2

我经历了关于 SSLPeerUnverifiedException 的大部分问题:SO 上没有对等证书,但找不到解决我的问题的方法。大多数解决方案要么提供一个自定义信任管理器来接受所有 SSL 证书,要么提供一个带有默认证书 + 我的服务器证书的自定义密钥库并允许这样做。但我的问题是不同的。

我得到 javax.net.ssl.SSLPeerUnverifiedException: No peer certificate when I use HttpClient 我也尝试过

    public HttpClient createHttpClient()
    {
        HttpParams params = new BasicHttpParams();
        HttpProtocolParams.setVersion(params, HttpVersion.HTTP_1_1);
        HttpProtocolParams.setContentCharset(params, HTTP.DEFAULT_CONTENT_CHARSET);
        HttpProtocolParams.setUseExpectContinue(params, true);

        SchemeRegistry schReg = new SchemeRegistry();
        schReg.register(new Scheme("http", PlainSocketFactory.getSocketFactory(), 80));
        schReg.register(new Scheme("https", SSLSocketFactory.getSocketFactory(), 443));
        ClientConnectionManager conMgr = new ThreadSafeClientConnManager(params, schReg);

        return new DefaultHttpClient(conMgr, params);
    }

但我的链接确实在我设备的浏览器中打开。(Firefox、Chrome 和默认浏览器)

当我使用 openssl 测试 URL 时,我也没有获得对等证书

$ openssl s_client -connect myserver.com:443
CONNECTED(00000003)
write:errno=104
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 225 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
---

我想知道浏览器如何在没有证书的情况下打开此链接。

我还尝试了带有 Curl 的 URL,它似乎确实给出了响应

$ curl -v "https://www.myserver.com/url" -H "Accept:application/json"
* About to connect() to www.myserver.com port 443 (#0)
*   Trying 1XX.XX.XX.XXX... connected
* successfully set certificate verify locations:
*   CAfile: none
  CApath: /etc/ssl/certs
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Server finished (14):
* SSLv3, TLS handshake, Client key exchange (16):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSL connection using AES128-SHA
* Server certificate:
*    subject: C=US; ST=Washington; CN=*.myserver.com
*    start date: 2013-09-16 00:00:00 GMT
*    expire date: 2014-09-24 12:00:00 GMT
*    subjectAltName: myserver.com matched
*    issuer: C=US; O=DigiCert Inc; CN=DigiCert Secure Server CA
*    SSL certificate verify ok.
> GET /url HTTP/1.1
> User-Agent: curl/7.22.0 (x86_64-pc-linux-gnu) libcurl/7.22.0 OpenSSL/1.0.1     zlib/1.2.3.4 libidn/1.23 librtmp/2.3
> Host: myserver.com
> Accept:application/json
> 
< HTTP/1.1 200 OK
< Content-Length: 486
< Content-Type: application/json; charset=utf-8
< Server: Microsoft-HTTPAPI/2.0 Microsoft-HTTPAPI/2.0
< Date: Thu, 19 Sep 2013 12:23:33 GMT
< 
* Connection #0 to host myserver.com left intact
* Closing connection #0
* SSLv3, TLS alert, Client hello (1):
{"My JSON Data"}

预先感谢您的任何帮助

4

0 回答 0