Apache HttpClient中的java自签名证书问题
我有一个网站的自签名证书。我使用keytool将其导入到javacacert文件中。之后,它可以很好地处理RestTemplate请求。 当我使用Apache HttpClients请求时,我得到一个异常,如下所示:
javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
at org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:275)
at org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:254)
at org.apache.http.impl.conn.HttpClientConnectionOperator.connect(HttpClientConnectionOperator.java:123)
at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:318)
at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:363)
at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:219)
at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:195)
at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:86)
at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:108)
at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:184)
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82)
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:106)
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:57)
at HttpClientRequestTest.test3(HttpClientRequestTest.java:93)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:90)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:55)
at java.lang.reflect.Method.invoke(Method.java:508)
at org.junit.runners.model.FrameworkMethod$1.runReflectiveCall(FrameworkMethod.java:50)
at org.junit.internal.runners.model.ReflectiveCallable.run(ReflectiveCallable.java:12)
at org.junit.runners.model.FrameworkMethod.invokeExplosively(FrameworkMethod.java:47)
at org.junit.internal.runners.statements.InvokeMethod.evaluate(InvokeMethod.java:17)
at org.junit.runners.ParentRunner.runLeaf(ParentRunner.java:325)
at org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:78)
at org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:57)
at org.junit.runners.ParentRunner$3.run(ParentRunner.java:290)
at org.junit.runners.ParentRunner$1.schedule(ParentRunner.java:71)
at org.junit.runners.ParentRunner.runChildren(ParentRunner.java:288)
at org.junit.runners.ParentRunner.access$000(ParentRunner.java:58)
at org.junit.runners.ParentRunner$2.evaluate(ParentRunner.java:268)
at org.junit.runners.ParentRunner.run(ParentRunner.java:363)
at org.junit.runner.JUnitCore.run(JUnitCore.java:137)
at com.intellij.junit4.JUnit4IdeaTestRunner.startRunnerWithArgs(JUnit4IdeaTestRunner.java:68)
at com.intellij.rt.junit.IdeaTestRunner$Repeater.startRunnerWithArgs(IdeaTestRunner.java:33)
at com.intellij.rt.junit.JUnitStarter.prepareStreamsAndStart(JUnitStarter.java:230)
at com.intellij.rt.junit.JUnitStarter.main(JUnitStarter.java:58)
Caused by: java.io.EOFException: SSL peer shut down incorrectly
RestTemplate代码:
final RestTemplate restTemplate = new RestTemplate();
final ResponseEntity<String> response = restTemplate.getForEntity(url, String.class);
Apache HttpClient示例:
final HttpGet request = new HttpGet(url);
final HttpClient httpClient = HttpClients.createDefault();
final HttpResponse response = httpClient.execute(request);
有人知道为什么它使用RestTemplate而不是HttpClient吗
HttpClient版本为4.5.13
# 1 楼答案
当你处理“任何(!)有点‘加密问题’,“您需要查看日志文件,尤其是”,从服务器端查看。"
“客户,”当然是故意的,“应该什么也学不到”,因为它被认为是“Eve il入侵者”,而不是“Alice”或“Bob”客户只感觉到门被关在他们脸上,完全没有解释
# 2 楼答案
没有足够的信息来回答原因
我们所知道的是,是服务器终止了连接。因此,似乎是客户做错了什么
这是一个好兆头,因为这意味着你可以做点什么:)
你提到CA证书-我个人认为你的服务器没有办法关心你安装的CA证书。这些证书用于验证服务器提供的证书
您有几个选项可以解决这个问题:
调试:使用一个好的反编译器,比如IntelliJ附带的反编译器。你将挖掘到URL对象类型,你将看到提供的证书,收到的证书。。。加密算法。。。等 如果您不确定这些东西中的任何一个应该是什么,至少可以将其与“工作的那个”的调试进行比较
B.TCP跟踪。根据可用的数据,您可以使用WireShark查看数据。可能需要一些手动解密。 再次,与已知的良好值或至少与有效的方法进行比较
C.服务器日志。如果您可以访问这些日志,并且这些日志都很好,那么异常应该出现在其中一个日志中,并告诉您客户端消息有什么问题
D.反复试验。试着忘记你的假设,对你的配置更加明确。有可能某些内容被设置为默认值,而这不是服务器喜欢的