需要帮助解决javax.net.ssl.SSLPeerUnverifiedException吗_Java_Ssl Certificate_Apache Httpclient 4.x

需要帮助解决javax.net.ssl.SSLPeerUnverifiedException吗

java

需要帮助解决javax.net.ssl.SSLPeerUnverifiedException吗,java,ssl-certificate,apache-httpclient-4.x,Java,Ssl Certificate,Apache Httpclient 4.x,我正在使用ApacheHttpComponents 4.2.5构建一个简单的https客户端，以从服务器获取文件该代码主要基于示例代码。我在Java1.6.031下开发并测试了客户机，它工作正常我将最后一个jar分发到我的一台服务器上，该服务器安装了Java1.7.0_25（大约两周前奇迹般地安装）。在Java7下，当我得到错误时我尝试了很多开关，通过firefox访问了该站点，点击了锁，下载了证书/添加到了cacerts。这在下面的调试日志中得到了验证，请注意，在Java6下，它在没有它

我正在使用ApacheHttpComponents 4.2.5构建一个简单的https客户端，以从服务器获取文件

该代码主要基于示例代码。我在Java1.6.031下开发并测试了客户机，它工作正常

我将最后一个jar分发到我的一台服务器上，该服务器安装了Java1.7.0_25（大约两周前奇迹般地安装）。在Java7下，当我得到错误时

我尝试了很多开关，通过firefox访问了该站点，点击了锁，下载了证书/添加到了cacerts。这在下面的调试日志中得到了验证，请注意，在Java6下，它在没有它的情况下工作。我继续得到相同的堆栈跟踪

Exception in thread "main" javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
    at sun.security.ssl.SSLSessionImpl.getPeerCertificates(Unknown Source)
    at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:126)
    at org.apache.http.conn.ssl.SSLSocketFactory.createLayeredSocket(SSLSocketFactory.java:493)
    at org.apache.http.impl.conn.DefaultClientConnectionOperator.updateSecureConnection(DefaultClientConnectionOperator.java:232)
    at org.apache.http.impl.conn.ManagedClientConnectionImpl.layerProtocol(ManagedClientConnectionImpl.java:401)
    at org.apache.http.impl.client.DefaultRequestDirector.establishRoute(DefaultRequestDirector.java:840)
    at org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:647)
    at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:479)
    at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:906)
    at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:827)

打开javax调试选项并查看其他人发布的内容

    executing request to https://dmf.ntis.gov:443 via http://myproxy.mynet:8080
trustStore is: C:\Program Files\Java\jre7\lib\security\cacerts
trustStore type is : jks
trustStore provider is : 
init truststore

...

adding as trusted cert:
  Subject: CN=dmf.ntis.gov, O=National Technical Information Service, L=Alexandria, ST=Virginia, C=US
  Issuer:  CN=Entrust Certification Authority - L1C, OU="(c) 2009 Entrust, Inc.", OU=www.entrust.net/rpa is incorporated by reference, O="Entrust, Inc.", C=US
  Algorithm: RSA; Serial number: 0x4c1ed933
  Valid from Fri Jan 25 10:23:19 EST 2013 until Sun Jan 26 22:54:05 EST 2014

...

