- 浏览: 416515 次
- 性别:
- 来自: 北京
文章分类
最新评论
-
burningblood:
最近也遇到了这个细节问题。我用的是4,里面没有 get.rel ...
httpclient的并发连接问题 -
greatwqs:
使用HttpURLConnection注意设置超时 -
qinweilh:
...
tomcat报错:standardServer.await: create[8005]: -
jayyunfei:
还是不很明白
JPA entityManager的管理 -
a418040445:
...
Calendar
When you want to establish an SSL connection like this;
URL url = new URL("https://localhost:9443/soap_rpc");
|
You may get an exception like this;
javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No name matching localhost found
|
But, you have installed the server certificate, generated keystore and all work fine. So, what may be the problem?
Let's come to the solution;
While making an SSL connection, HttpsClient steps in and does basic server authentication to protect against URL spoofing which includes verifying that the name of the server is found in the certificate. HttpsClient#checkURLSpoofing method checks server identity according to "RFC 2818: HTTP over TLS" - "Section 3.1 Server Identity".
HttpsClient basically uses HostNameChecker first to check the hostname against the names specified in the certificate. Then, if it fails, HostNameVerifier's turn comes and it's used to verify the host name. As mentioned above, while not overridden, SUN's default behaviour is returning false for this verification. This means, if your HostNameChecker fails, you will get one of the exceptions written in the title according to your URL's hostname type.
So, what can be done to "not-fail" HostNameChecker?
HostNameChecker#match method's implementation is like below;
sun.security.util.HostNameChecker
|
public
void
match
(
String hostName, X509Certificate x509certificate
)
throws
CertificateException
{
|
If the incoming hostname is IP, (by matchIP method), it will be searched in available subject alternative names and throw CertificateException("No subject alternative names matching IP address ...") if no matching ip value found.
On the other hand, if the incoming hostname is DNS, (by matchDNS method), it will be searched in available subject alternative names but, different from IP matching algorithm, DNS matching will compare the hostname with the CommonName value from certificate if available. If neither matches with the hostname, a CertificateException("No name matching ... found") will be thrown.
What we can conclude from these details is;
- if you'd like to connect via using IP as hostname; your certificate should include that ip value as a subject alternative name value (of type IPAddress : key=7).
- if you'd like to connect via using DNS as hostname; your certificate should either include that DNS name as a subject alternative name value (of type DNS : key=2) or as a CommonName(CN) value.
Hope it helps...
发表评论
-
糟糕透顶的axis2
2015-02-06 15:27 822我记得很早以前在网上看过文章,大致讲axis2的质量如何 ... -
使用java连接https的问题
2012-03-19 15:41 805在使用hudson的过程中,我们需要发送邮件的功能。但是公司的 ... -
ResourceBundle加载文件的顺序
2011-12-24 15:01 1314If a ResourceBundle class for ... -
异常处理框架
2011-09-07 14:57 782The Nature of Exceptions Bro ... -
httpclient的并发连接问题
2011-05-24 16:14 6647昨天的搜索系统又出状况了,几个库同时重建索引变得死慢。经 ... -
java connect https
2011-05-04 15:37 944When I use java to connect HTTP ... -
jvm的高性能
2011-04-25 13:48 773jdk将源代码编译成字节码之后,由JVM在运行期对其进行解释执 ... -
java annotation
2011-03-10 14:58 847JDK内置的annotaion 1. @Target ... -
java字节码的操纵
2011-03-09 16:35 1481http://www.infoq.com/cn/article ... -
java 范型
2011-03-09 15:15 700Java泛型(generics)是JDK 5中引入的一个新特性 ... -
正确使用 Volatile 变量
2011-03-04 09:34 741Java 语言中的 volatile 变 ... -
java中Thread与Runnable的区别
2011-02-25 20:42 1692在java中可有两种方式实现多线程,一种是继承Thread类, ... -
copy-on-write
2010-12-08 10:29 889Copy-on-write (sometimes refe ... -
synchronized原理
2010-11-29 14:40 1809每个JAVA对象都有一把锁, 当有多个线程同时访问共享资源的时 ... -
Map 四种同步方式的性能比较
2010-11-25 11:50 926如果需要使 Map 线程安全,大致有这么四种方法: 1、 ... -
Java中HashMap,LinkedHashMap,TreeMap的区别
2010-11-25 11:49 1708java为数据结构中的映射 ... -
java的内存泄漏
2010-11-25 10:52 10041 引言 Java的一个重要优点就是通过垃圾收集器 ... -
解析Java对象的equals()和hashCode()的使用
2010-11-25 10:49 1048前言 在Java语言中,equals()和hash ... -
java map
2010-11-25 10:40 10711. Map key: 同一个key必须hashcode相同。 ... -
Calendar
2010-09-17 15:44 1405对于时间的运算,应当使用Calendar: Calendar ...
相关推荐
由于第三方服务商更新服务器证书,导致向其推送数据出现SSL证书认证失败。 网上搜了一堆,都无法生效,最终找到了一个完美解决方案: 在代码层跳出SSL验证 1、观察异常日志信息如下: 2、新增跳过证书的类,...
apache报Cannot serve directory No matching DirectoryIndex (index.html) found的解决办法 localhost无法访问的可能原因
JAVA ldap AD 域 免证书 查询 修改 删除 新增 启用 禁用 修改密码
BLOG_【故障处理】Oracle_lhr_ORA-28040 No matching authentication protocol.pdfBLOG_【故障处理】Oracle_lhr_ORA-28040 No matching authentication protocol.pdf
资源分类:Python库 所属语言:Python 资源全名:matching-1.0.1.tar.gz 资源来源:官方 安装方法:https://lanzao.blog.csdn.net/article/details/101784059
最近需要将代码移植到nucleo STM32F072RBT6上,在更改Options中device芯片以及C++define后,再次编译链接,出现了几十个相同类型的错误,均为No space in execution regions with .ANY selector matching xxx.o(....
1、写在开头 标题之前我想说一下Linux的mysql真的实在是太坑了。太坑了。总是会出现这样那样的你想不到的问题。崩溃了。首先来罗列一下我遇到过的一些问题吧。 1、大小写敏感 2、连接数超过系统最大连接数 ...
资源来自pypi官网。 资源全名:ucla-subgraph-matching-0.0.1.tar.gz
警告: [SetPropertiesRule]{Server/Service/Engine/Host/Context} Setting property 'source' to 'org.eclipse.jst.jee.server:jwgl' did not find a matching property. 3月 17, 2019 10:51:41 上午 org.apache....
算法设计与分析:6-Lec10-Matching.pdf
Minutia Cylinder-Code: A New Representation and Matching Technique for Fingerpri 对应的PPT资料
2.6 Alternative tokens . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21 2.7 Tokens . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ....
javax.wsdl.WSDLException: WSDLException: faultCode=PARSER_ERROR: Problem parsing '- WSDL Document -'.: org.xml.sax.SAXParseException: The element type "p" must be terminated by the matching end-tag ...
Chapter 18: String Matching with Regular Expressions . . . . . . . . . . . . . . . . 539 Chapter 19: Working with XML . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 573 Chapter 20: ...
Constant Time Weighted Median Filtering for Stereo Matching and Beyond.
real-time correlative scan matching_2009.pdf
Name visibility ............................. 50 Using other components ............. 50 The static keyword ..................... 51 Your first Java program ....... 52 Compiling and running .............
Fuzzy String Matching in Python.zip
ORA-28040: No matching authentication protocol问题需要oracle12匹配的驱动,目前使用的ojdbc6会出现此问题。用ojdbc8.jar即可解决此问题。官网下载的原版。