1

我正在尝试使用 aleph 连接到相互验证的 Docker 守护程序。aleph 文档显示您可以传入 netty SSL 上下文以进行身份​​验证。似乎我正在正确创建 SslContext,但所有请求都已关闭

(require '[aleph.http :as http])
(import '[io.netty.handler.ssl SslContext])
(import '[io.netty.handler.ssl SslProvider]) 
(import '[io.netty.handler.ssl SslContextBuilder])

(def ctx
  (doto (SslContextBuilder/forClient)
        (.keyManager (java.io.File. "certs/cert.pem") 
                     (java.io.File. "certs/client.pkcs8"))
        (.trustManager (java.io.File. "certs/ca.pem"))
        (.build)))

(let [pool (http/connection-pool {:connection-options {:ssl-context ctx}})]
  @(http/get (str "http://" host ":" port "/info") {:pool pool}))

结果:“ExceptionInfo 连接已关闭 clojure.core/ex-info (core.clj:4617)”

有没有人找到使用 TLS 连接的好方法?我已经尝试过https://github.com/aphyr/less-awful-ssl但这并不适用于 netty。帮助thnx!

4

1 回答 1

0

发现我错误地创建了 SslContext 对象。应该是这样的:

(def ctx
 (.build
  (.keyManager
   (.trustManager (SslContextBuilder/forClient) ca)
   cert client-key)))

;; pass in ssl-context via pool
(let [pool (http/connection-pool {:connection-options {:ssl-context ctx}})]
  (-> @(http/get (str "https://" host ":" port "/info") {:pool pool})
      :body
      bs/to-string))
于 2016-03-06T07:11:19.877 回答