没有主题替代DNS名称匹配www.billiving.com找到。为什么这样造成和如何解决? [英] No subject alternative DNS name matching www.billiving.com found. Why this caused and how to solve?
本文介绍了没有主题替代DNS名称匹配www.billiving.com找到。为什么这样造成和如何解决?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我的测试套件在Windows上完美工作。然而当它移动到ubuntu 14.x它失败了以下异常。 [1]
所以我写了这个[2]代码来测试它超出测试套件。仍然失败同样的例外。
所以我试图将billiving.com证书导入到JKS,但仍然失败,同样例外。
我知道作为一个解决方案,我们可以覆盖验证程序类中的验证方法并返回为true。但是我需要适当的解决方案,因为这可能会导致安全问题。
1)为什么这个错误和为什么它只在linux上。
2)我们如何通过正确的解决方案来解决这个问题
API URL:
https://www.billiving.com/
[1]例外:
> javax.net.ssl.SSLHandshakeException:java.security.cert.CertificateException:无主题备用DNS
>名称匹配www.billiving.com找到。在
> com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
>在
> com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1747)
>在
> com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:241)
>在
> com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:235)
>在
> com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1209)
>在
> com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:135)
>在
> com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:593)
>在
> com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:529)
>在
> com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:943)
>在
> com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1188)
>在
> com.sun.net.ssl.internal.ssl.SSocket socket.plst.Handshake(SSLSocketImpl.java:1215)
>在
> com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1199)
>在
> sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:434)
>在
> sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:166)
>在
> sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1195)
>在
> java.net.HttpURLConnection.getResponseCode(HttpURLConnection.java:379)
>在
> sun.net.www.protocol.https.HttpsURLConnectionImpl.getResponseCode(HttpsURLConnectionImpl.java:318)
>在Application.main(Application.java:20)导致:
> java.security.cert.CertificateException:无主题备用DNS
>名称匹配www.billiving.com找到。在
> sun.security.util.HostnameChecker.matchDNS(HostnameChecker.java:193)
> at sun.security.util.HostnameChecker.match(HostnameChecker.java:77)
>在
> com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:264)
>在
> com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:250)
>在
> com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1188)
[2]示例代码:
import java.net.HttpURLConnection;
import java.net.MalformedURLException;
import java.net.URL;
public class Application {
public static void main(String [] args){
URL url;
try {
url = new URL(args [0]);
HttpURLConnection connection =(HttpURLConnection)url.openConnection();
connection.setInstanceFollowRedirects(false);
connection.setRequestMethod(GET);
if(connection.getResponseCode()> = 400){
System.out.println(ERROR+ connection.getResponseCode());
} else {
System.out.println(Success);
}
System.out.println(Connection Crated);
} catch(MalformedURLException e){
// TODO自动生成的catch块
e.printStackTrace();
} catch(Exception e){
// TODO自动生成的catch块
e.printStackTrace();
}
}
}
命令使用上面的代码:
java应用程序https://www.billiving.com
解决方案
该网站的真实证书具有正确的主机名。但是,仅当您使用SNI(服务器名称指示)时,您才能获得此证书。较旧的Java版本不支持SNI(应从Java 7开始支持),所以也许您需要升级您的未指定的版本。
I have integration test suite for www.billiving.com API. when that API call endpoint should be https://www.billiving.com.
my test suite work perfectly on windows. however when it move to ubuntu 14.x it get failed with following exception. [1]
so i have written this [2] code to test it beyond the test suite. still it fail with same exception.
so i tried to import billiving.com certificate to JKS but still it fail with same exception.
i know as a solution we can override the verify method in Verifier class and return as true. but i need proper solution as this can lead security issues.
1) why this error and why its only on linux.
2) how can we solve this with proper solution
API URL: https://www.billiving.com/
[1] exception:
> javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No subject alternative DNS
> name matching www.billiving.com found. at
> com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
> at
> com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1747)
> at
> com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:241)
> at
> com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:235)
> at
> com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1209)
> at
> com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:135)
> at
> com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:593)
> at
> com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:529)
> at
> com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:943)
> at
> com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1188)
> at
> com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1215)
> at
> com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1199)
> at
> sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:434)
> at
> sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:166)
> at
> sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1195)
> at
> java.net.HttpURLConnection.getResponseCode(HttpURLConnection.java:379)
> at
> sun.net.www.protocol.https.HttpsURLConnectionImpl.getResponseCode(HttpsURLConnectionImpl.java:318)
> at Application.main(Application.java:20) Caused by:
> java.security.cert.CertificateException: No subject alternative DNS
> name matching www.billiving.com found. at
> sun.security.util.HostnameChecker.matchDNS(HostnameChecker.java:193)
> at sun.security.util.HostnameChecker.match(HostnameChecker.java:77)
> at
> com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:264)
> at
> com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:250)
> at
> com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1188)
[2] sample code :
import java.net.HttpURLConnection;
import java.net.MalformedURLException;
import java.net.URL;
public class Application {
public static void main(String[] args) {
URL url;
try {
url = new URL(args[0]);
HttpURLConnection connection = (HttpURLConnection) url.openConnection();
connection.setInstanceFollowRedirects(false);
connection.setRequestMethod("GET");
if (connection.getResponseCode() >= 400) {
System.out.println("ERROR "+ connection.getResponseCode());
} else {
System.out.println("Success");
}
System.out.println("Connection Crated");
} catch (MalformedURLException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (Exception e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
}
}
command to use above code:
java Application https://www.billiving.com
解决方案
The real certificate of this site has the correct host name. But you get this certificate only if you are using SNI (Server Name Indication). Older Java versions do not support SNI (should be supported since Java 7), so maybe you need to upgrade your unspecified version.
这篇关于没有主题替代DNS名称匹配www.billiving.com找到。为什么这样造成和如何解决?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文
