SslContextFactory sec = new SslContextFactory();
sec.setValidateCerts(false);
WebSocketClient client = new WebSocketClient(sec);
上面的代码是为 Jetty WebSockets 实现的,告诉 java 客户端禁用证书验证。有什么方法可以在 Tomcat8 WebSockets (JSR-356) 的 Java API 中实现相同的功能?
PS:我试过this方法。它不适用于 Tomcat WebSockets 的 Secure WebSocket 连接
【问题讨论】:
标签: java ssl websocket tomcat8 jsr356
您是否生成了自签名证书并尝试使用它? 然后将您的自签名证书导入新的密钥库,并将该密钥库用作客户端的信任库。
对于一个 tyrus websocket 客户端,我是这样使用的:
String keyStorePath = StompClientTest.class.getResource("/myapp.keystore").getPath();
System.getProperties().put("javax.net.debug", "all"); // debug your certificate checking
System.getProperties().put(SslContextConfigurator.KEY_STORE_FILE, keyStorePath);
System.getProperties().put(SslContextConfigurator.TRUST_STORE_FILE, keyStorePath);
System.getProperties().put(SslContextConfigurator.KEY_STORE_PASSWORD, "secret");
System.getProperties().put(SslContextConfigurator.TRUST_STORE_PASSWORD, "secret");
final SslContextConfigurator defaultConfig = new SslContextConfigurator();
defaultConfig.retrieve(System.getProperties());
SslEngineConfigurator sslEngineConfigurator = new SslEngineConfigurator(defaultConfig);
sslEngineConfigurator.setHostVerificationEnabled(false);
StandardWebSocketClient webSocketClient = new StandardWebSocketClient();
webSocketClient.getUserProperties().put(ClientProperties.SSL_ENGINE_CONFIGURATOR, sslEngineConfigurator);
对于tomcat阅读以下问题的答案:https://stackoverflow.com/a/32205864/386213
【讨论】: