问题:
OkHttp改造双向SSL身份验证中的libssl崩溃
汝才良
OkHttp:2.0.0-RC1,改装:1.5.1。
我正在创建okHttp客户端,如这里所述:如果我使用okhttp 2.0和最新的改造,NoSuchmetodError?并设置我自己的SSLScoketFactory,并像这样初始化SSLContext
KeyStore keyStore = App.getInstance().getKeyStoreUtil().getKeyStore();
KeyStore trustStore = App.getInstance().getKeyStoreUtil().getTrustStore();
TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
tmf.init(trustStore);
KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
kmf.init(keyStore, AppConfig.KEYSTORE_PASSWORD);
final X509KeyManager origKm = (X509KeyManager) kmf.getKeyManagers()[0];
//it's standard X509KeyManager, I've put some logging there
X509KeyManager km = new MyKeyManager(origKm);
SSLContext sslCtx = SSLContext.getInstance("TLS");
sslCtx.init(new KeyManager[]{km}, tmf.getTrustManagers(), null);
client.setSslSocketFactory(sslCtx.getSocketFactory());
client.setHostnameVerifier(org.apache.http.conn.ssl.SSLSocketFactory.STRICT_HOSTNAME_VERIFIER);
当我尝试建立双向身份验证SSL连接时,每次应用程序崩溃时都会出现以下日志:
06-02 17:42:01.215 25176-25542/pl.oneapp.sugarloaf A/libc﹕ Fatal signal 11 (SIGSEGV) at 0x00000000 (code=1), thread 25542 (IntentService[P)
06-02 17:42:01.236 253-253/? I/DEBUG﹕ debuggerd: 2014-06-02 17:42:01
06-02 17:42:01.236 253-253/? I/DEBUG﹕ *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
06-02 17:42:01.236 253-253/? I/DEBUG﹕ Build fingerprint: 'tmo_de/ville/ville:4.1.1/JRO03C/148618.10:user/release-keys'
06-02 17:42:01.236 253-253/? I/DEBUG﹕ pid: 25176, tid: 25542, name: IntentService[P >>> pl.oneapp.sugarloaf <<<
06-02 17:42:01.236 253-253/? I/DEBUG﹕ debuggerd: checkTellHTCSettings
06-02 17:42:01.256 253-253/? I/DEBUG﹕ signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 00000000
06-02 17:42:01.486 253-253/? I/DEBUG﹕ r0 00000000 r1 0000000a r2 00001173 r3 10000000
06-02 17:42:01.486 253-253/? I/DEBUG﹕ r4 00000000 r5 00000000 r6 00000000 r7 00000000
06-02 17:42:01.486 253-253/? I/DEBUG﹕ r8 000011d0 r9 00000000 sl 00001173 fp 000011d0
06-02 17:42:01.486 253-253/? I/DEBUG﹕ ip 40ad3b00 sp 543ef8d8 lr 40ab4097 pc 40a1c454 cpsr 28000030
06-02 17:42:01.486 253-253/? I/DEBUG﹕ d0 686320726f727245 d1 7020676e696b6365
06-02 17:42:01.486 253-253/? I/DEBUG﹕ d2 6b20657461766972 d3 3d6c7373203a7965
06-02 17:42:01.496 253-253/? I/DEBUG﹕ d4 72307d503389e03e d5 1d7b8760438f005a
06-02 17:42:01.496 253-253/? I/DEBUG﹕ d6 0a9bbe21ecb6ae8c d7 723f33a5fd51fd91
06-02 17:42:01.496 253-253/? I/DEBUG﹕ d8 0000000000000000 d9 4407000000000000
