- 浏览: 426633 次
- 性别:
- 来自: 北京
文章分类
最新评论
-
burningblood:
最近也遇到了这个细节问题。我用的是4,里面没有 get.rel ...
httpclient的并发连接问题 -
greatwqs:
使用HttpURLConnection注意设置超时 -
qinweilh:
...
tomcat报错:standardServer.await: create[8005]: -
jayyunfei:
还是不很明白
JPA entityManager的管理 -
a418040445:
...
Calendar
When you want to establish an SSL connection like this;
URL url = new URL("https://localhost:9443/soap_rpc");
|
You may get an exception like this;
javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No name matching localhost found
|
But, you have installed the server certificate, generated keystore and all work fine. So, what may be the problem?
Let's come to the solution;
While making an SSL connection, HttpsClient steps in and does basic server authentication to protect against URL spoofing which includes verifying that the name of the server is found in the certificate. HttpsClient#checkURLSpoofing method checks server identity according to "RFC 2818: HTTP over TLS" - "Section 3.1 Server Identity".
HttpsClient basically uses HostNameChecker first to check the hostname against the names specified in the certificate. Then, if it fails, HostNameVerifier's turn comes and it's used to verify the host name. As mentioned above, while not overridden, SUN's default behaviour is returning false for this verification. This means, if your HostNameChecker fails, you will get one of the exceptions written in the title according to your URL's hostname type.
So, what can be done to "not-fail" HostNameChecker?
HostNameChecker#match method's implementation is like below;
sun.security.util.HostNameChecker
|
public
void
match
(
String hostName, X509Certificate x509certificate
)
throws
CertificateException
{
|
If the incoming hostname is IP, (by matchIP method), it will be searched in available subject alternative names and throw CertificateException("No subject alternative names matching IP address ...") if no matching ip value found.
On the other hand, if the incoming hostname is DNS, (by matchDNS method), it will be searched in available subject alternative names but, different from IP matching algorithm, DNS matching will compare the hostname with the CommonName value from certificate if available. If neither matches with the hostname, a CertificateException("No name matching ... found") will be thrown.
What we can conclude from these details is;
- if you'd like to connect via using IP as hostname; your certificate should include that ip value as a subject alternative name value (of type IPAddress : key=7).
- if you'd like to connect via using DNS as hostname; your certificate should either include that DNS name as a subject alternative name value (of type DNS : key=2) or as a CommonName(CN) value.
Hope it helps...
发表评论
-
糟糕透顶的axis2
2015-02-06 15:27 860我记得很早以前在网上看过文章,大致讲axis2的质量如何 ... -
使用java连接https的问题
2012-03-19 15:41 857在使用hudson的过程中,我们需要发送邮件的功能。但是公司的 ... -
ResourceBundle加载文件的顺序
2011-12-24 15:01 1365If a ResourceBundle class for ... -
异常处理框架
2011-09-07 14:57 825The Nature of Exceptions Bro ... -
httpclient的并发连接问题
2011-05-24 16:14 6687昨天的搜索系统又出状况了,几个库同时重建索引变得死慢。经 ... -
java connect https
2011-05-04 15:37 1020When I use java to connect HTTP ... -
jvm的高性能
2011-04-25 13:48 807jdk将源代码编译成字节码之后,由JVM在运行期对其进行解释执 ... -
java annotation
2011-03-10 14:58 907JDK内置的annotaion 1. @Target ... -
java字节码的操纵
2011-03-09 16:35 1532http://www.infoq.com/cn/article ... -
java 范型
2011-03-09 15:15 759Java泛型(generics)是JDK 5中引入的一个新特性 ... -
正确使用 Volatile 变量
2011-03-04 09:34 790Java 语言中的 volatile 变 ... -
java中Thread与Runnable的区别
2011-02-25 20:42 1746在java中可有两种方式实现多线程,一种是继承Thread类, ... -
copy-on-write
2010-12-08 10:29 934Copy-on-write (sometimes refe ... -
synchronized原理
2010-11-29 14:40 1860每个JAVA对象都有一把锁, 当有多个线程同时访问共享资源的时 ... -
Map 四种同步方式的性能比较
2010-11-25 11:50 975如果需要使 Map 线程安全,大致有这么四种方法: 1、 ... -
Java中HashMap,LinkedHashMap,TreeMap的区别
2010-11-25 11:49 1750java为数据结构中的映射 ... -
java的内存泄漏
2010-11-25 10:52 10521 引言 Java的一个重要优点就是通过垃圾收集器 ... -
解析Java对象的equals()和hashCode()的使用
2010-11-25 10:49 1091前言 在Java语言中,equals()和hash ... -
java map
2010-11-25 10:40 11601. Map key: 同一个key必须hashcode相同。 ... -
Calendar
2010-09-17 15:44 1458对于时间的运算,应当使用Calendar: Calendar ...
