SSLException:证书中的主机名不匹配:<50.19.233.255>!= <*。heroku.com>
[英]SSLException: hostname in certificate didn't match: <50.19.233.255> != <*.heroku.com>
问题描述
I'm trying to call heroku's developer api from java, but I get the following exception: 
我正在尝试从Java调用heroku的开发人员api,但出现以下异常:
Exception in thread "main" javax.net.ssl.SSLException: hostname in certificate didn't match: <50.19.233.255> != <*.heroku.com>
My code looks like this: 我的代码如下所示:
HttpClient client = new DefaultHttpClient();
HttpGet request = new HttpGet("https://api.heroku.com/apps");
String token = "d6d7ea6e-6e71-4f13-b0ff-ed9ee9d56c37";
request.addHeader("Authorization", "Bearer "+token);
HttpResponse response = client.execute(request);
If I try it with curl it works fine: 如果我尝试使用curl,它可以正常工作:
curl "https://api.heroku.com/apps" -H"Authorization: Bearer d6d7ea6e-6e71-4f13-b0ff-ed9ee9d56c37"
Why does the java code act differently to curl? 为什么Java代码以不同的方式卷曲?
PS I'm aware that others have asked this questions, but all the answers, eg: PS我知道其他人已经问过这个问题,但是所有的答案,例如:
https://stackoverflow.com/a/7266768 https://stackoverflow.com/a/7266768
https://stackoverflow.com/a/3904473 https://stackoverflow.com/a/3904473
https://stackoverflow.com/a/25356821 https://stackoverflow.com/a/25356821
suggest that I should override the certificate hostname check, which surely defeats the point (and certainly isn't production-ready)? 建议我应该覆盖证书主机名检查,这肯定不能解决问题(当然还不能用于生产)?
1 个解决方案
解决方案1
2 已采纳 2015-12-28 13:05:58
This problem is described in Apache HttpClient resolving domain to IP address and not matching certificate . Apache HttpClient将域解析为IP地址并且不匹配证书中描述了此问题。 It appears to be a bug in the version of HTTPClient you are using, where it compares the target IP instead of the target hostname with the subject certificate. 在您使用的HTTPClient版本中,这似乎是一个错误,该错误将目标IP(而非目标主机名)与主题证书进行比较。 Please use a fixed version of HTTPClient instead. 请改用HTTPClient的固定版本。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.