06-02 17:42:01.496 253-253/? I/DEBUG﹕ d10 0000000044548000 d11 0000000000000000
06-02 17:42:01.496 253-253/? I/DEBUG﹕ d12 0000000000000000 d13 0000000000000000
06-02 17:42:01.496 253-253/? I/DEBUG﹕ d14 0000000000000000 d15 0000000000000000
06-02 17:42:01.496 253-253/? I/DEBUG﹕ d16 6c616e7265747865 d17 6c73736e65706f2f
06-02 17:42:01.496 253-253/? I/DEBUG﹕ d18 6974756f72204c53 d19 5f4c53533a73656e
06-02 17:42:01.496 253-253/? I/DEBUG﹕ d20 72705f6b63656863 d21 656b5f6574617669
06-02 17:42:01.496 253-253/? I/DEBUG﹕ d22 697270206f6e3a79 d23 79656b2065746176
06-02 17:42:01.496 253-253/? I/DEBUG﹕ d24 0000000000000001 d25 0000000000000019
06-02 17:42:01.496 253-253/? I/DEBUG﹕ d26 0000000000000000 d27 0000000000000000
06-02 17:42:01.506 253-253/? I/DEBUG﹕ d28 0000000000000009 d29 0020001f001e001c
06-02 17:42:01.506 253-253/? I/DEBUG﹕ d30 0050005000500050 d31 0000000000000000
06-02 17:42:01.506 253-253/? I/DEBUG﹕ scr 68000013
06-02 17:42:01.516 253-253/? I/DEBUG﹕ backtrace:
06-02 17:42:01.516 253-253/? I/DEBUG﹕ #00 pc 00055454 /system/lib/libcrypto.so (BUF_MEM_grow_clean+3)
06-02 17:42:01.516 253-253/? I/DEBUG﹕ #01 pc 00015093 /system/lib/libssl.so (ssl3_output_cert_chain+62)
06-02 17:42:01.516 253-253/? I/DEBUG﹕ #02 pc 00018199 /system/lib/libssl.so (ssl3_send_client_certificate+244)
06-02 17:42:01.516 253-253/? I/DEBUG﹕ #03 pc 00018575 /system/lib/libssl.so (ssl3_connect+960)
06-02 17:42:01.516 253-253/? I/DEBUG﹕ #04 pc 00023923 /system/lib/libssl.so (SSL_connect+18)
06-02 17:42:01.516 253-253/? I/DEBUG﹕ #05 pc 000114f7 /system/lib/libssl.so (ssl23_connect+1970)
06-02 17:42:01.516 253-253/? I/DEBUG﹕ #06 pc 0002385b /system/lib/libssl.so (SSL_do_handshake+66)
06-02 17:42:01.516 253-253/? I/DEBUG﹕ #07 pc 00020cdf /system/lib/libjavacore.so
06-02 17:42:01.516 253-253/? I/DEBUG﹕ #08 pc 0001f6f0 /system/lib/libdvm.so (dvmPlatformInvoke+112)
06-02 17:42:01.516 253-253/? I/DEBUG﹕ #09 pc 0005269b /system/lib/libdvm.so (dvmCallJNIMethod(unsigned int const*, JValue*, Method const*, Thread*)+422)
06-02 17:42:01.516 253-253/? I/DEBUG﹕ #10 pc 00028ba0 /system/lib/libdvm.so
06-02 17:42:01.526 253-253/? I/DEBUG﹕ #11 pc 0002eb60 /system/lib/libdvm.so (dvmInterpret(Thread*, Method const*, JValue*)+228)
06-02 17:42:01.526 253-253/? I/DEBUG﹕ #12 pc 00068631 /system/lib/libdvm.so (dvmCallMethodV(Thread*, Method const*, Object*, bool, JValue*, std::__va_list)+272)
