/dev/nu-6ren">
gpt4 book ai didi

java - 尝试从远程 SSL 地址下载和设置证书以进行 WebSocket 连接,但出现 "Signature does not match"异常

转载 作者:行者123 更新时间:2023-12-04 22:43:34 31 4
gpt4 key购买 nike

首先我下载了​​证书:

echo "" | openssl s_client -connect io.lightstream.bitflyer.com:443 -showcerts 2>/dev/null | openssl x509 -out bitflyer.cer

然后我将证书导入钥匙串(keychain):
keytool -import -file bitflyer.cer -alias bitflyer -keystore bitflyer.jks -storepass "abc123" -keypass "abc123"

所以我正在尝试连接到 io.lightstream.bitflyer.com:443 .在我完整的握手之下:
Sending HTTP handshake! req=GET / HTTP/1.1
Host: io.lightstream.bitflyer.com
Connection: Upgrade
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
Sec-WebSocket-Key: 0enPg4mnHvLcT6s7+4mEGA==
Origin: http://www.websocket.org
Sec-WebSocket-Version: 13

但后来我得到:
Caused by: sun.security.validator.ValidatorException: Certificate signature validation failed
at sun.security.validator.SimpleValidator.engineValidate(SimpleValidator.java:215)
at sun.security.validator.Validator.validate(Validator.java:262)
at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:330)
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:289)
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1626)
... 16 more
Caused by: java.security.SignatureException: Signature does not match.
at sun.security.x509.X509CertImpl.verify(X509CertImpl.java:449)
at sun.security.x509.X509CertImpl.verify(X509CertImpl.java:392)
at sun.security.validator.SimpleValidator.engineValidate(SimpleValidator.java:213)
... 21 more

任何想法我做错了什么或如何调试?谢谢!

最佳答案

openssl s_client -connect io.lightstream.bitflyer.com:443


您在此处获得的证书取决于 OpenSSL 版本。直到 1.0.2 server_name扩展名 (SN​​I) 没有自动使用(即您必须明确使用 -servername )并且没有生成的证书是“Kubernetes Ingress Controller Fake Certificate”的自签名证书。尽管证书是“io.lightstream.bitflyer.com”的正确证书,但使用 SNI。

我的猜测是,当 Java 使用 SNI 时,您实际上添加了“Kubernetes Ingress Controller Fake Certificate”的证书,因此获得了“io.lightstream.bitflyer.com”的证书。或者它可能是相反的,这取决于您的 OpenSSL、Java 和实际 Java 代码的版本。

关于java - 尝试从远程 SSL 地址下载和设置证书以进行 WebSocket 连接,但出现 "Signature does not match"异常,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/60818950/

31 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com