Apache HttpClient解析域为IP地址且证书不匹配 [英] Apache HttpClient resolving domain to IP address and not matching certificate

问题描述

使用Apache HttpComponents HttpClient库(4.0.2)时，我遇到了证书未正确验证的问题.该证书对域名有效(我们将其命名为example.com)，但是该证书已针对IP地址进行了验证:

When using the Apache HttpComponents HttpClient library (4.0.2) I'm having a problem where the certificate doesn't get validated properly. The certificate is valid for the domain name (let's call it example.com) however it's getting validated against the IP address instead:

证书中的

主机名不匹配:< 123.123.123.123>！= < *.example.com>

hostname in certificate didn't match: <123.123.123.123> != <*.example.com>

我建立连接的代码是:

    HttpParams httpParams = new BasicHttpParams();
    HttpConnectionParams.setConnectionTimeout(httpParams, 5000);
    HttpConnectionParams.setSoTimeout(httpParams, 5000);
    DefaultHttpClient httpClient = new DefaultHttpClient(httpParams);            
    String url = "https://www.example.com";
    HttpGet get = new HttpGet(url);
    HttpResponse httpResponse = httpClient.execute(get);
    String response = EntityUtils.toString(httpResponse.getEntity()).trim();

该证书本身在通过Web浏览器连接时显示为有效，并且对于我要连接的域名有效:

The certificate itself shows as valid when connecting through a web browser and is valid for the domain name I'm connecting to:

CN = * .example.com

CN = *.example.com

证书也被添加到Java密钥库中(使用常规HttpsURLConnection测试).

The certificate is also added to the Java keystore (tested using regular HttpsURLConnection).

您知道为什么此代码使用IP地址而不是域名吗?

Any ideas why this code uses the IP address instead of the domain name?

推荐答案

似乎是HttpClient 4.0.2的已知错误-

Appears to be a known bug with HttpClient 4.0.2 - https://issues.apache.org/jira/browse/HTTPCLIENT-996 The bug suggests any of the following:

• 升级到4.0.3版或更高版本
• 降级到4.0.1
• 使用AllowAllHostnameVerifier

这篇关于Apache HttpClient解析域为IP地址且证书不匹配的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！