堆栈内存溢出
  简体   繁体   English

Jetty http2客户端忽略自签名证书

[英]Jetty http2 client to ignore self-signed cert

 原文  2016-10-04 22:55:51       java/ ssl/ jetty/ http2

问题描述

I have an http2 server at https://ec2-52-57-54-142.eu-central-1.compute.amazonaws.com/ with a self-signed cert. 我在https://ec2-52-57-54-142.eu-central-1.compute.amazonaws.com/上有一个带有自签名证书的http2服务器。 And I have a jetty http2 client that simply posts things to it. 我有一个码头http2客户端,可以将内容发布到该客户端。 For some reason, I'm not getting ignoring self-signed cert to work. 由于某些原因,我不会忽略自签名证书的工作。 Here's a snippet of relevant code 这是相关代码的片段 

SslContextFactory factory = new SslContextFactory(true);
factory.setTrustAll(true);
factory.setValidateCerts(false);
factory.setValidatePeerCerts(false);
factory.setEndpointIdentificationAlgorithm(null);

SSLContext sslContext = factory.getSslContext();
if(null == sslContext) {
    sslContext = SSLContext.getInstance("TLS");
}
TrustManager[] verifiers = new TrustManager[] {...// some dummy trust manager that always passes};
sslContext.init(null, verifiers, null);
factory.setSslContext(sslContext);

HttpClientTransportOverHTTP2 httpClientTransportOverHTTP2
            = new HttpClientTransportOverHTTP2(new HTTP2Client());
HttpClient httpClient = new HttpClient(httpClientTransportOverHTTP2, factory);


Request request = httpClient.POST(destination);
ContentProvider contentProvider = new InputStreamContentProvider(new StringInputStream(payload));
request.content(contentProvider);
ContentResponse response = request.send();

And I get these stacktrace 我得到了这些堆栈跟踪 

Caused by: java.util.concurrent.ExecutionException: java.nio.channels.ClosedChannelException
    at org.eclipse.jetty.client.util.FutureResponseListener.getResult(FutureResponseListener.java:118)
    at org.eclipse.jetty.client.util.FutureResponseListener.get(FutureResponseListener.java:101)
    at org.eclipse.jetty.client.HttpRequest.send(HttpRequest.java:652)
    at my code
    ... 34 more
Caused by: java.nio.channels.ClosedChannelException
    at org.eclipse.jetty.io.WriteFlusher.onClose(WriteFlusher.java:498)
    at org.eclipse.jetty.io.ssl.SslConnection$DecryptedEndPoint.onIncompleteFlush(SslConnection.java:409)
    at org.eclipse.jetty.io.AbstractEndPoint$2.onIncompleteFlush(AbstractEndPoint.java:54)
    at org.eclipse.jetty.io.WriteFlusher.write(WriteFlusher.java:322)
    at org.eclipse.jetty.io.AbstractEndPoint.write(AbstractEndPoint.java:140)
    at org.eclipse.jetty.http2.HTTP2Flusher.process(HTTP2Flusher.java:243)
    at org.eclipse.jetty.util.IteratingCallback.processing(IteratingCallback.java:241)
    at org.eclipse.jetty.util.IteratingCallback.succeeded(IteratingCallback.java:365)
    at org.eclipse.jetty.http2.HTTP2Flusher.succeeded(HTTP2Flusher.java:258)
    at org.eclipse.jetty.io.WriteFlusher$PendingState.complete(WriteFlusher.java:269)
    at org.eclipse.jetty.io.WriteFlusher.completeWrite(WriteFlusher.java:394)
    at org.eclipse.jetty.io.ssl.SslConnection$1.run(SslConnection.java:101)
    at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:671)
    at org.eclipse.jetty.util.thread.QueuedThreadPool$2.run(QueuedThreadPool.java:589)
    ... 1 more

When I step through things with a debugger, I see something about NOT_HANDSHAKE in one of the connection objects. 当我使用调试器逐步调试时,在其中一个连接对象中看到有关NOT_HANDSHAKE的信息。

I really don't care about verifying anything. 我真的不在乎验证任何事情。 I just want to connect over HTTP2/TLS. 我只想通过HTTP2 / TLS连接。 I searched for many different terms, but they all end up with more or less the same thing (setTrustAll, custom TrustManager, etc) 我搜索了许多不同的术语,但它们最终都或多或少地具有相同的含义(setTrustAll,自定义TrustManager等)

Any help? 有什么帮助吗? Thanks! 谢谢!

PS Jetty version 9.3.12 PS Jetty版本9.3.12

2 个解决方案

解决方案1
 2 已采纳  2016-10-05 07:30:58

Your client code is correct, although redundant. 您的客户端代码是正确的,尽管是多余的。 It is enough to do: 这足以做到: 

    SslContextFactory sslContextFactory = new SslContextFactory(true);

    HTTP2Client http2Client = new HTTP2Client();
    HttpClient httpClient = new HttpClient(new HttpClientTransportOverHTTP2(http2Client), sslContextFactory);
    httpClient.start();

    ContentResponse response = httpClient.GET("https://ec2-52-57-54-142.eu-central-1.compute.amazonaws.com/");

If you enable DEBUG logging on the Jetty HTTP/2 client, you will see that the client receives: 如果在Jetty HTTP / 2客户端上启用DEBUG日志记录,您将看到该客户端收到: 

2016-10-05 09:20:33.102:DBUG:oejhp.Parser:qtp1897115967-15: Parsed GO_AWAY frame header from java.nio.HeapByteBuffer[pos=9 lim=35 cap=16384]
2016-10-05 09:20:33.103:DBUG:oejh.HTTP2Session:qtp1897115967-15: Received GoAwayFrame@3bc447d3,0/INADEQUATE_SECURITY_ERROR/Unknown error code

So the problem is that the server thinks that the security is inadequate (the GOAWAY frame arrives with error code INADEQUATE_SECURITY_ERROR). 因此,问题在于服务器认为安全性不足(GOAWAY帧到达时,错误代码为INADEQUATE_SECURITY_ERROR)。

At this point, the problem is on the server. 此时,问题出在服务器上。 You have to figure out why the server thinks the security is inadequate. 您必须弄清楚为什么服务器认为安全性不足。 Probably just a matter of configuration on the server. 可能只是服务器上的配置问题。

解决方案2
 0  2019-01-26 12:51:31

尝试

transport.setUseALPN(false);

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 在客户端上使用ftp4j忽略CentOS上的自签名ssl证书 - Ignore self-signed ssl cert on CentOS using ftp4j on client 将自签名证书交换为受信任证书? - Swapping a self-signed cert for a trusted cert? Apache http 客户端自签名证书 - Apache http client self signed cert PHP SoapClient,带有Java自签名证书 - PHP SoapClient with self-signed cert in Java Tomcat 服务器和 HTTP 客户端接受过期的自签名证书 - Tomcat server AND HTTP Client accepting expired self-signed certificate Java SSL-以编程方式将自签名证书添加到cacert - Java SSL - adding self-signed cert to cacerts programmatically 需要使用Apache HttpClient登录自签名证书的访问站点 - Access site requiring login an self-signed cert with Apache HttpClient 使JMX在具有SSL和自签名证书的Tomcat 7下工作 - Getting JMX working under Tomcat 7 with SSL and a self-signed cert Jetty Websocket连接-忽略自签名证书 - Jetty Websocket connection - ignore self signed certs 忽略 Apache HTTPClient 4.5 中的自签名证书 - Ignore self-signed certificates in Apache HTTPClient 4.5
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM