0
나는 서버에서 파일을 얻기 위해 간단한 HTTPS 클라이언트를 만들기 위해 아파치 httpcomponents 4.2.5를 사용하고 있습니다.javax.net.ssl.SSLPeerUnverifiedException 해결 도움이 필요하십니까
코드는 주로 ClientExecuteProxy.java 샘플 코드를 기반으로합니다. Java 1.6.0_31에서 클라이언트를 개발하고 테스트했으며 예상대로 작동합니다.
Java 1.7.0_25 (기적적으로 약 2 주 전에 설치됨)가있는 서버 중 하나에 최종 jar를 배포했습니다. Java 7에서 오류가 발생했습니다.
나는 파이어 폭스를 통해 사이트에 액세스하고, 잠금을 클릭하고, 인증서를 다운로드/cacerts에 추가 한 수많은 스위치를 시도했습니다. 이것은 아래의 디버그 로그에서 확인됩니다. Java 6에서는 작동하지 않고 작동합니다. 동일한 스택 추적을 계속합니다. 여기에 긴 포스트
executing request to https://dmf.ntis.gov:443 via http://myproxy.mynet:8080
trustStore is: C:\Program Files\Java\jre7\lib\security\cacerts
trustStore type is : jks
trustStore provider is :
init truststore
...
adding as trusted cert:
Subject: CN=dmf.ntis.gov, O=National Technical Information Service, L=Alexandria, ST=Virginia, C=US
Issuer: CN=Entrust Certification Authority - L1C, OU="(c) 2009 Entrust, Inc.", OU=www.entrust.net/rpa is incorporated by reference, O="Entrust, Inc.", C=US
Algorithm: RSA; Serial number: 0x4c1ed933
Valid from Fri Jan 25 10:23:19 EST 2013 until Sun Jan 26 22:54:05 EST 2014
...
trigger seeding of SecureRandom
done seeding SecureRandom
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256
Allow unsafe renegotiation: true
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
%% No cached client session
*** ClientHello, TLSv1
RandomCookie: GMT: 1355254829 bytes = { 151, 204, 236, 54, 121, 42, 132, 221, 43, 116, 69, 16, 51, 17, 65, 109, 23, 135, 125, 16, 54, 72, 163, 189, 169, 189, 114, 223 }
Session ID: {}
Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_SHA, TLS_ECDH_ECDSA_WITH_RC4_128_SHA, TLS_ECDH_RSA_WITH_RC4_128_SHA, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_RC4_128_MD5, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
Compression Methods: { 0 }
Extension elliptic_curves, curve names: {secp256r1, sect163k1, sect163r2, secp192r1, secp224r1, sect233k1, sect233r1, sect283k1, sect283r1, secp384r1, sect409k1, sect409r1, secp521r1, sect571k1, sect571r1, secp160k1, secp160r1, secp160r2, sect163r1, secp192k1, sect193r1, sect193r2, secp224k1, sect239k1, secp256k1}
Extension ec_point_formats, formats: [uncompressed]
Extension server_name, server_name: [host_name: dmf.ntis.gov]
***
[write] MD5 and SHA1 hashes: len = 170
0000: 01 00 00 A6 03 01 51 C8 8C 2D 97 CC EC 36 79 2A ......Q..-...6y*
0010: 84 DD 2B 74 45 10 33 11 41 6D 17 87 7D 10 36 48 ..+tE.3.Am....6H
0020: A3 BD A9 BD 72 DF 00 00 2A C0 09 C0 13 00 2F C0 ....r...*...../.
0030: 04 C0 0E 00 33 00 32 C0 07 C0 11 00 05 C0 02 C0 ....3.2.........
0040: 0C C0 08 C0 12 00 0A C0 03 C0 0D 00 16 00 13 00 ................
0050: 04 00 FF 01 00 00 53 00 0A 00 34 00 32 00 17 00 ......S...4.2...
0060: 01 00 03 00 13 00 15 00 06 00 07 00 09 00 0A 00 ................
0070: 18 00 0B 00 0C 00 19 00 0D 00 0E 00 0F 00 10 00 ................
0080: 11 00 02 00 12 00 04 00 05 00 14 00 08 00 16 00 ................
0090: 0B 00 02 01 00 00 00 00 11 00 0F 00 00 0C 64 6D ..............dm
00A0: 66 2E 6E 74 69 73 2E 67 6F 76 f.ntis.gov
main, WRITE: TLSv1 Handshake, length = 170
[Raw write]: length = 175
0000: 16 03 01 00 AA 01 00 00 A6 03 01 51 C8 8C 2D 97 ...........Q..-.
0010: CC EC 36 79 2A 84 DD 2B 74 45 10 33 11 41 6D 17 ..6y*..+tE.3.Am.
0020: 87 7D 10 36 48 A3 BD A9 BD 72 DF 00 00 2A C0 09 ...6H....r...*..
0030: C0 13 00 2F C0 04 C0 0E 00 33 00 32 C0 07 C0 11 .../.....3.2....
0040: 00 05 C0 02 C0 0C C0 08 C0 12 00 0A C0 03 C0 0D ................
0050: 00 16 00 13 00 04 00 FF 01 00 00 53 00 0A 00 34 ...........S...4
0060: 00 32 00 17 00 01 00 03 00 13 00 15 00 06 00 07 .2..............
