2

我有一个基于 apache http 客户端的 http 客户端,它似乎对 ssl 证书没有问题。我使用自定义 SSLSocketFactory 对全球认可的证书和自签名证书进行了单元测试。

但是,当我在代理后面运行相同的代码时,它停止工作。我不断收到这个可怕的异常:

javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
at com.sun.net.ssl.internal.ssl.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:352)
at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:128)
at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:572)
at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:180)
at org.apache.http.impl.conn.ManagedClientConnectionImpl.open(ManagedClientConnectionImpl.java:294)
at org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:640)
at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:479)
at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:906)
at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:805)

我将代码减少到最低限度,它仍然抛出相同的异常。编码:

    URI uri = new URI("https://www.google.com");
    DefaultHttpClient client = new DefaultHttpClient();
    client.getParams().setParameter(ConnRoutePNames.DEFAULT_PROXY, 
            new HttpHost("proxy.int", 8080, "https"));

    HttpUriRequest request = new HttpGet(uri);
    HttpResponse response = client.execute(request);

如果未指定任何内容,我不确定它是否使用默认的 ssl 设置,因此我也明确添加了它:

    URI uri = new URI("https://www.google.com");
    DefaultHttpClient client = new DefaultHttpClient();
    client.getParams().setParameter(ConnRoutePNames.DEFAULT_PROXY, 
            new HttpHost("proxy.int", 8080, "https"));

    client.getConnectionManager().getSchemeRegistry().register(
            new Scheme("https", 443, SSLSocketFactory.getSystemSocketFactory()));

    HttpUriRequest request = new HttpGet(uri);
    HttpResponse response = client.execute(request);

我还尝试了 getSocketFactory() (不完全确定与 getSystemSocketFactory() 有什么区别),但仍然是同样的错误。

编辑

代理具有可选的身份验证,我尝试过使用和不使用。使用以下代码设置身份验证信息:

    client.getCredentialsProvider().setCredentials(
        new AuthScope("proxy.int", 8080),
        new UsernamePasswordCredentials("user", "password")
    );

完全一样的错误。

4

1 回答 1

7

问题出在代理声明中,我必须指定“http”而不是“https”:

client.getParams().setParameter(ConnRoutePNames.DEFAULT_PROXY, 
        new HttpHost("proxy.int", 8080, "http"));
于 2012-09-25T05:38:58.473 回答