如何在 Spring WebSocketClient 中使用 SNI? [英] How to use SNI with Spring WebSocketClient?
问题描述
我需要连接到支持 SNI 的 spring websocket 服务器.我使用的是 Spring WebSocket Client,它默认不发送 SNI 扩展,因为 jdk 1.8.0 默认不发送 SNI 扩展.
I need to connect to spring websocket server which supports SNI. I am using Spring WebSocket Client which by default does not sends SNI extension as jdk 1.8.0 does not send SNI extension by default.
扩展的 server_name(SNI 扩展)不是用 jdk1.8.0 发送而是用 jdk1.7.0 发送
java 官方文档建议在使用 SSLSocket 进行任何 HttpsUrlConnection 之前添加带有 SSLParameters 的 SNI Matcher 并将 SSLParameters 设置为 SSLSocket.
The official documentation of java suggests to add SNI Matcher with SSLParameters and set the SSLParameters to SSLSocket before making any HttpsUrlConnection with that SSLSocket.
https://docs.oracle.com/javase/8/docs/technotes/guides/security/jsse/JSSERefGuide.html#SNIExtension
有没有办法用 Spring WebSocket Client 设置这个属性?
Is there any way to set this property with Spring WebSocket Client ?
有一些 ClientEndpointCongfig 属性可以根据给定的链接进行设置,但我没有找到任何可用于使用 Spring websocket 客户端设置 SSLSocket 或 SSLSocketfactory 的属性.
There are some ClientEndpointCongfig properties that can be set as per given link but I did not find any property which can be used to set SSLSocket or SSLSocketfactory with the Spring websocket client.
https://tomcat.apache.org/tomcat-8.5-doc/web-socket-howto.html
这是 Spring websocket 客户端的示例代码:
Here is a sample code for Spring websocket client:
List<Transport> transports = new ArrayList<>(1);
StandardWebSocketClient standardWebSocketClient = new StandardWebSocketClient();
transports.add(new WebSocketTransport( standardWebSocketClient) );
WebSocketClient transport = new SockJsClient(transports);
WebSocketStompClient stompClient = new WebSocketStompClient(transport);
StompSessionHandler sessionHandler = new MyStompSessionHandler();
stompClient.connect(URL, sessionHandler);
推荐答案
我也遇到了这个问题.就我而言,我从 EKS 集群获得了错误的证书,因为我为单个 IP 配置了多个主机名.
I landed up with this problem as well. In my case I was getting a wrong certificate from EKS cluster because I have multiple hostname configured for a single IP.
所以我不得不使用这个 link 作为强制 SNI 信息与请求的引用.但是没有找到使用 spring 标准 wensocket 客户端的方法.
So I had to use this link as a reference to force SNI information with the request. However did not find a way to do this with spring standadrd wensocket client.
我用过这个 (link) websocket 客户端来解决这个问题.基本上我必须从上面的链接提供套接字工厂包装器到 websocket 客户端.
I have used this (link) websocket client to resolve this issue. Basically I had to provide socket factory wrapper from above link to the websocket client.
类似于:SSLSocketFactory factory = new SSLSocketFactoryWrapper(sslContext, sslParameters);webSocket.setSocketFactory(工厂);
这篇关于如何在 Spring WebSocketClient 中使用 SNI?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