trigger seeding of SecureRandom
done seeding SecureRandom
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256
Allow unsafe renegotiation: true
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
%% No cached client session
*** ClientHello, TLSv1
RandomCookie:  GMT: 1355254829 bytes = { 151, 204, 236, 54, 121, 42, 132, 221, 43, 116, 69, 16, 51, 17, 65, 109, 23, 135, 125, 16, 54, 72, 163, 189, 169, 189, 114, 223 }
Session ID:  {}
Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_SHA, TLS_ECDH_ECDSA_WITH_RC4_128_SHA, TLS_ECDH_RSA_WITH_RC4_128_SHA, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_RC4_128_MD5, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
Compression Methods:  { 0 }
Extension elliptic_curves, curve names: {secp256r1, sect163k1, sect163r2, secp192r1, secp224r1, sect233k1, sect233r1, sect283k1, sect283r1, secp384r1, sect409k1, sect409r1, secp521r1, sect571k1, sect571r1, secp160k1, secp160r1, secp160r2, sect163r1, secp192k1, sect193r1, sect193r2, secp224k1, sect239k1, secp256k1}
Extension ec_point_formats, formats: [uncompressed]
Extension server_name, server_name: [host_name: dmf.ntis.gov]
***
[write] MD5 and SHA1 hashes:  len = 170
0000: 01 00 00 A6 03 01 51 C8   8C 2D 97 CC EC 36 79 2A  ......Q..-...6y*
0010: 84 DD 2B 74 45 10 33 11   41 6D 17 87 7D 10 36 48  ..+tE.3.Am....6H
0020: A3 BD A9 BD 72 DF 00 00   2A C0 09 C0 13 00 2F C0  ....r...*...../.
0030: 04 C0 0E 00 33 00 32 C0   07 C0 11 00 05 C0 02 C0  ....3.2.........
0040: 0C C0 08 C0 12 00 0A C0   03 C0 0D 00 16 00 13 00  ................
0050: 04 00 FF 01 00 00 53 00   0A 00 34 00 32 00 17 00  ......S...4.2...
0060: 01 00 03 00 13 00 15 00   06 00 07 00 09 00 0A 00  ................
0070: 18 00 0B 00 0C 00 19 00   0D 00 0E 00 0F 00 10 00  ................
0080: 11 00 02 00 12 00 04 00   05 00 14 00 08 00 16 00  ................
0090: 0B 00 02 01 00 00 00 00   11 00 0F 00 00 0C 64 6D  ..............dm
00A0: 66 2E 6E 74 69 73 2E 67   6F 76                    f.ntis.gov
main, WRITE: TLSv1 Handshake, length = 170
[Raw write]: length = 175
0000: 16 03 01 00 AA 01 00 00   A6 03 01 51 C8 8C 2D 97  ...........Q..-.
0010: CC EC 36 79 2A 84 DD 2B   74 45 10 33 11 41 6D 17  ..6y*..+tE.3.Am.
0020: 87 7D 10 36 48 A3 BD A9   BD 72 DF 00 00 2A C0 09  ...6H....r...*..
0030: C0 13 00 2F C0 04 C0 0E   00 33 00 32 C0 07 C0 11  .../.....3.2....
0040: 00 05 C0 02 C0 0C C0 08   C0 12 00 0A C0 03 C0 0D  ................
0050: 00 16 00 13 00 04 00 FF   01 00 00 53 00 0A 00 34  ...........S...4
0060: 00 32 00 17 00 01 00 03   00 13 00 15 00 06 00 07  .2..............
0070: 00 09 00 0A 00 18 00 0B   00 0C 00 19 00 0D 00 0E  ................
0080: 00 0F 00 10 00 11 00 02   00 12 00 04 00 05 00 14  ................
0090: 00 08 00 16 00 0B 00 02   01 00 00 00 00 11 00 0F  ................
00A0: 00 00 0C 64 6D 66 2E 6E   74 69 73 2E 67 6F 76     ...dmf.ntis.gov
main, handling exception: java.net.SocketException: Connection reset
main, SEND TLSv1 ALERT:  fatal, description = unexpected_message
main, WRITE: TLSv1 Alert, length = 2
main, Exception sending alert: java.net.SocketException: Connection reset by peer: socket write error
main, called closeSocket()
main, IOException in getSession():  java.net.SocketException: Connection reset

对不起，这里的帖子太长了。此日志是使用-Dsun.security.ssl.allowUnsafeRenegotiation=true开关生成的，但没有任何区别

代码有一些自定义类，但这里没有魔力。配置在属性文件中，并在运行时加载，参数应该是非常自解释的

    private static void getHttpFile(HttpContextConfig cfg,
        HttpContextEntry ctx, 
        String remoteFile, 
        String localFile, 
        Boolean useTemp) throws Exception {


    SimpleDateFormat sdf = new SimpleDateFormat("dd-MMM-yyyy HH:mm:ss.SSS");
    System.out.println("\n\n" + sdf.format(new Date()) +  " HttpClientUtil Starting...");

    DefaultHttpClient httpclient = new DefaultHttpClient();
    // socket.setEnabledProtocols(new String[] { "SSLv3" }); 
    try {
        HttpHost target = new HttpHost(ctx.getHostName(), 
                Integer.parseInt(ctx.getPort()), 
                ctx.getScheme());

        if (null != cfg.getProxyHost()){
            HttpHost proxy = new HttpHost(cfg.getProxyHost(), 
                    cfg.getProxyPort(), 
                    cfg.getProxyScheme());

            httpclient.getParams().setParameter(ConnRoutePNames.DEFAULT_PROXY, proxy);
            System.out.println("executing request to " + target + " via " + proxy);
        }
        else
            System.out.println("executing request to " + target);