06-02 17:42:01.526 253-253/? I/DEBUG﹕ #13 pc 0006865b /system/lib/libdvm.so (dvmCallMethod(Thread*, Method const*, Object*, JValue*, ...)+20)
06-02 17:42:01.526 253-253/? I/DEBUG﹕ #14 pc 0007853b /system/lib/libdvm.so
06-02 17:42:01.526 253-253/? I/DEBUG﹕ #15 pc 00028ba0 /system/lib/libdvm.so
06-02 17:42:01.526 253-253/? I/DEBUG﹕ #16 pc 0002eb60 /system/lib/libdvm.so (dvmInterpret(Thread*, Method const*, JValue*)+228)
06-02 17:42:01.526 253-253/? I/DEBUG﹕ #17 pc 00068631 /system/lib/libdvm.so (dvmCallMethodV(Thread*, Method const*, Object*, bool, JValue*, std::__va_list)+272)
06-02 17:42:01.526 253-253/? I/DEBUG﹕ #18 pc 0006865b /system/lib/libdvm.so (dvmCallMethod(Thread*, Method const*, Object*, JValue*, ...)+20)
06-02 17:42:01.526 253-253/? I/DEBUG﹕ #19 pc 0005b6e3 /system/lib/libdvm.so
06-02 17:42:01.526 253-253/? I/DEBUG﹕ #20 pc 00012f48 /system/lib/libc.so (__thread_entry+108)
06-02 17:42:01.526 253-253/? I/DEBUG﹕ #21 pc 00012650 /system/lib/libc.so (pthread_create+244)
06-02 17:42:01.536 253-253/? I/DEBUG﹕ stack:
06-02 17:42:01.536 253-253/? I/DEBUG﹕ 543ef898 4d0dc729 /system/framework/core.odex
06-02 17:42:01.536 253-253/? I/DEBUG﹕ 543ef89c 543ef8e8 [stack:25542]
06-02 17:42:01.536 253-253/? I/DEBUG﹕ 543ef8a0 00000001
06-02 17:42:01.536 253-253/? I/DEBUG﹕ 543ef8a4 4096c635 /system/lib/libdvm.so (dvmCallMethodV(Thread*, Method const*, Object*, bool, JValue*, std::__va_list)+276)
06-02 17:42:01.536 253-253/? I/DEBUG﹕ 543ef8a8 50549108
06-02 17:42:01.536 253-253/? I/DEBUG﹕ 543ef8ac 4c02ac30 /dev/ashmem/dalvik-LinearAlloc (deleted)
06-02 17:42:01.536 253-253/? I/DEBUG﹕ 543ef8b0 418bfc88 /dev/ashmem/dalvik-heap (deleted)
06-02 17:42:01.536 253-253/? I/DEBUG﹕ 543ef8b4 418bfc88 /dev/ashmem/dalvik-heap (deleted)
06-02 17:42:01.536 253-253/? I/DEBUG﹕ 543ef8b8 4c02ac30 /dev/ashmem/dalvik-LinearAlloc (deleted)
06-02 17:42:01.536 253-253/? I/DEBUG﹕ 543ef8bc 5478ac08
06-02 17:42:01.536 253-253/? I/DEBUG﹕ 543ef8c0 543ef8e4 [stack:25542]
06-02 17:42:01.536 253-253/? I/DEBUG﹕ 543ef8c4 4c02ac30 /dev/ashmem/dalvik-LinearAlloc (deleted)
06-02 17:42:01.536 253-253/? I/DEBUG﹕ 543ef8c8 5478ac08
06-02 17:42:01.536 253-253/? I/DEBUG﹕ 543ef8cc 40952141 /system/lib/libdvm.so
06-02 17:42:01.536 253-253/? I/DEBUG﹕ 543ef8d0 df0027ad
06-02 17:42:01.536 253-253/? I/DEBUG﹕ 543ef8d4 00000000
06-02 17:42:01.536 253-253/? I/DEBUG﹕ #00 543ef8d8 00000000
06-02 17:42:01.536 253-253/? I/DEBUG﹕ 543ef8dc 0000000a
06-02 17:42:01.546 253-253/? I/DEBUG﹕ 543ef8e0 00001173