相关推荐
然而,当Java程序遇到"java.security.cert.CertificateException: No subject alternative DNS name matching XXX found"异常时,意味着Java无法找到匹配的证书主题备用DNS名称,从而导致SSL握手失败。 这个问题...
当用户遇到"Cannot serve directory No matching DirectoryIndex (index.html) found"的错误时,这意味着Apache无法找到默认的索引文件来显示目录内容。这个问题通常发生在尝试访问一个没有指定默认首页文件(如`...
`boostdesc_bgm.i` 文件是Boost库的一部分,特别是Boost Feature Matching模块,用于图像特征匹配。Boost库是一个广泛使用的C++库,它提供了一系列的工具和库,包括数学运算、图形处理、多线程支持、序列化以及许多...
最近需要将代码移植到nucleo STM32F072RBT6上,在更改Options中device芯片以及C++define后,再次编译链接,出现了几十个相同类型的错误,均为No space in execution regions with .ANY selector matching xxx.o(....
1、写在开头 标题之前我想说一下Linux的mysql真的实在是太坑了。太坑了。总是会出现这样那样的你想不到的问题。崩溃了。首先来罗列一下我遇到过的一些问题吧。 1、大小写敏感 2、连接数超过系统最大连接数 ...
- cvc-complex-type.2.4.c: The matching wildcard is strict, but no declaration can be found for element 'dubbo:application'. - schema_reference.4: Failed to read schema document '...
我们可以使用 ADConfig 类的变量来存储 AD 域的配置信息,然后使用 LTSSSLSocketFactory 类来建立 SSL 连接,最后实现免证书的查询操作。 修改操作 使用 LTSSLSLSocketFactory 类,我们可以实现免证书的修改操作。...
资源分类:Python库 所属语言:Python 资源全名:matching-1.0.1.tar.gz 资源来源:官方 安装方法:https://lanzao.blog.csdn.net/article/details/101784059
访问带https请求忽略ssl证书,避免url.openStream报错javax.net.ssl.SSLHandshakeException url = new URL(imageUrl); if("https".equalsIgnoreCase(url.getProtocol())){ SslUtils.ignoreSsl(); } //不添加...
警告: [SetPropertiesRule]{Server/Service/Engine/Host/Context} Setting property 'source' to 'org.eclipse.jst.jee.server:jwgl' did not find a matching property. 3月 17, 2019 10:51:41 上午 org.apache....
《PyPI官网下载:ucla-subgraph-matching-0.0.1.tar.gz——深入探讨分布式图匹配算法在Python中的应用》 PyPI(Python Package Index)是Python开发者的重要资源库,提供了丰富的Python库供全球程序员下载使用。在...
10. “The element type "XXX" must be terminated by the matching end-tag "XXX".” 这个错误通常发生在 struts-config.xml 文件的格式错误。解决方法是仔细检查 struts-config.xml 文件,确保它是良构的 XML ...
javax.wsdl.WSDLException: WSDLException: faultCode=PARSER_ERROR: Problem parsing '- WSDL Document -'.: org.xml.sax.SAXParseException: The element type "p" must be terminated by the matching end-tag ...
标题中的"ImageMatching_MATLAB.rar"表明这是一份使用MATLAB语言实现的图像配准工具,其中可能包含一系列脚本和函数,用于处理图像的匹配和配准问题。图像配准是图像处理中的一个重要环节,它涉及到将一幅或多幅图像...
models.py — 定义数据表 from django.db import models # Create your models here. class User(models.Model): username = models.CharField(max_length=20, primary_key=True) password = models.CharField(max...
此资源仅供学习使用,请...Motion Matching for Unity (MxM) is an advanced alternative animation system to mecanim which enables fluid and responsive character animation without the need for state machines.
ORA-28040: No matching authentication protocol问题需要oracle12匹配的驱动,目前使用的ojdbc6会出现此问题。用ojdbc8.jar即可解决此问题。官网下载的原版。