如何在Java中为Elasticsearch RestClient v6.7.0禁用SSL验证 [英] How to disable SSL verification for Elasticsearch RestClient v6.7.0 in Java

问题描述

我正在尝试连接到ssh隧道后面的elasticsearch实例.elasticsearch实例的域是 *.ap-south-1.es.amazonaws.com ，而在本地隧道上，我通过 localhost:9201 连接.

I'm trying to connect to an elasticsearch instance which is behind a ssh tunnel. Domain of the elasticsearch instance is *.ap-south-1.es.amazonaws.com while locally on the tunnel, I connect via localhost:9201.

这是我用来连接elasticsearch的代码

Here is the code I'm using to connect to elasticsearch

RestHighLevelClient(RestClient.builder(HttpHost("localhost", 9201, "https")))

我遇到以下错误

javax.net.ssl.SSLPeerUnverifiedException: Host name 'localhost' does not match the certificate subject provided by the peer (CN=*.ap-south-1.es.amazonaws.com)

使用PHP-Elasticsearch时出现此错误，并使用

I got this error when I was working with PHP-Elasticsearch and I fixed it using

$esClient->setSSLVerification(false);

我希望为Java RestClient找到类似的方法.

I was hoping to find a similar method for Java RestClient.

推荐答案

为此，您必须禁用一个设置，该设置将使用您提供的名称验证主机名.这是apache中HTTPClient的错误，您必须像在setSSLHostnameVerifier方法中验证的那样虚拟化主机名.

For this you have to disable a setting which verifies the hostname with the name you provided. This is an error of HTTPClient in apache and you have to virtualize the hostname as verified in setSSLHostnameVerifier method like this.

尽管这段代码在Kotlin中，但人们可以轻松编写Java替代

Although this code is in Kotlin but one can write java alternative easily

val builder = RestClient.builder(host).setHttpClientConfigCallback { httpAsyncClientBuilder ->
            httpAsyncClientBuilder.setSSLHostnameVerifier { _, _ -> true }
        }

这将始终覆盖您用于验证主机名为真的设置

This will always override your setting for verifying hostname as true

这篇关于如何在Java中为Elasticsearch RestClient v6.7.0禁用SSL验证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！