06-02 17:42:01.546 253-253/? I/DEBUG﹕ 543ef8e4 00000000
06-02 17:42:01.546 253-253/? I/DEBUG﹕ 543ef8e8 5056ba80
06-02 17:42:01.546 253-253/? I/DEBUG﹕ 543ef8ec 00000000
06-02 17:42:01.546 253-253/? I/DEBUG﹕ 543ef8f0 00000000
06-02 17:42:01.546 253-253/? I/DEBUG﹕ 543ef8f4 40ab4097 /system/lib/libssl.so (ssl3_output_cert_chain+66)
06-02 17:42:01.546 253-253/? I/DEBUG﹕ #01 543ef8f8 5056ba80
06-02 17:42:01.546 253-253/? I/DEBUG﹕ 543ef8fc 40952141 /system/lib/libdvm.so
06-02 17:42:01.546 253-253/? I/DEBUG﹕ 543ef900 00000001
06-02 17:42:01.546 253-253/? I/DEBUG﹕ 543ef904 00000007
06-02 17:42:01.546 253-253/? I/DEBUG﹕ 543ef908 5478ac08
06-02 17:42:01.546 253-253/? I/DEBUG﹕ 543ef90c 50549108
06-02 17:42:01.546 253-253/? I/DEBUG﹕ 543ef910 5478ac08
06-02 17:42:01.546 253-253/? I/DEBUG﹕ 543ef914 4eaf5c71 /system/lib/libjavacore.so
06-02 17:42:01.546 253-253/? I/DEBUG﹕ 543ef918 543ef91c [stack:25542]
06-02 17:42:01.546 253-253/? I/DEBUG﹕ 543ef91c 4eaf9c81 /system/lib/libjavacore.so
06-02 17:42:01.546 253-253/? I/DEBUG﹕ 543ef920 20900021
06-02 17:42:01.546 253-253/? I/DEBUG﹕ 543ef924 54793f44
06-02 17:42:01.546 253-253/? I/DEBUG﹕ 543ef928 54793f44
06-02 17:42:01.546 253-253/? I/DEBUG﹕ 543ef92c 31600009
06-02 17:42:01.546 253-253/? I/DEBUG﹕ 543ef930 5424ba78
06-02 17:42:01.556 253-253/? I/DEBUG﹕ 543ef934 543ef9b8 [stack:25542]
06-02 17:42:01.556 253-253/? I/DEBUG﹕ ........ ........
06-02 17:42:01.556 253-253/? I/DEBUG﹕ #02 543ef9b0 5056ba80
06-02 17:42:01.556 253-253/? I/DEBUG﹕ 543ef9b4 00001001
06-02 17:42:01.556 253-253/? I/DEBUG﹕ 543ef9b8 00000000
06-02 17:42:01.556 253-253/? I/DEBUG﹕ 543ef9bc 00000000
06-02 17:42:01.556 253-253/? I/DEBUG﹕ 543ef9c0 5056ba80
06-02 17:42:01.556 253-253/? I/DEBUG﹕ 543ef9c4 00001170
06-02 17:42:01.556 253-253/? I/DEBUG﹕ 543ef9c8 00001170
06-02 17:42:01.556 253-253/? I/DEBUG﹕ 543ef9cc 40ab7579 /system/lib/libssl.so (ssl3_connect+964)
06-02 17:42:01.566 253-253/? I/DEBUG﹕ memory near r2:
06-02 17:42:01.566 253-253/? I/DEBUG﹕ 00001150 ffffffff ffffffff ffffffff ffffffff ................
06-02 17:42:01.566 253-253/? I/DEBUG﹕ 00001160 ffffffff ffffffff ffffffff ffffffff ................
06-02 17:42:01.566 253-253/? I/DEBUG﹕ 00001170 ffffffff ffffffff ffffffff ffffffff ................
06-02 17:42:01.566 253-253/? I/DEBUG﹕ 00001180 ffffffff ffffffff ffffffff ffffffff ................
06-02 17:42:01.566 253-253/? I/DEBUG﹕ 00001190 ffffffff ffffffff ffffffff ffffffff ................
