-14 23:46:38
问题描述:

我知道它之前已被问过,但我尝试了所有我找到的解决方案,但仍然无法正常工作。Apache Http客户端SSL证书错误

基本上,我试图通过Apache Http Client(4.3)获取一些内容,并且我连接的网站存在一些SSL问题。

首先,我得到了SSLExceptionunrecognized_name的消息。我试图通过将jsse.enableSNIExtension属性设置为false来解决此问题。

然后,我得到这个异常: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

我又试图提供我亿韩元SSLFactory,将接受所有证书,但我仍然得到同样的异常。这里是我的代码:

private static void sslTest() throws Exception { 
    System.setProperty("jsse.enableSNIExtension", "false"); 

    SSLContext sslContext = SSLContexts.custom() 
      .loadTrustMaterial(null, new TrustSelfSignedStrategy()) 
      .useTLS() 
      .build(); 

    SSLConnectionSocketFactory connectionFactory = 
      new SSLConnectionSocketFactory(sslContext, new AllowAllHostnameVerifier()); 

    CookieStore cookieStore = new BasicCookieStore(); 
    HttpClientContext context = HttpClientContext.create(); 
    context.setCookieStore(cookieStore); 

    CloseableHttpClient httpclient = HttpClients.custom() 
      .setSSLSocketFactory(connectionFactory) 
      .setDefaultCookieStore(cookieStore) 
      .build(); 

    URI uri = new URIBuilder() 
      .setScheme("https") 
      .setHost(BASE_URL) 
      .build(); 

    String responseBody = httpclient.execute(new HttpGet(uri), RESPONSE_HANDLER); 
}

所有帮助非常感谢!

+0

请在另一个问题看我的答案:https://*.com/a/45734000/8477758 – EyouGo

另请注意,信任自签名证书并不意味着相信任何任意证书。尝试建立您的SSL背景是这样的:

SSLContext sslContext = SSLContexts.custom() 
     .loadTrustMaterial(null, new TrustStrategy() { 

      @Override 
      public boolean isTrusted(final X509Certificate[] chain, final String authType) throws CertificateException { 
       return true; 
      } 
     }) 
     .useTLS() 
     .build();

也请注意,一般信任的证书胡乱击败首先使用SSL的目的。使用在绝对必要的或只用于测试

+1

工作就像魅力。用'HttpClientBuilder'这是如何创建一个实例 - SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(sslContext); CloseableHttpClient client = HttpClientBuilder.create()。setSSLSocketFactory(sslsf).build();' –

您的信任库不信任服务器证书。

允许所有主机名是一个HTTPS步骤,只能调用如果证书是可信的。

在HTTP客户端4.5.2:

SSLContext sslContext = SSLContexts.custom() 
      .loadTrustMaterial(null, new TrustStrategy() { 

       @Override 
       public boolean isTrusted(final X509Certificate[] chain, final String authType) throws CertificateException { 
        return true; 
       } 
      }) 
      .build(); 

    SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(
      sslContext, 
      NoopHostnameVerifier.INSTANCE);

然后:

HttpClientBuilder builder = HttpClients.custom().setSSLSocketFactory(sslsf);

以下是Apache 4X相信一切

static { 
    // avoid error javax.net.ssl.SSLProtocolException: handshake alert: unrecognized_name 
    System.setProperty("jsse.enableSNIExtension", "false"); 
} 

public static HttpClientBuilder createTrustAllHttpClientBuilder() { 
    try { 
     SSLContextBuilder builder = new SSLContextBuilder(); 
     builder.loadTrustMaterial(null, (chain, authType) -> true); 
     SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(builder.build(), NoopHostnameVerifier.INSTANCE); 

     return HttpClients.custom().setSSLSocketFactory(sslsf); 
    } 
    catch (KeyManagementException | NoSuchAlgorithmException | KeyStoreException e) { 
     throw new IllegalStateException(e); 
    } 
}

相关推荐