您可以通过补丁方式为原始的Sun JDK (bootclasspath)添加一些代码行,以使服务器SNI功能正常运作。
类: sun.security.ssl.ServerHandshaker
添加字段
/** Use for SNI */
private ServerNameExtension serverNameExtension = null
在客户端Hello报文中添加以下内容(使用Patch方法)。
/* Use for SNI */
this.serverNameExtension = (ServerNameExtension)mesg.extensions.get(ExtensionType.EXT_SERVER_NAME)
设置私钥和链的Patch方法(更改)
if (this.conn != null) { alias = km.chooseServerAlias(algorithm , null, this.conn)
} else { alias = km.chooseEngineServerAlias(algorithm, null, this.engine)
to
final Principal[] principals = (this.serverNameExtension == null) ? null : this.serverNameExtension.getHostnamePrincipals()
if (this.conn != null) { alias = km.chooseServerAlias(algorithm , principals, this.conn)
} else { alias = km.chooseEngineServerAlias(algorithm, principals, this.engine)
添加到类sun.security.ssl.ServerNameExtension
static final class ServerNamePrincipal implements Principal {
private final String name;
ServerNamePrincipal(final String name) { this.name = name; }
@Override public String getName() { return this.name; }
@Override public String toString() { return this.name; }
}
public Principal[] getHostnamePrincipals() {
final List<Principal> principals = new LinkedList<>();
for(final ServerName name : this.names) {
if(name.type == NAME_HOST_NAME) { principals.add(new ServerNamePrincipal(name.hostname)); }
}
return principals.toArray(new Principal[principals.size()]);
}