06-02 17:42:01.566 253-253/? I/DEBUG﹕ memory near r3:
06-02 17:42:01.576 253-253/? I/DEBUG﹕ 0fffffe0 ffffffff ffffffff ffffffff ffffffff ................
06-02 17:42:01.576 253-253/? I/DEBUG﹕ 0ffffff0 ffffffff ffffffff ffffffff ffffffff ................
06-02 17:42:01.576 253-253/? I/DEBUG﹕ 10000000 ffffffff ffffffff ffffffff ffffffff ................
06-02 17:42:01.576 253-253/? I/DEBUG﹕ 10000010 ffffffff ffffffff ffffffff ffffffff ................
06-02 17:42:01.576 253-253/? I/DEBUG﹕ 10000020 ffffffff ffffffff ffffffff ffffffff ................
06-02 17:42:01.576 253-253/? I/DEBUG﹕ memory near r8:
06-02 17:42:01.576 253-253/? I/DEBUG﹕ 000011b0 ffffffff ffffffff ffffffff ffffffff ................
06-02 17:42:01.576 253-253/? I/DEBUG﹕ 000011c0 ffffffff ffffffff ffffffff ffffffff ................
06-02 17:42:01.576 253-253/? I/DEBUG﹕ 000011d0 ffffffff ffffffff ffffffff ffffffff ................
06-02 17:42:01.576 253-253/? I/DEBUG﹕ 000011e0 ffffffff ffffffff ffffffff ffffffff ................
06-02 17:42:01.576 253-253/? I/DEBUG﹕ 000011f0 ffffffff ffffffff ffffffff ffffffff ................
06-02 17:42:01.576 253-253/? I/DEBUG﹕ memory near sl:
06-02 17:42:01.586 253-253/? I/DEBUG﹕ 00001150 ffffffff ffffffff ffffffff ffffffff ................
06-02 17:42:01.586 253-253/? I/DEBUG﹕ 00001160 ffffffff ffffffff ffffffff ffffffff ................
06-02 17:42:01.586 253-253/? I/DEBUG﹕ 00001170 ffffffff ffffffff ffffffff ffffffff ................
06-02 17:42:01.586 253-253/? I/DEBUG﹕ 00001180 ffffffff ffffffff ffffffff ffffffff ................
06-02 17:42:01.586 253-253/? I/DEBUG﹕ 00001190 ffffffff ffffffff ffffffff ffffffff ................
06-02 17:42:01.586 253-253/? I/DEBUG﹕ memory near fp:
06-02 17:42:01.586 253-253/? I/DEBUG﹕ 000011b0 ffffffff ffffffff ffffffff ffffffff ................
06-02 17:42:01.586 253-253/? I/DEBUG﹕ 000011c0 ffffffff ffffffff ffffffff ffffffff ................
06-02 17:42:01.586 253-253/? I/DEBUG﹕ 000011d0 ffffffff ffffffff ffffffff ffffffff ................
06-02 17:42:01.586 253-253/? I/DEBUG﹕ 000011e0 ffffffff ffffffff ffffffff ffffffff ................
06-02 17:42:01.586 253-253/? I/DEBUG﹕ 000011f0 ffffffff ffffffff ffffffff ffffffff ................
06-02 17:42:01.586 253-253/? I/DEBUG﹕ memory near ip:
06-02 17:42:01.586 253-253/? I/DEBUG﹕ 40ad3ae0 40a1131d 40a11ca3 40a4bab1 4016f200 ...@...@...@...@
06-02 17:42:01.586 253-253/? I/DEBUG﹕ 40ad3af0 409fe3fd 40a4ba0d 40a4ba65 4018b9a5 ...@...@e..@...@
06-02 17:42:01.586 253-253/? I/DEBUG﹕ 40ad3b00 40a1c451 40a0e641 40a39585 40a3955d Q..@A..@...@]..@
06-02 17:42:01.596 253-253/? I/DEBUG﹕ 40ad3b10 40a0c2ed 409fe349 4017c3c5 40a0545d ...@I..@...@]T.@
06-02 17:42:01.596 253-253/? I/DEBUG﹕ 40ad3b20 4017c485 40a4bb29 40a4ba39 40a4baa5 ...@)..@9..@...@
06-02 17:42:01.596 253-253/? I/DEBUG﹕ memory near sp:
06-02 17:42:01.596 253-253/? I/DEBUG﹕ 543ef8b8 4c02ac30 5478ac08 543ef8e4 4c02ac30 0..L..xT..>T0..L
06-02 17:42:01.596 253-253/? I/DEBUG﹕ 543ef8c8 5478ac08 40952141 df0027ad 00000000 ..xTA!.@.'......
