证书不是零星发送的
证书不是零星发送的
提问于 2013-09-16 11:05:58
在我的应用程序中,我有两个组件与REST (基于客户端服务器)相互交谈。
可以将应用程序配置为使用HTTP或HTTPS (自签名证书)。
有时,当我以HTTPS模式启动应用程序时,我的客户端无法与服务器对话。我得到了以下例外:
09-16-2013 12:28:52 [dispatcher] [http-nio-8143-exec-8] [INFO] - Exception while dispatching request
java.util.concurrent.ExecutionException: com.sun.jersey.api.client.ClientHandlerException: javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
...
Caused by: com.sun.jersey.api.client.ClientHandlerException: javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
...
Caused by: javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
...
Caused by: java.io.EOFException: SSL peer shut down incorrectly
...当我停止并启动应用程序时,一切都如期而至。
我试图寻找解决方案,但没有找到任何类似于我的问题的东西,不时发生并通过重新启动修复,所有的问题都是一致的。
Java版本:甲骨文公司,'Java HotSpot(TM) 64位服务器VM',1.7.0_17-b02操作系统:红帽?
更新
结果,在应用程序工作了一段时间之后,这种情况也可能发生。也就是说,一切正常,SSL通信正常,突然出现此错误,直到我重新启动客户端才能解决。
我能够重现-Djavax.net.debug=all的问题,很明显,证书不是从客户端发送的,问题是为什么。因为有时候一切都很顺利,是什么导致事情不时出错呢?
客户端:
pool-4-thread-2, WRITE: TLSv1 Handshake, length = 48
pool-4-thread-2, waiting for close_notify or alert: state 1
pool-4-thread-2, received EOFException: error
pool-4-thread-2, Exception while waiting for close javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
pool-4-thread-2, handling exception: javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
%% Invalidated: [Session-7, TLS_RSA_WITH_AES_128_CBC_SHA]
pool-4-thread-2, SEND TLSv1 ALERT: fatal, description = handshake_failure
Padded plaintext before ENCRYPTION: len = 32
0000: 02 28 7A 8E 21 1F 09 1A 5F 00 5C 42 6B 12 33 D8 .(z.!..._.\Bk.3.
0010: 73 F0 58 DD 0D D9 09 09 09 09 09 09 09 09 09 09 s.X.............
pool-4-thread-2, WRITE: TLSv1 Alert, length = 32
pool-4-thread-2, Exception sending alert: java.net.SocketException: Broken pipe
pool-4-thread-2, called closeSocket()
Keep-Alive-Timer, called close()
Keep-Alive-Timer, called closeInternal(true)
Keep-Alive-Timer, SEND TLSv1 ALERT: warning, description = close_notify
Padded plaintext before ENCRYPTION: len = 32
0000: 01 00 FD 8B FE 50 2A 16 8A FC 10 F7 E0 05 7E D1 .....P*.........
0010: 0A 78 A0 03 84 26 09 09 09 09 09 09 09 09 09 09 .x...&..........
Keep-Alive-Timer, WRITE: TLSv1 Alert, length = 32
[Raw write]: length = 37
0000: 15 03 01 00 20 24 CC 05 7B DA AA 98 D7 BC 49 07 .... $........I.
0010: 59 94 A4 42 A1 D9 22 42 34 C2 75 1B 9E 36 F0 23 Y..B.."B4.u..6.#
0020: 58 9D 80 8D 38 X...8
Keep-Alive-Timer, called closeSocket(selfInitiated)服务器端:
http-nio-8243-exec-2, READ: TLSv1 Handshake, length = 269
*** Certificate chain
***
http-nio-8243-exec-2, fatal error: 42: null cert chain
javax.net.ssl.SSLHandshakeException: null cert chain
%% Invalidated: [Session-5, TLS_RSA_WITH_AES_128_CBC_SHA]
http-nio-8243-exec-2, SEND TLSv1 ALERT: fatal, description = bad_certificate
http-nio-8243-exec-2, WRITE: TLSv1 Alert, length = 2
http-nio-8243-exec-2, fatal: engine already closed. Rethrowing javax.net.ssl.SSLHandshakeException: null cert chain
http-nio-8243-exec-2, called closeOutbound()
http-nio-8243-exec-2, closeOutboundInternal()
http-nio-8243-ClientPoller-1, called closeOutbound()
http-nio-8243-ClientPoller-1, closeOutboundInternal()
http-nio-8243-ClientPoller-1, SEND TLSv1 ALERT: warning, description = close_notify回答 2
Stack Overflow用户
回答已采纳
发布于 2013-09-28 05:16:13
显然,有人向该代码添加了覆盖证书的代码:
HttpsURLConnection.setDefaultSSLSocketFactory(ctx.getSocketFactory());我删除了这一行,现在一切都正常了。
Stack Overflow用户
发布于 2013-09-18 07:28:35
javax.net.ssl.SSLHandshakeException: null cert chain看起来服务器需要客户端证书,而不是发送证书,也不是发送无效证书。在客户端SSL日志中,您将有一个入站CertificateRequest,它后面没有一个出站Certificate消息,或者后面跟着一个空消息。
页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://stackoverflow.com/questions/18826456
复制相关文章
相似问题
腾讯云开发者
