如何在新的 Java 9 客户端中启用 SNI 扩展? (封装jdk.incubator.http)
HttpClient client = HttpClient.newHttpClient();
client.send(
HttpRequest
.newBuilder(uri)
.GET()
.build(),
HttpResponse.BodyHandler.asString());
但由于缺少 TLS SNI 扩展,此请求失败
javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
at java.base/sun.security.ssl.Alerts.getSSLException(Alerts.java:198)
at java.base/sun.security.ssl.Alerts.getSSLException(Alerts.java:159)
at java.base/sun.security.ssl.SSLEngineImpl.recvAlert(SSLEngineImpl.java:1905)
at java.base/sun.security.ssl.SSLEngineImpl.processInputRecord(SSLEngineImpl.java:1140)
at java.base/sun.security.ssl.SSLEngineImpl.readRecord(SSLEngineImpl.java:1020)
at java.base/sun.security.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:902)
at java.base/sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:680)
at java.base/javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:626)
at jdk.incubator.httpclient/jdk.incubator.http.AsyncSSLDelegate.unwrapBuffer(AsyncSSLDelegate.java:476)
at jdk.incubator.httpclient/jdk.incubator.http.AsyncSSLDelegate.handshakeReceiveAndUnWrap(AsyncSSLDelegate.java:395)
at jdk.incubator.httpclient/jdk.incubator.http.AsyncSSLDelegate.doHandshakeImpl(AsyncSSLDelegate.java:294)
at jdk.incubator.httpclient/jdk.incubator.http.AsyncSSLDelegate.doHandshakeNow(AsyncSSLDelegate.java:262)
at jdk.incubator.httpclient/jdk.incubator.http.AsyncSSLDelegate.connect(AsyncSSLDelegate.java:233)
at jdk.incubator.httpclient/jdk.incubator.http.AsyncSSLConnection.connect(AsyncSSLConnection.java:78)
at jdk.incubator.httpclient/jdk.incubator.http.Http2Connection.<init>(Http2Connection.java:263)
at jdk.incubator.httpclient/jdk.incubator.http.Http2ClientImpl.getConnectionFor(Http2ClientImpl.java:108)
at jdk.incubator.httpclient/jdk.incubator.http.ExchangeImpl.get(ExchangeImpl.java:86)
at jdk.incubator.httpclient/jdk.incubator.http.Exchange.establishExchange(Exchange.java:272)
at jdk.incubator.httpclient/jdk.incubator.http.Exchange.responseImpl0(Exchange.java:283)
at jdk.incubator.httpclient/jdk.incubator.http.Exchange.responseImpl(Exchange.java:260)
at jdk.incubator.httpclient/jdk.incubator.http.Exchange.response(Exchange.java:136)
at jdk.incubator.httpclient/jdk.incubator.http.MultiExchange.response(MultiExchange.java:154)
at jdk.incubator.httpclient/jdk.incubator.http.HttpClientImpl.send(HttpClientImpl.java:234)
at CheckProj/Main.Main.lambda$main$0(Main.java:42)
at java.base/java.util.concurrent.CompletableFuture$UniAccept.tryFire(CompletableFuture.java:714)
at java.base/java.util.concurrent.CompletableFuture.postComplete(CompletableFuture.java:506)
at java.base/java.util.concurrent.CompletableFuture.complete(CompletableFuture.java:2073)
at jdk.incubator.httpclient/jdk.incubator.http.ResponseProcessors$ByteArrayProcessor.onComplete(ResponseProcessors.java:219)
at jdk.incubator.httpclient/jdk.incubator.http.BlockingPushPublisher.acceptData(BlockingPushPublisher.java:65)
at jdk.incubator.httpclient/jdk.incubator.http.AbstractPushPublisher.consume(AbstractPushPublisher.java:51)
at jdk.incubator.httpclient/jdk.incubator.http.ResponseContent.pushBodyChunked(ResponseContent.java:238)
at jdk.incubator.httpclient/jdk.incubator.http.ResponseContent.pushBody(ResponseContent.java:110)
at jdk.incubator.httpclient/jdk.incubator.http.Http1Response.lambda$readBody$2(Http1Response.java:157)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1161)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635)
at java.base/java.lang.Thread.run(Thread.java:844)
我该如何解决?
最佳答案
这是一个不应该起作用但到目前为止起作用的解决方法。
我已经实现了 SSLContext 的一个子类,它总是创建一个带有主机名/端口集(以及用于检查主机名的 SSL 参数)的 SSLEngine。
https://gist.github.com/beders/51d3600d7fb57ad7d36a1745749ef641
这样使用
HttpClient client = HttpClient.newBuilder().sslContext(ctx).sslParameters(ctx.getParametersForSNI()).followRedirects(HttpClient.Redirect.ALWAYS).build();
如果有用请告诉我
关于java - 在新的 Java 9 客户端中启用 TLS SNI,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/44479678/