06-02 17:42:01.596 253-253/? I/DEBUG﹕ 543ef8d8 00000000 0000000a 00001173 00000000 ........s.......
06-02 17:42:01.596 253-253/? I/DEBUG﹕ 543ef8e8 5056ba80 00000000 00000000 40ab4097 ..VP.........@.@
06-02 17:42:01.596 253-253/? I/DEBUG﹕ 543ef8f8 5056ba80 40952141 00000001 00000007 ..VPA!.@........
06-02 17:42:01.596 253-253/? I/DEBUG﹕ code around pc:
06-02 17:42:01.596 253-253/? I/DEBUG﹕ 40a1c434 602cee62 bdfe4620 5ffffffc 000512e4 b.,` F....._....
06-02 17:42:01.596 253-253/? I/DEBUG﹕ 40a1c444 000512c2 000512b4 000512a2 4605b5f7 ...............F
06-02 17:42:01.596 253-253/? I/DEBUG﹕ 40a1c454 460c6803 bf22428b 0203ebc1 18406840 .h.F.B".....@h@.
06-02 17:42:01.596 253-253/? I/DEBUG﹕ 40a1c464 68aed23d bf22428e 0201ebc3 18c06868 =..h.B".....hh..
06-02 17:42:01.596 253-253/? I/DEBUG﹕ 40a1c474 4b1ed235 d90a4299 229f4b1d 92002007 5..K.B...K.". ..
06-02 17:42:01.596 253-253/? I/DEBUG﹕ code around lr:
06-02 17:42:01.596 253-253/? I/DEBUG﹕ 40ab4074 f8d110e8 36006094 2601bf18 bf182800 .....`.6...&.(..
06-02 17:42:01.596 253-253/? I/DEBUG﹕ 40ab4084 0601f046 2601e000 210a6bec f7f74620 F......&.k.! F..
06-02 17:42:01.596 253-253/? I/DEBUG﹕ 40ab4094 4680eabe 4b48b958 1269f240 92002014 ...FX.HK@.i.. ..
06-02 17:42:01.596 253-253/? I/DEBUG﹕ 40ab40a4 2193447b f7f72207 4640ea46 f1b9e081 {D.!."..F.@F....
06-02 17:42:01.596 253-253/? I/DEBUG﹕ 40ab40b4 d03a0f00 4620b13e 464aa903 fe52f7ff ..:.>. F..JF..R.
我在这里看到了关于这个问题的讨论:https://github.com/square/okhttp/issues/184,但我认为它在2.0.0中是固定的。(此外,我使用的是自己的SSL上下文,而不是默认上下文)。
我尝试了URL。setURLStreamHandlerFactory(新的OkHttpClient()) (OkHttp 1.6.0),但它也没有帮助。
我也读过:https://code.google.com/p/android/issues/detail?id=35326,但没有有用的信息。
是我做错了什么,还是OkHttp在SSLContext上仍然有问题?
