0

我有 www.billiving.com API 的集成测试套件。当那个 API 调用端点应该是https://www.billiving.com时。

我的测试套件在 Windows 上完美运行。但是,当它移至 ubuntu 14.x 时,它会因以下异常而失败。[1]

所以我编写了这个 [2] 代码来在测试套件之外对其进行测试。它仍然失败,但有同样的例外。

所以我尝试将 billiving.com 证书导入 JKS,但仍然失败并出现同样的异常。

我知道作为一种解决方案,我们可以覆盖 Verifier 类中的验证方法并返回为真。但我需要适当的解决方案,因为这可能会导致安全问题。

1)为什么这个错误以及为什么它只在linux上。

2)我们如何用适当的解决方案解决这个问题

API 网址: https ://www.billiving.com/

[1] 例外:

>     javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No subject alternative DNS
> name matching www.billiving.com found.    at
> com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
>   at
> com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1747)
>   at
> com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:241)
>   at
> com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:235)
>   at
> com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1209)
>   at
> com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:135)
>   at
> com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:593)
>   at
> com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:529)
>   at
> com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:943)
>   at
> com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1188)
>   at
> com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1215)
>   at
> com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1199)
>   at
> sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:434)
>   at
> sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:166)
>   at
> sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1195)
>   at
> java.net.HttpURLConnection.getResponseCode(HttpURLConnection.java:379)
>   at
> sun.net.www.protocol.https.HttpsURLConnectionImpl.getResponseCode(HttpsURLConnectionImpl.java:318)
>   at Application.main(Application.java:20)  Caused by:
> java.security.cert.CertificateException: No subject alternative DNS
> name matching www.billiving.com found.    at
> sun.security.util.HostnameChecker.matchDNS(HostnameChecker.java:193)
>   at sun.security.util.HostnameChecker.match(HostnameChecker.java:77)
>   at
> com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:264)
>   at
> com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:250)
>   at
> com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1188)

[2] 示例代码:

import java.net.HttpURLConnection;
import java.net.MalformedURLException;
import java.net.URL;

public class Application {

    public static void main(String[] args) {

        URL url;
        try {
            url = new URL(args[0]);

        HttpURLConnection connection = (HttpURLConnection) url.openConnection();
        connection.setInstanceFollowRedirects(false);
        connection.setRequestMethod("GET");

        if (connection.getResponseCode() >= 400) {
            System.out.println("ERROR "+ connection.getResponseCode());
        } else {
            System.out.println("Success");
        }

        System.out.println("Connection Crated");



        } catch (MalformedURLException e) {
            // TODO Auto-generated catch block
            e.printStackTrace();
        } catch (Exception e) {
            // TODO Auto-generated catch block
            e.printStackTrace();
        }

    }


}

使用上述代码的命令:

java Application https://www.billiving.com
4

1 回答 1

1

该站点的真实证书具有正确的主机名。但是只有在使用 SNI(服务器名称指示)时才能获得此证书。较旧的 Java 版本不支持 SNI(应该从 Java 7 开始支持),因此您可能需要升级未指定的版本。

于 2015-05-01T06:51:34.350 回答