java.io.IOException:HTTPS 主机名错误:应该是 <域名> [重复]

【问题标题】:java.io.IOException: HTTPS hostname wrong: should be <domain name> [duplicate]java.io.IOException:HTTPS 主机名错误:应该是 <域名> [重复]
【发布时间】:2014-04-27 09:59:45
【问题描述】:

我正在尝试使用下面的代码使用 URLConnection 访问 url,得到的错误为,

java.io.IOException: HTTPS hostname wrong:  should be <XXXX.XXXX.XXX>
    at sun.net.www.protocol.https.HttpsClient.checkURLSpoofing(Unknown Source)
    at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)
    at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source)
    at sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source)
    at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(Unknown Source)
    at protocol.URL_Certificate.main(URL_Certificate.java:55)

public class URL_Certificate {
    public static void main(String[] args) {
        String urlPlugin = "https://XXXX.XXXX.XXX/signin";

        try {
            // Create a trust manager that does not validate certificate chains
            final TrustManager[] trustAllCerts = new TrustManager[] { new X509TrustManager() {
                @Override
                public void checkClientTrusted(final X509Certificate[] chain,
                        final String authType) {
                }

                @Override
                public void checkServerTrusted(final X509Certificate[] chain,
                        final String authType) {
                }

                @Override
                public X509Certificate[] getAcceptedIssuers() {
                    return null;
                }
            } };

            // Install the all-trusting trust manager
            final SSLContext sslContext = SSLContext.getInstance("SSL");
            sslContext.init(null, trustAllCerts,
                    new java.security.SecureRandom());
            // Create an ssl socket factory with our all-trusting manager
            final SSLSocketFactory sslSocketFactory = sslContext
                    .getSocketFactory();

            InputStream input;
            BufferedReader br;
            String line = "";

            // All set up, we can get a resource through https now:
            final URLConnection urlCon1 = new URL(urlPlugin).openConnection();
            // Tell the url connection object to use our socket factory which
            // bypasses security checks
            ((HttpsURLConnection) urlCon1)
                    .setSSLSocketFactory(sslSocketFactory);

            input = urlCon1.getInputStream();
            br = new BufferedReader(new InputStreamReader(input));
            line = "";
            while ((line = br.readLine()) != null) {
                // TODO: Need to Remove
                System.out.println(line);

            }
            br.close();
            input.close();

        } catch (final Exception e) {
            e.printStackTrace();
        }
    }
}

我可以在浏览器中点击 url 时得到响应,但不能通过代码...... 在上面的代码中,我也跳过了证书验证..

【问题讨论】:

  • 这个信任管理器根本不安全。它也不符合规范。不要使用。

标签: java connection


【解决方案1】:

也许已经为子域或其他方式设置了 SSL 证书?

你在这里写的网址是否正确:

String urlPlugin = "https://XXXX.XXXX.XXX/signin";

【讨论】:

  • 我使用的实际网址是,String urlPlugin = "bank.simple.com/signin";
  • 错误信息中的主机名是什么?
【解决方案2】:

您可能还需要覆盖主机名验证器:

sslSocketFactory.setHostnameVerifier(new HostnameVerifier() {
    public boolean verify(String hostname, SSLSession session) {
      return true;
    }
};

Java 1.7 中存在一个错误,即使您已正确完成所有操作,也会产生此错误。解决方法是禁用 SNI 扩展:

"-Djsse.enableSNIExtension=false"

【讨论】:

  • “覆盖[ing]主机名验证器”似乎将其关闭;在我看来,“接受任何主机名作为我要连接的主机名”关闭安全性通常不是解决安全问题的正确答案。
猜你喜欢
  • 2012-07-27
  • 2015-02-22
  • 1970-01-01
  • 1970-01-01
  • 1970-01-01
  • 2010-12-20
  • 2012-05-01
  • 1970-01-01
  • 2012-04-22
相关资源
最近更新 更多
热门标签
Java Python linux javascript Mysql C# Docker 算法 前端 SpringBoot Redis Vue spring 设计模式 .net core .net kubernetes c++ 数据库 数据结构 大数据 js 机器学习 微服务 Android Go 程序员 面试 JVM ASP.net core 云原生 人工智能 后端 PHP git CSS golang k8s Nginx Django mybatis 深度学习 多线程 React 架构 devops 爬虫 云计算 Spring Boot LeetCode