java apache httpclient 4.5.13 SSLPeerUnverifiedException:的证书< foo.s3.amazonaws.com>与任何主题备用名称都不匹配:[]

jv4diomz  于 2023-08-01  发布在  Java
关注(0)|答案(1)|浏览(190)

我已经更改了我的SSLConnectionSocketFactory以使用DefaultHostNameVerifier而不是NoopHostNameVerifier。

final SSLConnectionSocketFactory sslConnectionSocketFactory = new SSLConnectionSocketFactory(sslContext, new String[] { "TLSv1.2" }, null, NoopHostnameVerifier.INSTANCE);

final SSLConnectionSocketFactory sslConnectionSocketFactory = new SSLConnectionSocketFactory(sslContext, new String[] { "TLSv1.2" }, null, new DefaultHostnameVerifier(PublicSuffixMatcherLoader.getDefault()));

字符串
从那时起,我在执行验证时遇到了问题:“https://foo.s3.amazonaws.com/fileName.csv“我得到一个错误:

Certificate for <foo.s3.amazonaws.com> doesn't match any of the subject alternative names:[*.s3.amazonaws.com, s3.amazonaws.com]


你知道是什么问题吗

  • 我使用的是apache httpclient 4.5.13,它只发生在生产环境中(不能在本地复制)。
javax.net.ssl.SSLPeerUnverifiedException: Certificate for <foo.s3.amazonaws.com> doesn't match any of the subject alternative names: [*.s3.amazonaws.com, s3.amazonaws.com]
    at org.apache.http.conn.ssl.SSLConnectionSocketFactory.verifyHostname(SSLConnectionSocketFactory.java:507)
    at org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:437)
    at org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:384)
    at org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:142)
    at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:376)
    at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:393)
    at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:236)
    at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:186)
    at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:89)
    at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:110)
    at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:185)
    at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:83)

abithluo

abithluo1#

这个bug是由athena-jdbc依赖引起的,它在项目的其他地方使用,并且有自己的public-suffix-list。这个函数PublicSuffixMatcherLoader.getDefault()读取athena jdbc的public-suffix-list,而不是apache的http-client。

相关问题