【问题标题】:getting SSLHandshakeException exception while calling api through the route locator通过路由定位器调用 api 时出现 SSLHandshakeException 异常
【发布时间】:2021-10-15 12:11:59
【问题描述】:

我使用下面的代码来路由到特定的服务,所有服务都在 https 上运行,但是通过定位器调用这些 api 但得到 SSLHandshakeException。

@Bean
    public RouteLocator customRouteLocator(RouteLocatorBuilder builder,
                                           TokenRelayGatewayFilterFactory filterFactory) {
        return builder.routes()
                .route(p -> p.path("/abc/api/**")
                        .filters(f -> f.filter(filterFactory.apply()))`enter code here`
                        .uri("https://localhost:8081"))
                .route(p -> p.path("/bcd/api/**")
                        .filters(f -> f.filter(filterFactory.apply()))
                        .uri("https://localhost:8082/"))
                .build();
    }

2021-08-12 10:54:45.611 ERROR 1060 --- [ctor-http-nio-4] a.w.r.e.AbstractErrorWebExceptionHandler : [100eea72-1]  500 Server Error for HTTP GET "/abc/api/preference/country-list"

javax.net.ssl.SSLHandshakeException: No name matching localhost found
    at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[na:na]
    Suppressed: reactor.core.publisher.FluxOnAssembly$OnAssemblyException: 
Error has been observed at the following site(s):
    |_ checkpoint ⇢ org.springframework.cloud.gateway.filter.WeightCalculatorWebFilter [DefaultWebFilterChain]
    |_ checkpoint ⇢ org.springframework.security.web.server.authorization.AuthorizationWebFilter [DefaultWebFilterChain]
    |_ checkpoint ⇢ org.springframework.security.web.server.authorization.ExceptionTranslationWebFilter [DefaultWebFilterChain]
    |_ checkpoint ⇢ org.springframework.security.web.server.authentication.logout.LogoutWebFilter [DefaultWebFilterChain]
    |_ checkpoint ⇢ org.springframework.security.web.server.savedrequest.ServerRequestCacheWebFilter [DefaultWebFilterChain]
    |_ checkpoint ⇢ org.springframework.security.web.server.context.SecurityContextServerWebExchangeWebFilter [DefaultWebFilterChain]
    |_ checkpoint ⇢ org.springframework.security.web.server.ui.LogoutPageGeneratingWebFilter [DefaultWebFilterChain]
    |_ checkpoint ⇢ org.springframework.security.web.server.ui.LoginPageGeneratingWebFilter [DefaultWebFilterChain]
    |_ checkpoint ⇢ org.springframework.security.config.web.server.ServerHttpSecurity$OAuth2ResourceServerSpec$BearerTokenAuthenticationWebFilter [DefaultWebFilterChain]
    |_ checkpoint ⇢ org.springframework.security.oauth2.client.web.server.authentication.OAuth2LoginAuthenticationWebFilter [DefaultWebFilterChain]
    |_ checkpoint ⇢ org.springframework.security.oauth2.client.web.server.OAuth2AuthorizationRequestRedirectWebFilter [DefaultWebFilterChain]
    |_ checkpoint ⇢ org.springframework.security.web.server.context.ReactorContextWebFilter [DefaultWebFilterChain]
    |_ checkpoint ⇢ org.springframework.web.cors.reactive.CorsWebFilter [DefaultWebFilterChain]
    |_ checkpoint ⇢ org.springframework.security.web.server.header.HttpHeaderWriterWebFilter [DefaultWebFilterChain]
    |_ checkpoint ⇢ org.springframework.security.config.web.server.ServerHttpSecurity$ServerWebExchangeReactorContextWebFilter [DefaultWebFilterChain]
    |_ checkpoint ⇢ org.springframework.security.web.server.WebFilterChainProxy [DefaultWebFilterChain]
    |_ checkpoint ⇢ org.springframework.boot.actuate.metrics.web.reactive.server.MetricsWebFilter [DefaultWebFilterChain]
    |_ checkpoint ⇢ HTTP GET "/abc/api/preference/country-list" [ExceptionHandlingWebHandler]

【问题讨论】:

    标签: sslhandshakeexception


    【解决方案1】:

    此错误消息表示,在 TLS 握手期间,服务器使用主题/主题备用名称不包含 localhost 的证书进行响应。首先是检查服务器证书包含什么:

    openssl s_client -connect localhost:<port_number>
    

    将所有以-----BEGIN CERTIFICATE----- 开头并以-----END CERTIFICATE----- 结尾的内容保存为cert.pem 并检查:

    openssl x509 -in cert.pem -text -noout
    

    这应该会显示主题和主题备用名称(如果有)。

    您至少有几个选择:

    • 使用在 SAN 中具有 localhost 的证书配置服务器。
    • 通过 VM 参数(如果您的底层库支持此功能)或通过代码禁用主机名验证。
    • 覆盖默认 DNS 解析并将流量重定向到服务器证书主题或 SAN 中的任何内容到 localhost。这可以通过hosts 文件或自定义 DNS 解析器来完成。自定义解析器需要更多工作,并且取决于您使用的底层库。

    【讨论】:

      猜你喜欢
      • 2018-03-30
      • 2015-02-25
      • 2020-05-07
      • 2021-10-16
      • 1970-01-01
      • 1970-01-01
      • 2021-07-30
      • 2015-09-12
      • 2012-03-05
      相关资源
      最近更新 更多