Release Notes
httpclinet:4.3.1
jdk:1.6
Tomcat:6
Exception information
caused by:javax.net.ssl.SSLException:Certificate for <**> doesn ' t contain GB or DNS Subjectalt at Org.apach E.http.conn.ssl.abstractverifier.verify (abstractverifier.java:178) at Org.apache.http.conn.ssl.BrowserCompatHostnameVerifier.verify (browsercompathostnameverifier.java:54) at Org.apache.http.conn.ssl.AbstractVerifier.verify (abstractverifier.java:152) at Org.apache.http.conn.ssl.AbstractVerifier.verify (abstractverifier.java:133) at Org.apache.http.conn.ssl.SSLConnectionSocketFactory.verifyHostname (sslconnectionsocketfactory.java:291) at Org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket (sslconnectionsocketfactory.java:262) at Org.apache.http.impl.conn.HttpClientConnectionOperator.connect (httpclientconnectionoperator.java:118) at Org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect (Poolinghttpclientconnectionmanager.java : 314) at Org.apache.http.impl.execchain.MainClientExec.establishRoute (mainclientexec.java:357) at Org.apache.http.impl.execchain.MainClientExec.execute (mainclientexec.java:218) At Org.apache.http.impl.execchain.ProtocolExec.execute (protocolexec.java:194) at Org.apache.http.impl.execcha In. Retryexec.execute (retryexec.java:85) at Org.apache.http.impl.execchain.RedirectExec.execute (Redirectexec.java : 108) at Org.apache.http.impl.client.InternalHttpClient.doExecute (internalhttpclient.java:186) at Org.apache . Http.impl.client.CloseableHttpClient.execute (closeablehttpclient.java:82) at Org.apache.http.impl.client.CloseableHttpClient.execute (closeablehttpclient.java:106) ... More
Background
To initiate an HTTPS request with HttpClient ignoring the certificate, the code is as follows
Package Cn.org.pcac.ries.httpservice.util;import Java.io.ioexception;import java.security.KeyManagementException; Import Java.security.nosuchalgorithmexception;import Java.security.cert.certificateexception;import Java.security.cert.x509certificate;import Java.util.arraylist;import Java.util.list;import Javax.net.ssl.sslcontext;import Javax.net.ssl.sslexception;import Javax.net.ssl.sslsession;import Javax.net.ssl.sslsocket;import Javax.net.ssl.trustmanager;import Javax.net.ssl.x509trustmanager;import Org.apache.http.httpentity;import Org.apache.http.httpresponse;import Org.apache.http.namevaluepair;import Org.apache.http.client.config.requestconfig;import Org.apache.http.client.entity.urlencodedformentity;import Org.apache.http.client.methods.httppost;import Org.apache.http.conn.ssl.x509hostnameverifier;import Org.apache.http.impl.client.closeablehttpclient;import Org.apache.http.impl.client.httpclients;import Org.apache.http.message.basicnamevaluepair;import org.apache.http.util.EntityUtils;public class Httpssend {public static void main (string[] args) throws Exception {String url = ""; list<namevaluepair> formparams = new arraylist<namevaluepair> (); HttpPost HttpPost = new HttpPost (URL); Set the customer timeout requestconfig defaultrequestconfig = Requestconfig.custom (). SetSocketTimeout (9000). Setcon Necttimeout (9000). Setconnectionrequesttimeout (9000). Setstaleconnectioncheckenabled (true). b Uild (); Set the server side requestconfig Requestconfig = Requestconfig.copy (defaultrequestconfig). build (); Formparams.add (New Basicnamevaluepair ("Param", "")); Httppost.setconfig (Requestconfig); Closeablehttpclient httpclient = null; HttpClient = Httpclients.custom (). Setdefaultrequestconfig (Defaultrequestconfig). build (); Sslcontext sslcontext = null; if (Url.indexof ("https") = = 0) {Sslcontext = CreateignoreverIfyssl (); HttpClient = Httpclients.custom (). Setdefaultrequestconfig (Defaultrequestconfig). Setsslcontext (Sslconte XT). Build (); } urlencodedformentity uefentity = new Urlencodedformentity (formparams, "UTF-8"); Httppost.setentity (uefentity); HttpResponse response = Httpclient.execute (HttpPost); httpentity entity = response.getentity (); if (Entity! = NULL) {//Get return message String respons = entityutils.tostring (Entity, "UTF-8"); Entityutils.consume (entity); System.out.println (respons); }} public static Sslcontext Createignoreverifyssl () throws NoSuchAlgorithmException, Keymanagementexception { Sslcontext sc = sslcontext.getinstance ("TLS"); X509trustmanager TrustManager = new X509trustmanager () {@Override public void Checkclienttruste D (java.security.cert.x509certificate[] paramArrayOfX509Certificate, String paramstring) throws certificateexception {} @Override public void checkservertrusted (java.security.cert.x509certificate[] Paramarrayofx509cer Tificate, String paramstring) throws certificateexception {} @Override Public java.security.cert.x509certificate[] Getacceptedissuers () {return null; } }; Sc.init (NULL, new trustmanager[] {TrustManager}, NULL); return SC; } }
Cause of error
Trace the source, the exception information is as follows:
Access to the site's certificate for the self-visa book, missing cn= and other information, but I have ignored the certificate check why this problem still occurs?
When initializing closeablehttpclient is found, the following code is available:
Therefore, modifying the initialization closeablehttpclient will
HttpClient = Httpclients.custom (). Setdefaultrequestconfig (Defaultrequestconfig)
. Setsslcontext (Sslcontext). build ();
Change into
HttpClient = Httpclients.custom (). Setdefaultrequestconfig (Defaultrequestconfig)
. Sethostnameverifier (Hostnameverifier)
. Setsslcontext (Sslcontext). build ();
Add variable
public static X509hostnameverifier Hostnameverifier = new X509hostnameverifier () {br/> @Override
return true;
}
@Override public void verify(String host, String[] cns, String[] subjectAlts) throws SSLException { } @Override public void verify(String host, X509Certificate cert) throws SSLException { } @Override public void verify(String host, SSLSocket ssl) throws IOException { }};
Record access to HTTPS doesn ' t contain CN or DNS sub error