Java 对https请求使用Apache HttpComponents：“对等未验证”和“握手失败”错误_Java_Ssl_Apache Httpcomponents

Java 对https请求使用Apache HttpComponents：“对等未验证”和“握手失败”错误

java ssl

Java 对https请求使用Apache HttpComponents：“对等未验证”和“握手失败”错误,java,ssl,apache-httpcomponents,Java,Ssl,Apache Httpcomponents,我试图使用ApacheHttpComponents库对JBoss服务器进行HTTPGET调用。当我使用http URL执行此操作时，它工作正常，但当我使用https URL时，它不工作。以下是我的代码： public static String HttpGET(String requestURL, Cookie cookie) throws HttpException { DefaultHttpClient httpClient = new DefaultHttpCli

我试图使用ApacheHttpComponents库对JBoss服务器进行HTTPGET调用。当我使用http URL执行此操作时，它工作正常，但当我使用https URL时，它不工作。以下是我的代码：

public static String HttpGET(String requestURL, Cookie cookie)
        throws HttpException {

    DefaultHttpClient httpClient = new DefaultHttpClient();

    if (cookie != null) {
        CookieStore store = new BasicCookieStore();
        store.addCookie(cookie);
        ((AbstractHttpClient) httpClient).setCookieStore(store);
    }

    HttpGet httpGet = new HttpGet(requestURL);

    HttpResponse response = null;
    HttpEntity responseEntity = null;
    String responseBody = null;
    try {
        response = httpClient.execute(httpGet);
        // Do some more stuff...

    } catch (SSLPeerUnverifiedException ex) {
        // Message "peer not authenticated" means the server presented
        // a certificate that was not found in the local truststore.
        throw new HttpException("HTTP GET request failed; possible"
                + " missing or invalid certificate: " + ex.getMessage());
    } catch (IOException e) {
        e.printStackTrace();
    } finally {
        // When HttpClient instance is no longer needed,
        // shut down the connection manager to ensure
        // immediate deallocation of all system resources
        httpClient.getConnectionManager().shutdown();
    }

    return responseBody;
}

当我执行GET调用时，我收到一个SSLPeerUnverifiedException。错误消息是：

javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated

经过大量的谷歌搜索和StackOverflow问题后，我一直看到这个建议，所以我在DefaultHttpClient周围添加了这个包装，如下所示：

private static HttpClient wrapClient(HttpClient httpClient) {       
    try {
        SSLContext ctx = SSLContext.getInstance("TLS");
        X509TrustManager tm = new X509TrustManager() {

            public void checkClientTrusted(X509Certificate[] xcs,
                    String string) {
            }

            public void checkServerTrusted(X509Certificate[] xcs,
                    String string) {
            }

            public X509Certificate[] getAcceptedIssuers() {
                return null;
            }
        };
        X509HostnameVerifier verifier = new X509HostnameVerifier() {
            @Override
            public boolean verify(String hostname, SSLSession session) {
                return false;
            }

            @Override
            public void verify(String arg0, SSLSocket arg1)
                    throws IOException { }

            @Override
            public void verify(String arg0, X509Certificate arg1)
                    throws SSLException { }

            @Override
            public void verify(String arg0, String[] arg1, String[] arg2)
                    throws SSLException { }

        };

        ctx.init(null, new TrustManager[] { tm }, null);

        SSLSocketFactory socketFactory = new SSLSocketFactory(ctx);
        socketFactory.setHostnameVerifier(verifier);
        Scheme sch = new Scheme("https", 443, socketFactory);
        httpClient.getConnectionManager().getSchemeRegistry().register(sch);
        return httpClient;

    } catch (Exception ex) {
        ex.printStackTrace();
        return null;
    }
}

但是，这只会产生不同的错误：

javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure

我相信证书设置正确，因为使用Jersey库编写的其他代码可以成功地连接到此服务器。然而，我并没有看到我在Apache HttpComponents上做得不正确。有什么想法吗？如果我犯了明显的错误，我很抱歉，我是SSL新手，还不完全了解我在做什么。谢谢你的帮助

这可能是因为您的服务器需要服务器名称指示

由于Apache HTTP Client 4.2.2似乎不支持SNI，因此它不发送服务器名称扩展，即使在使用Java 7时，您也可能会获得与使用SNI的其他库不同的证书

似乎有一种方法可以实现，但至少您仍然需要Java 7。

您使用的是哪个版本的Apache HTTP客户端？