我有一个 mule 项目,它使用自签名证书通过 HTTPS (TLS) 使用出站连接到我的本地 tomcat 服务器。当我执行流程时,出现以下异常
Mule HTTP 连接器
<http:request-config name="SP2" host="my_fqdn" port="38443" doc:name="SP Request Configuration" protocol="HTTPS" >
<tls:context>
<tls:trust-store path="/temp/temp1.keystore.jks" password="changeit" type="jks"/>
</tls:context>
</http:request-config>
Mule Flow 错误
javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
at sun.security.ssl.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:397) ~[?:1.7.0_67]
at org.mule.module.http.internal.domain.request.ClientConnection.getClientCertificate(ClientConnection.java:67) ~[mule-module-http-3.7.2.jar:3.7.2]
at org.mule.module.http.internal.listener.HttpRequestToMuleEvent.transform(HttpRequestToMuleEvent.java:63) ~[mule-module-http-3.7.2.jar:3.7.2]
at org.mule.module.http.internal.listener.DefaultHttpListener.createEvent(DefaultHttpListener.java:165) ~[mule-module-http-3.7.2.jar:3.7.2]
at org.mule.module.http.internal.listener.DefaultHttpListener.access$000(DefaultHttpListener.java:39) ~[mule-module-http-3.7.2.jar:3.7.2]
at org.mule.module.http.internal.listener.DefaultHttpListener$1.handleRequest(DefaultHttpListener.java:124) ~[mule-module-http-3.7.2.jar:3.7.2]
at org.mule.module.http.internal.listener.grizzly.GrizzlyRequestDispatcherFilter.handleRead(GrizzlyRequestDispatcherFilter.java:83) ~[mule-module-http-3.7.2.jar:3.7.2]
at org.glassfish.grizzly.filterchain.ExecutorResolver$9.execute(ExecutorResolver.java:119) ~[grizzly-framework-2.3.21.jar:2.3.21]
at org.glassfish.grizzly.filterchain.DefaultFilterChain.executeFilter(DefaultFilterChain.java:283) ~[grizzly-framework-2.3.21.jar:2.3.21]
at org.glassfish.grizzly.filterchain.DefaultFilterChain.executeChainPart(DefaultFilterChain.java:200) ~[grizzly-framework-2.3.21.jar:2.3.21]
at org.glassfish.grizzly.filterchain.DefaultFilterChain.execute(DefaultFilterChain.java:132) ~[grizzly-framework-2.3.21.jar:2.3.21]
at org.glassfish.grizzly.filterchain.DefaultFilterChain.process(DefaultFilterChain.java:111) ~[grizzly-framework-2.3.21.jar:2.3.21]
at org.glassfish.grizzly.ProcessorExecutor.execute(ProcessorExecutor.java:77) ~[grizzly-framework-2.3.21.jar:2.3.21]
at org.glassfish.grizzly.nio.transport.TCPNIOTransport.fireIOEvent(TCPNIOTransport.java:536) ~[grizzly-framework-2.3.21.jar:2.3.21]
at org.glassfish.grizzly.strategies.AbstractIOStrategy.fireIOEvent(AbstractIOStrategy.java:112) ~[grizzly-framework-2.3.21.jar:2.3.21]
at org.mule.module.http.internal.listener.grizzly.ExecutorPerServerAddressIOStrategy.run0(ExecutorPerServerAddressIOStrategy.java:102) ~[mule-module-http-3.7.2.jar:3.7.2]
at org.mule.module.http.internal.listener.grizzly.ExecutorPerServerAddressIOStrategy.access$100(ExecutorPerServerAddressIOStrategy.java:30) ~[mule-module-http-3.7.2.jar:3.7.2]
at org.mule.module.http.internal.listener.grizzly.ExecutorPerServerAddressIOStrategy$WorkerThreadRunnable.run(ExecutorPerServerAddressIOStrategy.java:125) ~[mule-module-http-3.7.2.jar:3.7.2]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) [?:1.7.0_67]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) [?:1.7.0_67]
at java.lang.Thread.run(Thread.java:745) [?:1.7.0_67]
通常这意味着我的信任库设置不正确。在我的例子中,我在 Mule 的 TLS 上下文中设置了信任库。由于我仍然收到错误,我认为 Mule 不知何故不遵守我的 TLS 上下文设置。
此外,我在 Anypoint Studio 中在与我的 Mule 流程执行的项目相同的项目中设置了一个测试程序。
System.setProperty("javax.net.ssl.trustStore","/temp/temp1.keystore.jks");
System.setProperty("javax.net.ssl.trustStoreType", KeyStore.getDefaultType());
System.setProperty("javax.net.ssl.trustStorePassword","changeit");
SocketFactory sslContext = (SSLSocketFactory) SSLSocketFactory.getDefault();
SSLSocket sslSocket = (SSLSocket) sslContext.createSocket("my_fqdn",38443);
SSLSession sslSession = sslSocket.getSession();
sslSession.getPeerCertificates();
在上面提到的 Java 代码中,如果我没有正确设置信任库,我会收到“对等未验证”错误。但是,当我如上所述设置信任库时,程序执行时没有任何错误。最后,我尝试将信任库作为 JVM args 传递,但这也没有用。
所以我对骡子为什么这样行事一无所知。有谁知道如何解决这个问题?
最佳答案
Mule 3.7.2 默认使用 SSLV2Hello。 Tomcat 连接器在收到 SSLV2Hello 时正在关闭连接。我通过修改 tomcat 连接器解决了这个问题,主要围绕 sslEnabledProtocols 列表。
<Connector port="38443" protocol="org.apache.coyote.http11.Http11NioProtocol"
maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
keystoreFile="/tmp/temp1.keystore.jks"
keystorePass="changeit"
sslEnabledProtocols="TLSv1,TLSv1.1,TLSv1.2,SSLv2Hello"/>
关于ssl - Mule : javax.net.ssl.SSLPeerUnverifiedException: peer 未通过身份验证,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/34068775/