Apache Http客户端SSL证书错误

Question

Apache Http客户端SSL证书错误

sik*_*iki 8 java ssl https httpclient apache-httpclient-4.x

我知道之前已被问过,但我尝试了所有我找到的解决方案,但仍然无法正常工作.

基本上,我试图通过Apache Http Client(4.3)获取一些内容,而我正在连接的网站存在一些SSL问题.

首先,我得到SSLException了和unrecognized_name消息.我试图通过将jsse.enableSNIExtension属性设置为来解决这个问题false.

然后,我得到了这个例外: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

然后我尝试提供我SSLFactory接受所有证书的赢了,但我仍然得到同样的例外.这是我的代码:

private static void sslTest() throws Exception {
    System.setProperty("jsse.enableSNIExtension", "false");

    SSLContext sslContext = SSLContexts.custom()
            .loadTrustMaterial(null, new TrustSelfSignedStrategy())
            .useTLS()
            .build();

    SSLConnectionSocketFactory connectionFactory =
            new SSLConnectionSocketFactory(sslContext, new AllowAllHostnameVerifier());

    CookieStore cookieStore = new BasicCookieStore();
    HttpClientContext context = HttpClientContext.create();
    context.setCookieStore(cookieStore);

    CloseableHttpClient httpclient = HttpClients.custom()
            .setSSLSocketFactory(connectionFactory)
            .setDefaultCookieStore(cookieStore)
            .build();

    URI uri = new URIBuilder()
            .setScheme("https")
            .setHost(BASE_URL)
            .build();

    String responseBody = httpclient.execute(new HttpGet(uri), RESPONSE_HANDLER);
}

Run Code Online (Sandbox Code Playgroud)

非常感谢所有帮助!

Answer 1

ok2*_*k2c 12

另请注意,信任自签名证书并不意味着信任任何证书.尝试以这种方式设置SSL上下文:

SSLContext sslContext = SSLContexts.custom()
        .loadTrustMaterial(null, new TrustStrategy() {

            @Override
            public boolean isTrusted(final X509Certificate[] chain, final String authType) throws CertificateException {
                return true;
            }
        })
        .useTLS()
        .build();

Run Code Online (Sandbox Code Playgroud)

还请注意,通常信任证书不加区分地首先违背了使用SSL的目的.在绝对必要时使用或仅用于测试

像魅力一样工作.使用`HttpClientBuilder`,这是如何创建一个实例 - `SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(sslContext); CloseableHttpClient client = HttpClientBuilder.create().setSSLSocketFactory(sslsf).build();` (2认同)

Answer 2

Eli*_*lik 9

在Http Client 4.5.2中:

    SSLContext sslContext = SSLContexts.custom()
            .loadTrustMaterial(null, new TrustStrategy() {

                @Override
                public boolean isTrusted(final X509Certificate[] chain, final String authType) throws CertificateException {
                    return true;
                }
            })
            .build();

    SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(
            sslContext,
            NoopHostnameVerifier.INSTANCE);

Run Code Online (Sandbox Code Playgroud)

然后:

HttpClientBuilder builder = HttpClients.custom().setSSLSocketFactory(sslsf);

Run Code Online (Sandbox Code Playgroud)

归档时间：	11 年，5 月前
查看次数：	11154 次
最近记录：	8 年，3 月前