我研究了如何从使用自签证书的服务器中通过<代码>HTTPS检索一些东西的各种职位。 然而,他们似乎没有工作——他们都未能消除。
javax.net.sl.SSLException: 不可信赖的服务器证书电文。
改变服务器以取得可信赖的证书并不是一种选择,使服务器证书与服务器的IP地址相匹配也不是一种选择。
值得注意的是,服务器不会有国名,只能有IP地址。 GET的要求就是这样:
https://username:password@anyIPAddress/blabla/index.php?param=1¶m2=3
我完全知道,这一解决办法容易发生人对手的攻击等。
因此,解决办法必须忽视对证书缺乏信任的问题,忽视东道国的名称不匹配。
是否有任何人知道该法典,这是用 Java来为之?
如你正确指出的,有两个问题:(a) 证书是值得信赖的,(b) 证书上的名字与东道国名不符。
<WARNING: for any others achieving this questionnaire, this is a dirty, horrible hack and You must not 它用于任何事项。 没有任何认证的SSL/TLS比完全没有加密更糟——阅读和修改你的“加密”数据是攻击者的trivial和你 哪怕是知道。
还是与我在一起? 我担心......
a) 通过创建“SSLContext”习俗来解决,其信托经理接受以下任何内容:
SSLContext ctx = SSLContext.getInstance("TLS");
ctx.init(null, new TrustManager[] {
new X509TrustManager() {
public void checkClientTrusted(X509Certificate[] chain, String authType) {}
public void checkServerTrusted(X509Certificate[] chain, String authType) {}
public X509Certificate[] getAcceptedIssuers() { return new X509Certificate[]{}; }
}
}, null);
HttpsURLConnection.setDefaultSSLSocketFactory(ctx.getSocketFactory());
(b) 设置一个东道方,使联系得以进行,即使该名牌照与东道方名称相符:
HttpsURLConnection.setDefaultHostnameVerifier(new HostnameVerifier() {
public boolean verify(String hostname, SSLSession session) {
return true;
}
});
两者都必须在你们的法典一开始,在你们开始与HttpsURLConnections相接之前发生。 这既在安乐施会,又在普通的JRE工作。 欢乐。
如果你重新使用HttpsURLConnection,那么在前尝试使用setHostnameVerifier,然后通过HostnameVerifier,该编码不论真实性,都刚刚接受。
http://blog.craysl-certificates.html
如果你能够使用这些装置,你可以把证书添加到钥匙仓库中:。 详见。
另一方面,您可使用。 方法,但我想是这样。
<>Resources>:
www.un.org/Depts/DGACM/index_spanish.htm 关于同一专题:
如果你问我,那是安全的。
http://blog.antoine.li/index.php/ 201010/android-trusting-sl-certificates/“rel=“nofollow”http://blog.antoine.li/index.php 201010/android-trusting-sl-certificates/ 确实,这并非难以执行。
另外,Maciek建议的教学也非常好。
我对此进行了测试,在我手里工作时没有问题。
我做了一个用自签证书4个月前在这里使用的读物,是它帮助的代码:。
Hi have this j2ee web application developed using spring framework. I have a problem with rendering mnessages in nihongo characters from the properties file. I tried converting the file to ascii using ...
Check this, List<String> list = new ArrayList<String>(); for (int i = 0; i < 10000; i++) { String value = (""+UUID.randomUUID().getLeastSignificantBits()).substring(3, ...
I am in the middle of solving a problem where I think it s best suited for a decorator and a state pattern. The high level setting is something like a sandwich maker and dispenser, where I have a set ...
I have been trying to execute a MS SQL Server stored procedure via JDBC today and have been unsuccessful thus far. The stored procedure has 1 input and 1 output parameter. With every combination I ...
I have a system which contains multiple applications connected together using JMS and Spring Integration. Messages get sent along a chain of applications. [App A] -> [App B] -> [App C] We set a ...
If I m given two Java Libraries in Jar format, 1 having no bells and whistles, and the other having lots of them that will mostly go unused.... my question is: How will the larger, mostly unused ...
I have a Class variable that holds a certain type and I need to get a variable that holds the corresponding array class. The best I could come up with is this: Class arrayOfFooClass = java.lang....
I m working on a Java desktop application that reads and writes from/to different files. I think a better solution would be to replace the file system by a SQLite database. How hard is it to migrate ...