0070: 00 09 00 0A 00 18 00 0B 00 0C 00 19 00 0D 00 0E ................
0080: 00 0F 00 10 00 11 00 02 00 12 00 04 00 05 00 14 ................
0090: 00 08 00 16 00 0B 00 02 01 00 00 00 00 11 00 0F ................
00A0: 00 00 0C 64 6D 66 2E 6E 74 69 73 2E 67 6F 76 ...dmf.ntis.gov
main, handling exception: java.net.SocketException: Connection reset
main, SEND TLSv1 ALERT: fatal, description = unexpected_message
main, WRITE: TLSv1 Alert, length = 2
main, Exception sending alert: java.net.SocketException: Connection reset by peer: socket write error
main, called closeSocket()
main, IOException in getSession(): java.net.SocketException: Connection reset
죄송합니다
Exception in thread "main" javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
at sun.security.ssl.SSLSessionImpl.getPeerCertificates(Unknown Source)
at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:126)
at org.apache.http.conn.ssl.SSLSocketFactory.createLayeredSocket(SSLSocketFactory.java:493)
at org.apache.http.impl.conn.DefaultClientConnectionOperator.updateSecureConnection(DefaultClientConnectionOperator.java:232)
at org.apache.http.impl.conn.ManagedClientConnectionImpl.layerProtocol(ManagedClientConnectionImpl.java:401)
at org.apache.http.impl.client.DefaultRequestDirector.establishRoute(DefaultRequestDirector.java:840)
at org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:647)
at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:479)
at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:906)
at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:827)
javax의 디버그 옵션이 켜져 있고 다른 사람이 올리는 내용을 볼
.... 이 로그는 -Dsun.security.ssl.allowUnsafeRenegotiation = true 스위치를 사용하여 생성되었지만 차이는 없습니다.코드에는 맞춤 클래스가 있지만 여기에는 마법이 없습니다. 구성은 속성 파일에 있으며 런타임에로드됩니다. 매개 변수는 아주 자명합니다.
private static void getHttpFile(HttpContextConfig cfg,
HttpContextEntry ctx,
String remoteFile,
String localFile,
Boolean useTemp) throws Exception {
SimpleDateFormat sdf = new SimpleDateFormat("dd-MMM-yyyy HH:mm:ss.SSS");
System.out.println("\n\n" + sdf.format(new Date()) + " HttpClientUtil Starting...");
DefaultHttpClient httpclient = new DefaultHttpClient();
// socket.setEnabledProtocols(new String[] { "SSLv3" });
try {
HttpHost target = new HttpHost(ctx.getHostName(),
Integer.parseInt(ctx.getPort()),
ctx.getScheme());
if (null != cfg.getProxyHost()){
HttpHost proxy = new HttpHost(cfg.getProxyHost(),
cfg.getProxyPort(),
cfg.getProxyScheme());
httpclient.getParams().setParameter(ConnRoutePNames.DEFAULT_PROXY, proxy);
System.out.println("executing request to " + target + " via " + proxy);
}
else
System.out.println("executing request to " + target);
// Set the credentials if we have a userID
if (null != ctx.getUserName()){
httpclient.getCredentialsProvider().setCredentials(
new AuthScope(ctx.getHostName(), Integer.parseInt(ctx.getPort())),
new UsernamePasswordCredentials(ctx.getUserName(), ctx.getPassword()));
}
HttpGet req = new HttpGet(remote);
HttpResponse rsp = httpclient.execute(target, req);
HttpEntity entity = rsp.getEntity();
System.out.println("----------------------------------------");
System.out.println(rsp.getStatusLine());
Header[] headers = rsp.getAllHeaders();
for (int i = 0; i<headers.length; i++) {
System.out.println(headers[i]);
}
System.out.println("----------------------------------------");
System.out.println("\n\t" + sdf.format(new Date()) + " Writing Output to File: " + local);
*** Snipped some unimportant code out ***
OutputStream OutStream = new FileOutputStream(local);
entity.writeTo(OutStream);
OutStream.flush();
OutStream.close();
} finally {
// When HttpClient instance is no longer needed,
// shut down the connection manager to ensure
// immediate deallocation of all system resources
httpclient.getConnectionManager().shutdown();
}
}
나는 다양한 스레드를 통해 답을 알아 내려고 노력하고 있습니다. 나는 (모든 인증서를 받아들이는) 해결책을 해제하고 싶지 않다. SSLv3 협상을 명시 적으로 설정하기 위해 사용자 지정 SSL 소켓 팩토리를 시도하지 않았습니다.
socket.setEnabledProtocols (new String [] { "SSLv3"});
이 사이트는 데이터를 다운로드하기 위해 사용자 ID와 암호를 가지고, 및 쿠키를 가지고있다, 그러나 다시, 이것은 JRE에서 당신이 제공 할 수있는 어떤 도움 6.
감사를 작동 않습니다.
안녕 Mike AWS 및 plivo 서버에서 피어 인증 문제가 발생합니다. AWS에서 필자는 plivo에서 엔드 포인트를 등록하려고 시도했습니다. 하지만이 오류를 얻는 것은 옛날에 잘 작동했던 동일한 빌드에 대한 것입니다. – najeeb