异常:javax.net.ssl.sslPeerUnverified异常:对等体未验证

jtjikinw  于 2023-01-29  发布在  Java
关注(0)|答案(9)|浏览(360)
public HttpClientVM() {

    BasicHttpParams params = new BasicHttpParams();
    ConnManagerParams.setMaxTotalConnections(params, 10);
    HttpProtocolParams.setVersion(params, HttpVersion.HTTP_1_1);
    HttpProtocolParams.setUseExpectContinue(params, false);
    HttpConnectionParams.setStaleCheckingEnabled(params, true);
    HttpConnectionParams.setConnectionTimeout(params, 30000);
    HostnameVerifier hostnameVerifier=
          org.apache.http.conn.ssl.SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER;
    HttpsURLConnection.setDefaultHostnameVerifier(hostnameVerifier);
    SSLSocketFactory socketFactory = SSLSocketFactory.getSocketFactory();
    socketFactory.setHostnameVerifier((X509HostnameVerifier) hostnameVerifier);
    SchemeRegistry schemeRegistry = new SchemeRegistry();
    schemeRegistry.register(new Scheme("http",socketFactory, 80));
    schemeRegistry.register(new Scheme("https",socketFactory, 443));
        ThreadSafeClientConnManager manager = new ThreadSafeClientConnManager(params, schemeRegistry);
        // Set verifier     
        client = new DefaultHttpClient(manager, params);    
    }
    • 问题:**

执行client.accessURL(url)时,发生以下错误:

Exception in thread "main" javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
    at com.sun.net.ssl.internal.ssl.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:352)
    at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:128)
    at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:397)
    at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:495)
    at org.apache.http.conn.scheme.SchemeSocketFactoryAdaptor.connectSocket(SchemeSocketFactoryAdaptor.java:62)
    at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:148)
    at org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:150)
    at org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:121)
    at org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:575)
    at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:425)
    at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:820)
    at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:754)
    at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:732)

补充资料:

  • 窗口7
  • HTTP客户端4
332nm8kg

332nm8kg1#

证书过期是导致“javax .NET.ssl.SSLPeerUnverifiedException:对等项未通过身份验证”。
密钥工具-列表-v -密钥库文件信任库.ts

Enter keystore password:
    Keystore type: JKS
    Keystore provider: SUN
    Your keystore contains 1 entry
    Alias name: somealias
    Creation date: Jul 26, 2012
    Entry type: PrivateKeyEntry
    Certificate chain length: 1
    Certificate[1]:
    Owner: CN=Unknown, OU=SomeOU, O="Some Company, Inc.", L=SomeCity, ST=GA, C=US
    Issuer: CN=Unknown, OU=SomeOU, O=Some Company, Inc.", L=SomeCity, ST=GA, C=US
    Serial number: 5011a47b
    Valid from: Thu Jul 26 16:11:39 EDT 2012 until: Wed Oct 24 16:11:39 EDT 2012
7gcisfzg

7gcisfzg2#

这个错误是因为您的服务器没有有效的SSL证书。因此我们需要告诉客户端使用不同的TrustManager。下面是一个示例代码:

SSLContext ctx = SSLContext.getInstance("TLS");
X509TrustManager tm = new X509TrustManager() {

    public void checkClientTrusted(X509Certificate[] xcs, String string) throws CertificateException {
    }

    public void checkServerTrusted(X509Certificate[] xcs, String string) throws CertificateException {
    }

    public X509Certificate[] getAcceptedIssuers() {
        return null;
    }
};
ctx.init(null, new TrustManager[]{tm}, null);
SSLSocketFactory ssf = new SSLSocketFactory(ctx,SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
ClientConnectionManager ccm = base.getConnectionManager();
SchemeRegistry sr = ccm.getSchemeRegistry();
sr.register(new Scheme("https", 443, ssf));

client = new DefaultHttpClient(ccm, base.getParams());
bsxbgnwa

bsxbgnwa3#

如果您的服务器基于JDK 7,而您的客户机位于JDK 6上并使用SSL证书,则会出现此异常。在JDK 7中,默认情况下禁用sslv2hello消息握手,而在JDK 6中,启用sslv2hello消息握手。因此,当您的客户机尝试连接服务器时,将向服务器发送sslv2hello消息,并且由于禁用了sslv2hello消息,您将遇到此异常。要解决此问题,您必须将客户机迁移到JDK 7或使用JDK的6u91版本。但要获得此版本的JDK,您必须获得MOS(My Oracle Support)Enterprise支持。此修补程序不是公开的。

