[英]apache httpclient 4.4: HostnameVerifier transition from 4.3.x
HttpClient 4.3 had three static variables in org.apache.http.conn.ssl.SSLConnectionSocketFactory
: HttpClient 4.3在
org.apache.http.conn.ssl.SSLConnectionSocketFactory
有三个静态变量:
When upgrading the dependency to version 4.4 of HttpClient, I see that all the above constants are deprecated. 将依赖项升级到HttpClient的4.4版时,我看到所有上述常量都已弃用。 The deprecation note in JavaDoc mentioned to use
org.apache.http.conn.ssl.DefaultHostnameVerifier
. JavaDoc中的弃用说明提到使用
org.apache.http.conn.ssl.DefaultHostnameVerifier
。 Reading the docs, I assume that DefaultHostnameVerifier
is a direct replacement to STRICT_HOSTNAME_VERIFIER
. 阅读文档,我假设
DefaultHostnameVerifier
是STRICT_HOSTNAME_VERIFIER
的直接替代STRICT_HOSTNAME_VERIFIER
。 Also the ALLOW_ALL__HOSTNAME_VERIFIER
is easy to implement: ALLOW_ALL__HOSTNAME_VERIFIER
也很容易实现:
package org.wiztools.restclient.http;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.SSLSession;
/**
*
* @author subwiz
*/
public class AllowAllHostnameVerifier implements HostnameVerifier {
@Override
public boolean verify(String string, SSLSession ssls) {
return true;
}
}
There is a subtle distinction between the STRICT_HOSTNAME_VERIFIER
and BROWSER_COMPATIBLE_HOSTNAME_VERIFIER
(from JavaDoc): STRICT_HOSTNAME_VERIFIER
和BROWSER_COMPATIBLE_HOSTNAME_VERIFIER
(来自JavaDoc)之间有一个微妙的区别:
The only difference between BROWSER_COMPATIBLE and STRICT is that a wildcard (such as "*.foo.com") with BROWSER_COMPATIBLE matches all subdomains, including "abfoo.com".
BROWSER_COMPATIBLE和STRICT之间的唯一区别是带有BROWSER_COMPATIBLE的通配符(例如“* .foo.com”)匹配所有子域,包括“abfoo.com”。
Do we have a readily available BROWSER_COMPATIBLE
hostname verifier for httpclient 4.4? 我们是否为httpclient 4.4提供了一个随时可用的
BROWSER_COMPATIBLE
主机名验证程序?
实际上, AllowAllHostnameVerifier的javadoc直接替换了ALLOW_ALL__HOSTNAME_VERIFIER
,即NoopHostnameVerifier 。
You don't need a new implementation class for AllowAllHostnameVerifier
and don't need another implementation for BrowserCompatHostnameVerifier
, simply pass an instance to the new DefaultHostnameVerifier , 您不需要
AllowAllHostnameVerifier
的新实现类,也不需要BrowserCompatHostnameVerifier
其他实现,只需将实例传递给新的DefaultHostnameVerifier ,
SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(sslcontext, new DefaultHostnameVerifier());
this class the neccesary verification methods for both with the following method signatures 本类使用以下方法签名的必要验证方法
public final boolean verify(String host, SSLSession session) (Override)
and 和
public final void verify(String host, X509Certificate cert) throws SSLException
in the second method the httpcomponents does a checking for matching subdomains 在第二种方法中,httpcomponents检查匹配的子域
public final void verify(String host, X509Certificate cert) throws SSLException {
boolean ipv4 = InetAddressUtils.isIPv4Address(host);
boolean ipv6 = InetAddressUtils.isIPv6Address(host);
int subjectType = ((ipv4) || (ipv6)) ? 7 : 2;
List subjectAlts = extractSubjectAlts(cert, subjectType);
if ((subjectAlts != null) && (!(subjectAlts.isEmpty()))) {
if (ipv4)
matchIPAddress(host, subjectAlts);
else if (ipv6)
matchIPv6Address(host, subjectAlts);
else {
matchDNSName(host, subjectAlts, this.publicSuffixMatcher);
}
} else {
X500Principal subjectPrincipal = cert.getSubjectX500Principal();
String cn = extractCN(subjectPrincipal.getName("RFC2253"));
if (cn == null) {
throw new SSLException("Certificate subject for <" + host + "> doesn't contain " + "a common name and does not have alternative names");
}
matchCN(host, cn, this.publicSuffixMatcher);
}
}
take a look at the source code for more clarification 请查看源代码以获得更多说明
org.apache.http.conn.ssl.DefaultHostnameVerifier org.apache.http.conn.ssl.DefaultHostnameVerifier
Hope this helps. 希望这可以帮助。
BrowserCompatHostnameVerifier
was essentially IE 5/6 compatible implementation. BrowserCompatHostnameVerifier
本质上是IE 5/6兼容的实现。 I am no sure if it is actually compatible with more modern browser applications. 我不确定它是否真的与更现代的浏览器应用程序兼容。
BrowserCompatHostnameVerifier
should have never existed in the first place and should not be used anymore. BrowserCompatHostnameVerifier
应该从未存在过,不应该再使用了。
I read all this and nothing worked for me, here's what saved my day: https://stackoverflow.com/a/36507502/3090309 我读了这一切,没有什么对我有用,这就是节省我的一天: https : //stackoverflow.com/a/36507502/3090309
I was using: 我用的是:
compile group: 'org.apache.httpcomponents', name: 'httpclient', version: '4.5.2'
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.