stackoom
  简体   繁体   中英

How to get the certificates after SSLHandshakeException in Java?

 原文  2022-05-19 13:23:16       java/ https/ certificate/ sslhandshakeexception

Question

How to get the details of an SSLHandshakeException? I try to get the certificates to see the cause of the exception but it throw only a NullPointerException.

    URL url = new URL( "https://localhost:9443/" );
    HttpsURLConnection connection = (HttpsURLConnection)url.openConnection();
    try {
        connection.getInputStream();
    } catch( SSLHandshakeException e ) {
        for( Certificate certificate : connection.getServerCertificates() ) {
            System.err.println( certificate );
        }
    }

but it throw only a NullPointerException.

Exception in thread "main" java.lang.NullPointerException
    at java.base/sun.net.www.protocol.https.HttpsClient.getServerCertificates(HttpsClient.java:695)
    at java.base/sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.getServerCertificates(AbstractDelegateHttpsURLConnection.java:272)
    at java.base/sun.net.www.protocol.https.HttpsURLConnectionImpl.getServerCertificates(HttpsURLConnectionImpl.java:212)
    at TestSSL.main(TestSSL.java:18)

1 answers

solution1
 1 ACCPTED  2022-05-20 10:09:17

From HttpsURLConnection you cannot get any SSL/TLS-level data if the handshake fails.

If you use SSLSocket (or SSLEngine but that's much more work) I think you can get peer certificates before the handshake ends but after the peer's Certificate message has been processed and the cert chain validated. Of course in that situation any handshake failure is not caused by the certificates, so looking at the certificates is a waste of time if what you want is to 'see the cause of the exception'.

In fact in general many handshake failures (and exceptions) are not caused by certificates at all, and when they are are often that cause cannot be seen by looking at the certificates.

In general to see the cause of this exception, like many, you should look at the exception . In particular, e.getMessage() usually tells you the cause (at least the cause experienced by JSSE, which may differ from the original or 'ultimate' cause). In addition e.getCause() if nonnull can contain useful details (though often among greater clutter). And this works at both URLConnection and JSSE levels (and also the j11+ HttpClient).

Added: you can see the server's certificates at commandline with keytool -printcert -sslserver $host[:$port] -- but that's not programming and is offtopic. (Note even though the operation printcert is grammatically singular, it actually does the whole chain.)

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How java validate certificate and why i get SSLHandshakeException How to get list of client certificates using java? Java + X509: How get Certificates Revoked? How can I get a list of trusted root certificates in Java? SSLHandshakeException: Received fatal alert: handshake_failure after Java 6 -> 8 upgrade After upgrading to Java 8u292, TLS connection fails with SSLHandshakeException Why can Java not connect to MySQL 5.7 after the latest JDK update and how should it be fixed? (ssl.SSLHandshakeException: No appropriate protocol) How certificates are really imported in JAVA? Java9 HttpClient SSLHandshakeException java SSLHandshakeException General SSLEngine
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM