我们有一个JavaFX应用程序在一个https安全的资源上调用我们的后端。该应用程序连续向同一个url发出数百个请求,以从服务器获取数据。
这通常没有问题,但现在我们有一个客户报告在连接到资源时出现SSLHandshakeException
问题。他可以很好地处理数百个请求,而下一个请求,客户端失败:
javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Java couldn't trust Server
at sun.security.ssl.Alerts.getSSLException(Unknown Source)
at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source)
at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
at sun.security.ssl.ClientHandshaker.serverCertificate(Unknown Source)
at sun.security.ssl.ClientHandshaker.processMessage(Unknown Source)
at sun.security.ssl.Handshaker.processLoop(Unknown Source)
at sun.security.ssl.Handshaker.process_record(Unknown Source)
at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection.access$200(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection$9.run(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection$9.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at java.security.AccessController.doPrivileged(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source)
at java.net.HttpURLConnection.getResponseCode(Unknown Source)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getResponseCode(Unknown Source)
at com.project.common.ws.client.HttpUrlConnectionRestClient.b(ProGuard:339)
at com.project.common.ws.client.HttpUrlConnectionRestClient.a(ProGuard:227)
at com.project.common.ws.client.HttpUrlConnectionRestClient.a(ProGuard:56)
at com.project.common.ws.client.HttpUrlConnectionRestClient.a(ProGuard:387)
at com.project.projects.map.client.manager.GeomanagerWorker.readGeocodingChunk(ProGuard:5640)
at com.project.projects.map.client.manager.n.readGeocodingChunk(ProGuard:4337)
at com.project.projects.map.client.manager.modules.fx.imports.b.nF(ProGuard:199)
at com.project.projects.map.client.manager.modules.fx.imports.b.call(ProGuard:174)
at javafx.concurrent.Task$TaskCallable.call(Unknown Source)
at java.util.concurrent.FutureTask.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
Caused by: java.security.cert.CertificateException: Java couldn't trust Server
at com.sun.deploy.security.X509TrustManagerDelegate.checkTrusted(Unknown Source)
at com.sun.deploy.security.X509Extended7DeployTrustManagerDelegate.checkServerTrusted(Unknown Source)
at com.sun.deploy.security.X509Extended7DeployTrustManager.checkServerTrusted(Unknown Source)
... 30 more
字符串
我们的SSL证书由GeoTrust SSL CA - G3签署,有效期至2016年12月13日。客户端使用Java 1.8.0_40
我研究了不同的文章. This一个说,它可能与证书域名的大小写敏感性的错误有关.但我们使用所有小写的,证书和请求,所以应该没有问题.
This文章显示,这个问题可能与Java版本有关,因为“可能新的Java版本更严格地执行SSL CA”。它还说,升级到最新的Java版本可能会解决这个问题。我还没有检查这个选项,因为由于公司的IT限制,客户并不总是可能升级Java版本。
更重要的是,我们需要Java Version 1.8才能运行,所以如果它不能与1.8.0_40版本一起工作,那就太糟糕了。
有人知道这个问题的确切原因吗?
2条答案
按热度按时间cyvaqqii1#
我也遇到了同样的问题。我不得不降级到Java 1.6,以便ASDM-IDM连接器工作。
rslzwgfq2#
此问题已在Java 8 Update 60+中修复
https://bugs.openjdk.org/browse/JDK-8065082