2
我正在尝试设置一个Java程序来连接到我自己使用SSL的网站。我完全为标准HTTP站点工作,但不适用于HTTP。我的问题是我没有签署我的证书。使用Java套接字连接到未签名的HTTP网站
我该如何让java忽略它没有签名并让我连接的事实?
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(Unknown Source)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(Unknown Source)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(Unknown Source)
at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Unknown Source)
at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(Unknown Source)
at util.Watchlist.getWatchListWebsiteReaderSSL(Watchlist.java:51)
at util.Watchlist.updateWLDP(Watchlist.java:64)
at util.Watchlist.getWLDP(Watchlist.java:24)
at commands.devices.cpt.WldpMessage.run(WldpMessage.java:52)
at cli.Parser.Parse(Parser.java:74)
at fromUI.UISocketReader.run(UISocketReader.java:54)
at java.lang.Thread.run(Unknown Source)
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(Unknown Source)
at sun.security.validator.PKIXValidator.engineValidate(Unknown Source)
at sun.security.validator.Validator.validate(Unknown Source)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(Unknown Source)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)
... 19 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown Source)
at java.security.cert.CertPathBuilder.build(Unknown Source)
... 25 more
嗯,这让我更进了一步。我现在正在收到“收到的致命警报:bad_record_mac”。我认为这可能与服务器上的SSL版本有关。如果你碰巧知道,请让我知道。尽管您的帮助很大! – Kellenjb 2010-12-15 20:17:24
TrustManager不符合其规范。接受所有证书的技术决不能用于生产代码,因为它从根本上破坏了SSL的安全性。请参阅RFC 2246中的讨论。 – EJP 2010-12-17 05:03:23
@EJP我只是在研究一个概念验证,因此SSL很弱。在生产中SSL将被签署。 – Kellenjb 2011-01-03 23:51:07