为什么当我尝试使用 HTTP 客户端接受我的 SSL 证书时收到连接重置?
Why do I receive a connection reset when I tried to accept my SSL certificate using HTTPclient?
我试图接受我的证书来测试我的 REST api。
为此,我尝试了:
SSLContext sslcontext = SSLContexts
.custom()
.loadTrustMaterial(new File(KEYSTORE_PATH), KEYSTORE_PASSWORD,
new TrustSelfSignedStrategy()).build();
SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(
sslcontext, new String[] { "TLSv1" }, null,
SSLConnectionSocketFactory.getDefaultHostnameVerifier());
CloseableHttpClient closeableHttpClient = HttpClients.custom()
.setSSLSocketFactory(sslsf)
.setSSLHostnameVerifier(NoopHostnameVerifier.INSTANCE).build();
try {
HttpPost postRequest = new HttpPost(BASE_URL);
CloseableHttpResponse response = closeableHttpClient
.execute(postRequest);
// try {
HttpEntity entity = response.getEntity();
EntityUtils.consume(entity);
// } finally {
// response.close();
// }
} finally {
closeableHttpClient.close();
}
错误发生在我closeableHttpClient.execute(postRequest);
变量是:
private static final String KEYSTORE_PATH = System.getProperty("java.home")
+ "/lib/security/cacerts".replace('/', File.separatorChar);
private static final char[] KEYSTORE_PASSWORD = "changeit".toCharArray();
private static final String BASE_URL = "http://localhost:9010/api";
注意:我没有域名,我在本地主机上。
如果我很好地理解错误,那是我的 SSLConnectionSocketFactory 关闭得太早了。但我不知道如何以及为什么。
编辑:我正在使用 HTTPClient。
如果我将端口 HTTP 更新为 HTTPS,我会收到另一个错误:javax.net.ssl.SSLPeerUnverifiedException: Host name 'localhost' does not match the certificate subject provided by the peer
我在这里找到了解决方案:javax.net.ssl.SSLPeerUnverifiedException: Host name does not match the certificate subject provided by the peer
我的代码现在是:
SSLContext sslcontext = SSLContexts
.custom()
.loadTrustMaterial(new File(KEYSTORE_PATH), KEYSTORE_PASSWORD,
new TrustSelfSignedStrategy()).build();
SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(
sslcontext, NoopHostnameVerifier.INSTANCE);
final Registry<ConnectionSocketFactory> registry = RegistryBuilder
.<ConnectionSocketFactory> create()
.register("http", new PlainConnectionSocketFactory())
.register("https", sslsf).build();
final PoolingHttpClientConnectionManager cm = new PoolingHttpClientConnectionManager(
registry);
cm.setMaxTotal(100);
它正在工作,但我仍在努力(了解并发现我是否可以做某事 else/better)!谢谢
我试图接受我的证书来测试我的 REST api。 为此,我尝试了:
SSLContext sslcontext = SSLContexts
.custom()
.loadTrustMaterial(new File(KEYSTORE_PATH), KEYSTORE_PASSWORD,
new TrustSelfSignedStrategy()).build();
SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(
sslcontext, new String[] { "TLSv1" }, null,
SSLConnectionSocketFactory.getDefaultHostnameVerifier());
CloseableHttpClient closeableHttpClient = HttpClients.custom()
.setSSLSocketFactory(sslsf)
.setSSLHostnameVerifier(NoopHostnameVerifier.INSTANCE).build();
try {
HttpPost postRequest = new HttpPost(BASE_URL);
CloseableHttpResponse response = closeableHttpClient
.execute(postRequest);
// try {
HttpEntity entity = response.getEntity();
EntityUtils.consume(entity);
// } finally {
// response.close();
// }
} finally {
closeableHttpClient.close();
}
错误发生在我closeableHttpClient.execute(postRequest);
变量是:
private static final String KEYSTORE_PATH = System.getProperty("java.home")
+ "/lib/security/cacerts".replace('/', File.separatorChar);
private static final char[] KEYSTORE_PASSWORD = "changeit".toCharArray();
private static final String BASE_URL = "http://localhost:9010/api";
注意:我没有域名,我在本地主机上。 如果我很好地理解错误,那是我的 SSLConnectionSocketFactory 关闭得太早了。但我不知道如何以及为什么。
编辑:我正在使用 HTTPClient。
如果我将端口 HTTP 更新为 HTTPS,我会收到另一个错误:javax.net.ssl.SSLPeerUnverifiedException: Host name 'localhost' does not match the certificate subject provided by the peer
我在这里找到了解决方案:javax.net.ssl.SSLPeerUnverifiedException: Host name does not match the certificate subject provided by the peer 我的代码现在是:
SSLContext sslcontext = SSLContexts
.custom()
.loadTrustMaterial(new File(KEYSTORE_PATH), KEYSTORE_PASSWORD,
new TrustSelfSignedStrategy()).build();
SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(
sslcontext, NoopHostnameVerifier.INSTANCE);
final Registry<ConnectionSocketFactory> registry = RegistryBuilder
.<ConnectionSocketFactory> create()
.register("http", new PlainConnectionSocketFactory())
.register("https", sslsf).build();
final PoolingHttpClientConnectionManager cm = new PoolingHttpClientConnectionManager(
registry);
cm.setMaxTotal(100);
它正在工作,但我仍在努力(了解并发现我是否可以做某事 else/better)!谢谢