Java 自定义反应器网络主机名验证器
我需要查询证书/DNS名称不匹配的第三方API。证书中指定的主机名最左边的标签事先不知道(即CN=some random hash.example.com),因此我想用自定义主机名验证器配置HTTP客户端 使用通过Java 自定义反应器网络主机名验证器,java,ssl,netty,reactor-netty,Java,Ssl,Netty,Reactor Netty,我需要查询证书/DNS名称不匹配的第三方API。证书中指定的主机名最左边的标签事先不知道(即CN=some random hash.example.com),因此我想用自定义主机名验证器配置HTTP客户端 使用通过HttpClient.create()获得的默认Reactor Netty客户端时,HostnameChecker类会导致证书验证失败并引发异常: java.security.cert.CertificateException: No subject alternative DNS n
HttpClient.create()
获得的默认Reactor Netty客户端时,HostnameChecker
类会导致证书验证失败并引发异常:
java.security.cert.CertificateException: No subject alternative DNS name matching XXX found.
at sun.security.util.HostnameChecker.matchDNS(HostnameChecker.java:214)
at sun.security.util.HostnameChecker.match(HostnameChecker.java:96)
at sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:455)
at sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:436)
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:252)
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:136)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1626)
... 30 more
建议按如下方式实现SNIMatcher:
HttpClient.create()
.secure(sslContextSpec -> sslContextSpec
.sslContext(sslContext)
.handlerConfigurator((handler) -> {
SSLEngine engine = handler.engine();
SSLParameters params = new SSLParameters();
List<SNIMatcher> matchers = new LinkedList<>();
SNIMatcher matcher = new SNIMatcher(0) {
@Override
public boolean matches(SNIServerName serverName) {
return true;
}
};
matchers.add(matcher);
params.setSNIMatchers(matchers);
engine.setSSLParameters(params);
}));
有同样的问题。你找到解决方法了吗?没有,现在我切换到ApacheHttpClient库。是的,我也这么做了。我们必须弄清楚如何将ApacheHTTP客户端库与SpringWebClient集成,但现在终于可以工作了。无论如何,谢谢你:)
HttpClients.custom().setSSLHostnameVerifier((hostname, session) -> ...).build();