忽略Apache HTTPClient 4.5中的自签名证书
我正在尝试 接受所有证书,和/或 使用 Apache HTTPClient 4.5版 接受自签名证书
(此处为教程链接)
我一直在从SO上的大量帖子中寻找解决此问题的方法。到目前为止,它们都没有起作用。
我不断收到此错误: Error while trying to execute request.
javax.net.ssl.SSLHandshakeException: Remote host closed connection during
handshake
Apache文件:
- Apache v4.5教程
- SSL / TLS定制
- Apache有版本3 的指南,但没有版本4的指南。
请注意,在所有这些示例中,我还传递了我之前定义的cookie存储和代理凭据提供程序。这些正在工作,我只是想添加SSL支持。
尝试#1
使用创建我自己的ssl上下文,SSLContextBuilder并使用信任所有自签名策略TrustSelfSignedStrategy。
SSLContextBuilder sshbuilder = new SSLContextBuilder();
sshbuilder.loadTrustMaterial(null, new TrustSelfSignedStrategy());
SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(sshbuilder.build());
CloseableHttpClient httpclient = HttpClients.custom()
.setDefaultCredentialsProvider(credsProvider)
.setDefaultCookieStore(cookieStore)
.setSSLSocketFactory(sslsf)
.build();
结果 :没用。得到Error while trying to execute request.
javax.net.ssl.SSLHandshakeException: Remote host closed connection during
handshake
尝试#2
与上述相同,但添加一个 PoolingHttpClientConnectionManager
SSLContextBuilder builder = new SSLContextBuilder();
builder.loadTrustMaterial(null, new TrustSelfSignedStrategy());
SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(builder.build(),SSLConnectionSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
Registry<ConnectionSocketFactory> registry = RegistryBuilder.<ConnectionSocketFactory>create()
.register("http", new PlainConnectionSocketFactory())
.register("https", sslsf)
.build();
PoolingHttpClientConnectionManager cm = new PoolingHttpClientConnectionManager(registry);
cm.setMaxTotal(2000);//max connection
CloseableHttpClient httpclient = HttpClients.custom()
.setDefaultCredentialsProvider(credsProvider)
.setDefaultCookieStore(cookieStore)
.setSSLSocketFactory(sslsf)
.setConnectionManager(cm)
.build();
结果 :没用。得到Error while trying to execute request.
javax.net.ssl.SSLHandshakeException: Remote host closed connection during
handshake
尝试#3
只需通过覆盖即可接受所有证书TrustStrategy(不建议这样做)
SSLContextBuilder builder = new SSLContextBuilder();
builder.loadTrustMaterial(null, new TrustStrategy() {
@Override
public boolean isTrusted(X509Certificate[] chain, String authType) throws CertificateException {
return true;
}
});
SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(builder.build(),
SSLConnectionSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
CloseableHttpClient httpclient = HttpClients.custom()
.setDefaultCredentialsProvider(credsProvider)
.setDefaultCookieStore(cookieStore)
.setSSLSocketFactory(sslsf)
.build();
结果 :没用。得到Error while trying to execute request.
javax.net.ssl.SSLHandshakeException: Remote host closed connection during
handshake
尝试#4
我从这个答案中发现了一些有用的东西:
从版本4.5开始,HttpClient默认禁用SSLv3协议版本
这是他给的解决方案:
SSLContext sslcontext = SSLContexts.createSystemDefault();
SSLConnectionSocketFactory sslConnectionSocketFactory = new SSLConnectionSocketFactory(
sslcontext, new String[] { "TLSv1", "SSLv3" }, null,
SSLConnectionSocketFactory.getDefaultHostnameVerifier());
Registry<ConnectionSocketFactory> socketFactoryRegistry = RegistryBuilder.<ConnectionSocketFactory>create()
.register("http", PlainConnectionSocketFactory.INSTANCE)
.register("https", sslConnectionSocketFactory)
.build();
PoolingHttpClientConnectionManager cm = new PoolingHttpClientConnectionManager(socketFactoryRegistry);
httpclient = HttpClients.custom()
.setDefaultCredentialsProvider(credsProvider)
.setDefaultCookieStore(cookieStore)
.setSSLSocketFactory(sslConnectionSocketFactory)
.setConnectionManager(cm)
.build();
结果 :没用。得到Error while trying to execute request.
javax.net.ssl.SSLHandshakeException: Remote host closed connection during
handshake
-
在使用自签名证书的情况下,上述方法之一应该可行,但是很奇怪的是,在所有方法中您都遇到了相同的例外。
我感觉在客户端或服务器不接受SSL会话建立或握手协议期间。
最好的解决方案是调试应用程序。
如果是tomcat,请在setenv.sh或setenv.bat文件中添加 **-Djavax.net.debug = all** ,然后重新启动服务器。
或者您可以按照本教程进行操作。
连接到SSL时,OP仅需要更改端口:
//For HTTPS HttpHost httpstarget = new HttpHost("mysite.com", 443, "https"); //For HTTP HttpHost httptarget = new HttpHost("mysite.com", 80, "http");
