我正在尝试使用Apache HTTPClient 4.5版本(教程链接在这里)接受所有证书或自签名证书。
我已经阅读了许多关于此问题的SO帖子,但目前为止没有一个解决方案可行。
我一直收到以下错误:Error while trying to execute request. javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
Apache文档:
- Apache v4.5 tutorial
- SSL/TLS customization
- Apache has a guide for version 3, but not version 4.
相关StackOverflow问题- 这是我尝试的一些解决方案的链接:
- Ignoring SSL certificate in Apache HttpClient 4.3
- How to ignore SSL certificate errors in Apache HttpClient 4.0
- Ignore SSL Certificate Errors with Java
- Need to trust all the certificates during the development using Spring
- How to handle invalid SSL certificates with Apache HttpClient?
请注意,在所有这些示例中,我还传递了一个cookie存储和代理凭据提供程序,这些是有效的,我只是想添加SSL支持。
尝试#1
使用SSLContextBuilder
创建自己的SSL上下文,并使用TrustSelfSignedStrategy
信任所有自签名策略。
SSLContextBuilder sshbuilder = new SSLContextBuilder();
sshbuilder.loadTrustMaterial(null, new TrustSelfSignedStrategy());
SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(sshbuilder.build());
CloseableHttpClient httpclient = HttpClients.custom()
.setDefaultCredentialsProvider(credsProvider)
.setDefaultCookieStore(cookieStore)
.setSSLSocketFactory(sslsf)
.build();
结果: 没有起作用。出现了Error while trying to execute request. javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
尝试 #2
与上述相同,但添加了一个PoolingHttpClientConnectionManager
SSLContextBuilder builder = new SSLContextBuilder();
builder.loadTrustMaterial(null, new TrustSelfSignedStrategy());
SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(builder.build(),SSLConnectionSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
Registry<ConnectionSocketFactory> registry = RegistryBuilder.<ConnectionSocketFactory>create()
.register("http", new PlainConnectionSocketFactory())
.register("https", sslsf)
.build();
PoolingHttpClientConnectionManager cm = new PoolingHttpClientConnectionManager(registry);
cm.setMaxTotal(2000);//max connection
CloseableHttpClient httpclient = HttpClients.custom()
.setDefaultCredentialsProvider(credsProvider)
.setDefaultCookieStore(cookieStore)
.setSSLSocketFactory(sslsf)
.setConnectionManager(cm)
.build();
结果: 没有起作用。出现了Error while trying to execute request. javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
尝试 #3
通过覆盖TrustStrategy
来简单接受所有证书(这并不推荐)
SSLContextBuilder builder = new SSLContextBuilder();
builder.loadTrustMaterial(null, new TrustStrategy() {
@Override
public boolean isTrusted(X509Certificate[] chain, String authType) throws CertificateException {
return true;
}
});
SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(builder.build(),
SSLConnectionSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
CloseableHttpClient httpclient = HttpClients.custom()
.setDefaultCredentialsProvider(credsProvider)
.setDefaultCookieStore(cookieStore)
.setSSLSocketFactory(sslsf)
.build();
结果: 没有起作用。 收到尝试执行请求时出错。 javax.net.ssl.SSLHandshakeException: 远程主机在握手期间关闭连接
第四次尝试
我从这个答案中找到了一些有用的东西:
从版本4.5开始,默认情况下HttpClient禁用SSLv3协议版本
这是他给出的解决方案:
SSLContext sslcontext = SSLContexts.createSystemDefault();
SSLConnectionSocketFactory sslConnectionSocketFactory = new SSLConnectionSocketFactory(
sslcontext, new String[] { "TLSv1", "SSLv3" }, null,
SSLConnectionSocketFactory.getDefaultHostnameVerifier());
Registry<ConnectionSocketFactory> socketFactoryRegistry = RegistryBuilder.<ConnectionSocketFactory>create()
.register("http", PlainConnectionSocketFactory.INSTANCE)
.register("https", sslConnectionSocketFactory)
.build();
PoolingHttpClientConnectionManager cm = new PoolingHttpClientConnectionManager(socketFactoryRegistry);
httpclient = HttpClients.custom()
.setDefaultCredentialsProvider(credsProvider)
.setDefaultCookieStore(cookieStore)
.setSSLSocketFactory(sslConnectionSocketFactory)
.setConnectionManager(cm)
.build();
结果:没有成功。出现了执行请求时发生错误。javax.net.ssl.SSLHandshakeException: 远程主机在握手期间关闭了连接