qgelzfjb

qgelzfjb4#

如果客户端指定了“https”,但服务器只运行“http”,那么服务器就不会期望建立安全连接。

a5g8bdjr

a5g8bdjr5#

如果您尝试通过HTTPS进行连接,而服务器未配置为正确处理SSL连接,也可能发生这种情况。
我会检查您的应用程序服务器SSL设置,并确保证书配置正确。

798qvoo8

798qvoo86#

在我的例子中,服务器运行在Docker上(使用基本映像adoptopenjdk/openjdk11:alpine),问题是TLS协议级别的错误(感谢以下页面提供的解释:https://jfrog.com/knowledge-base/how-to-resolve-the-javax-net-ssl-sslpeerunverifiedexception-peer-not-authenticated-error-when-using-java-11/)。
解决方案最终是使用以下java标志运行客户端:

-Djdk.tls.client.protocols=TLSv1.2
kmynzznz

kmynzznz7#

在我的例子中,我使用的是JDK 8客户端,而服务器使用的是不安全的旧密码。服务器是Apache,我在Apache配置中添加了以下行:

SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:!MEDIUM:!LOW:!SSLv2:!EXPORT

您应该使用类似下面的工具来验证SSL配置当前是否安全:https://www.ssllabs.com/ssltest/analyze.html

e4yzc0pl

e4yzc0pl8#

同样的问题,我正面临着我们正在使用VPN这发生时,验证码证书在您的keystore.jks文件中丢失.
1.检查您的服务器密钥库是否有captcha证书,要执行此操作,请使用以下命令。转到您的keystore.jks位置并点击usr/java/jdk1.7.0_91/bin/keytool -list -v -keystore keystore.jks,它将列出您在其中的所有证书:usr/java/jdk1.7.0_91/bin/keytool是您的java keytool的位置,如果您不确定服务器上的java路径,可以使用which java命令。
1.如果它不在那里,那么你必须下载验证码证书并将其安装到密钥库,要做到这一点,请按照以下步骤:
a.打开:https://www.google.com/recaptcha/api/siteverify并单击安全图标,单击证书有效

B.点击连接安全

c.之后,单击详细信息并将证书导出为.crt

d.将此.crt文件复制到服务器上。

Go to the location of keystore.jks : 
Run this command : 
 /usr/java/jdk1.7.0_91/bin/keytool -import -alias googlecaptcha -keystore "/location/to/the/keystore.jks" -file "/location/to/crtfile/where/you/have/keep/ /on/server/googlecaptcha.crt"

注意:我已经将www.google.com.crt重命名为googlecaptcha.crt,还更改了location参数。
安装证书后,您可以使用list命令(在步骤1中给出)来验证它。
下面是完成上述过程后的代码片段:

try {
          URL url = new URL(googleURL);
          if(proxy!=null){
              conn = (HttpURLConnection)url.openConnection(proxy);
          }else{
              conn = (HttpURLConnection)url.openConnection();
          }
          conn.setRequestMethod("POST");
          conn.setRequestProperty("Accept", "application/json");
            
          InputStreamReader in = new InputStreamReader(conn.getInputStream());
          BufferedReader br = new BufferedReader(in);
          StringBuilder sb = new StringBuilder();
          String output;
          while ((output = br.readLine()) != null) {
            System.out.println(output);
            sb.append(output);
          } 
          String responseNew = sb.toString();
           responseObject = (ImplValidateCaptchaGoogleResponse)this.mapper.readValue(responseNew, ImplValidateCaptchaGoogleResponse.class);
        
        } catch (Exception e) {
        LOGGER.debug("ERROR_OCCURED ::"+e.getMessage() );
          e.printStackTrace();
        } 
}
qni6mghb

qni6mghb9#

如果您处于开发模式且证书无效,为什么不设置**weClient.setUseInsecureSSL(true)**。

相关问题