        // Set the credentials if we have a userID
        if (null != ctx.getUserName()){
            httpclient.getCredentialsProvider().setCredentials(
                    new AuthScope(ctx.getHostName(), Integer.parseInt(ctx.getPort())),
                    new UsernamePasswordCredentials(ctx.getUserName(), ctx.getPassword()));
        }


        HttpGet req = new HttpGet(remote);

        HttpResponse rsp = httpclient.execute(target, req);
        HttpEntity entity = rsp.getEntity();

        System.out.println("----------------------------------------");
        System.out.println(rsp.getStatusLine());
        Header[] headers = rsp.getAllHeaders();
        for (int i = 0; i<headers.length; i++) {
            System.out.println(headers[i]);
        }
        System.out.println("----------------------------------------");

        System.out.println("\n\t" + sdf.format(new Date()) +  " Writing Output to File: " + local );

            *** Snipped some unimportant code out ***

            OutputStream OutStream = new FileOutputStream(local);

            entity.writeTo(OutStream);
            OutStream.flush();
            OutStream.close();

    } finally {
        // When HttpClient instance is no longer needed,
        // shut down the connection manager to ensure
        // immediate deallocation of all system resources
        httpclient.getConnectionManager().shutdown();
    }
}

private static void getHttpFile（HttpContextConfig cfg，
HttpContextEntry ctx，
字符串远程文件，
字符串localFile，
布尔值（useTemp）引发异常{
SimpleDataFormat sdf=新的SimpleDataFormat（“dd-MMM-yyy-HH:mm:ss.SSS”）；
System.out.println（“\n\n”+sdf.format（new Date（））+“HttpClientUtil start…”）；
DefaultHttpClient httpclient=新的DefaultHttpClient（）；
//setEnabledProtocols（新字符串[]{“SSLv3”}）；
试一试{
HttpHost target=新的HttpHost（ctx.getHostName（），
Integer.parseInt（ctx.getPort（）），
ctx.getScheme（））；
if（null！=cfg.getProxyHost（））{
HttpHost proxy=新的HttpHost（cfg.getProxyHost（），
cfg.getProxyPort（），
getProxyScheme（））；
httpclient.getParams（）.setParameter（ConnRoutePNames.DEFAULT_PROXY，PROXY）；
System.out.println（“通过“+代理”执行对“+目标+”的请求）；
}
其他的
System.out.println（“执行对“+目标”的请求）；
//如果我们有用户ID，请设置凭据
if（null！=ctx.getUserName（））{
httpclient.getCredentialsProvider（）.setCredentials(
新的AuthScope（ctx.getHostName（），Integer.parseInt（ctx.getPort（）），
新用户名密码凭据（ctx.getUserName（），ctx.getPassword（））；
}
HttpGet req=新的HttpGet（远程）；
HttpResponse rsp=httpclient.execute（target，req）；
HttpEntity=rsp.getEntity（）；
System.out.println（“--------------------------------------------------------”；
System.out.println（rsp.getStatusLine（））；
Header[]headers=rsp.getAllHeaders（）；
因为（inti=0；i这个问题的答案最终是很多东西
生产服务器正在使用WPAD（Web代理自动发现）
代理查找。我使用的代理是可访问的，但不是
为我使用的主机进行了真正的配置。我最终使用以避免在属性文件中使用硬编码的代理服务器
Java 7更改了httpclient的行为。我将JRE 7从生产主机复制到本地pc，并受到来自代理服务器的身份验证的挑战。JRE 6中没有出现这种情况。在Windows环境中，我使用NTLM代理身份验证解决了这一问题
奇怪的是，直到我针对有效的代理服务器/主机组合运行代码时，我才发现代理身份验证问题。我确信这是配置问题，但代理服务器返回了一个未经验证的页面，配置正确。在我的生产服务器上，我刚刚断开了套接字连接
不幸的是，这是那些30000英尺的错误中的一个，似乎有许多根本原因。Hi Mike，我从AWS和plivo服务器收到对等身份验证问题。我从AWS尝试在plivo上注册一个端点。但是，对于以前正常工作的同一版本，出现了此错误。
DefaultHttpClient httpclient = new DefaultHttpClient();
httpclient.getAuthSchemes().register("ntlm", new NTLMSchemeFactory());