编辑
HTC ONE S(S4)4.1.1库存
@编辑2
现在不确定这是否真的是错误。我创建密钥库的方式(或向其中添加密钥)有问题。此时,我的信任库位于res/raw as中。bks文件,我的密钥库在运行时动态创建:
keyStore = KeyStore.getInstance("BKS");
keyStore.load(null, "password".toCharArray());
保存密钥到密钥库:
public void saveKeyToKeystore(KeyPair keyPair, String stringCertificate, String alias, char[] password) {
try {
PrivateKey myKey = keyPair.getPrivate();
Certificate[] chain = new X509Certificate[1];
X509Certificate certificate = parseCertificate(stringCertificate);
chain[0] = certificate;
keyStore.setKeyEntry(alias, myKey, password, chain);
saveKeyStore();
} catch (Exception e) {
e.printStackTrace();
}
}
但当我使用openssl工具在android应用程序之外创建密钥库并将其存储在pkcs12密钥库中时,一切都很好!
@编辑3
在android 4.1.2上,okHttp不会崩溃(请参阅code的讨论。谷歌[…]但我有以下错误,即键值不匹配
error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch
@编辑4
好了,现在我知道怎么了。在创建ma证书链以将密钥保存到密钥库时,我不必使用rootCA(用于签署我的证书)。现在,我的证书数组链只包含一个证书。
以上代码正在运行,我已经更改了所有不好的行!
然而,仍然不知道okHttp崩溃的原因。
@编辑5
如果密钥/证书密钥库有任何问题,则不会抛出错误,并让我保存其内容。但当密钥存储条目不正确时,okHttp崩溃。
共有1个答案
苏胤
讨厌。你能把这件事报告给OkHttp问题追踪者吗?我的猜测是,有些东西正在与OkHttp共享SSL上下文,但这不起作用。
类似资料:
-
我试图设置2方式ssl身份验证。我的要求是经纪人应该只认证特定的客户。 我的组织有一个CA,它发行pkcs12格式的所有证书。我遵循的步骤如下。 获取代理的证书,并在代理密钥库中配置它 当我运行代理和客户端时,我希望代理验证客户端并建立ssl连接。但是下面的错误被抛出。 当我用只包含CA证书的信任存储文件替换 /etc/pki/java/cacerts代理信任存储时,它工作得很好。但是它将验证任何
-
我正在开发一个基于服务器和客户端的应用程序,它需要双向SSL认证。(客户端验证服务器,服务器验证客户端,两者都使用SSL证书。) 我对Netty很陌生,对此几乎没有疑问。 < li >使用Netty可以进行双向认证吗? < li >通过在服务器和客户端的pipelinefactories中添加另一个SslHandler可以简单地实现吗? < li >如果上述情况属实,我如何在ChannelConn
-
我已经在Netty中尝试了双向SSL身份验证 但这个例子不再显示任何信息,只是一个404未找到。我在这里找到了一些帮助: https://github.com/code4craft/netty-learning/blob/master/netty-3.7/src/main/java/org/jboss/netty/example/securechat/SecureChatSslContextFac
-
跟随后匕首+改装。在运行时添加身份验证头我试图配置okHttp并通过添加拦截器将jwt身份验证密钥添加到okHttp中,为此我创建了单独的拦截器并将其添加到Dagger的组件中,以便它可以在任何地方公开。 组件 JWTauthenticationInterceptor.java
-
我正在尝试为相互身份验证设置ActiveMQ,以便客户端需要证书才能将消息传递给代理。我在代理上创建了一个密钥库和一个信任库,并导出了一个复制到客户端的证书。在客户端,我也做了同样的事情,尽管我使用的是NMS,所以我只使用导出的证书,我将其添加到代理的信任库中。我还将证书添加到另一个本地计算机可信根证书中。 代理的配置如下: ${activemq.base}/conf/login.config $
-
想得到一些关于设置简单的双向ApacheSSL的建议。 我们使用openSSL创建了一个密钥文件和csr请求。然后,我们将其提交给CA,并收到一个crt文件与CA的crt文件一起返回。 我们已经配置了ApacheHTTP。conf文件,并在加载mod_ssl模块后添加了以下参数。 开启SSLEngine SSLCACertificateFile/local/fast/fcHome/deployme