![superPool]( "superPool")
SO Question1 SO 问题 2Java 中的解决方案之前我只是使用以下来执行它:Http().superPool[MyTracker]()我也尝试过,从 这里 和这里,但问题仍然存在: val badSslConfig = AkkaSSLConfig().mapSettings(s => s.withLoose(s.loose.withAcceptAnyCertificate(true)))val badCtx = Http().createClientHttpsContext(badSslConfig)Http().superPool[MyTracker]()(httpMat)编辑 #1我又添加了一个标志,但得到了与之前不同的错误: val badSslConfig = AkkaSSLConfig().mapSettings(s => s.withLoose(s.loose.withAcceptAnyCertificate(true).withDisableHostnameVerification(true)))val badCtx = Http().createClientHttpsContext(badSslConfig)Http().superPool[MyTracker]()(httpMat)错误:Caused by: sun.security.provider.certpath.SunCertPathBuilderException: 无法找到请求目标的有效认证路径在 sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:1.8.0_131]在 sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:1.8.0_131]在 java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280) ~[?:1.8.0_131]在 sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:382) ~[?:1.8.0_131]在 sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292) ~[?:1.8.0_131]在 sun.security.validator.Validator.validate(Validator.java:260) ~[?:1.8.0_131]编辑#2从这个 answer 中获得灵感,不确定如何使用 akka-httlp 来实现它,我尝试了以下操作:val trustStoreConfig = TrustStoreConfig(None, Some("/Users/user/path/my.cer")).withStoreType("PEM")val trustManagerConfig = TrustManagerConfig().withTrustStoreConfigs(List(trustStoreConfig))val sslConfig = AkkaSSLConfig().mapSettings { s =>s.withHostnameVerifierClass(classOf[DisabledComplainingHostnameVerifier])s.withTrustManagerConfig(trustManagerConfig)秒}val badCtx = Http().createClientHttpsContext(sslConfig)Http().superPool[RequestTracker](badCtx)(httpMat)但仍然出现此错误:由:java.security.cert.CertificateException:不存在主题替代名称在 sun.security.util.HostnameChecker.matchIP(HostnameChecker.java:144) ~[?:1.8.0_131]在 sun.security.util.HostnameChecker.match(HostnameChecker.java:93) ~[?:1.8.0_131]在 sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:455) ~[?:1.8.0_131]在 sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:436) ~[?:1.8.0_131]在 sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:252) ~[?:1.8.0_131]在 sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:136) ~[?:1.8.0_131]在 sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1501) ~[?:1.8.0_131]这在 Akka 中是不可能的吗? 解决方案 最后,从这个答案中获得灵感,其中看起来很复杂,使用以下代码片段就可以了:val trustStoreConfig = TrustStoreConfig(None, Some("/etc/Project/keystore/my.cer")).withStoreType("PEM")val trustManagerConfig = TrustManagerConfig().withTrustStoreConfigs(List(trustStoreConfig))val badSslConfig = AkkaSSLConfig().mapSettings(s => s.withLoose(s.loose).withAcceptAnyCertificate(真).withDisableHostnameVerification(true)).withTrustManagerConfig(trustManagerConfig))val badCtx = Http().createClientHttpsContext(badSslConfig)Http().superPool[RequestTracker](badCtx)(httpMat)不知道为什么它在我的其他尝试中不起作用,想深入了解这一点,如果您了解内部原理,请发表解释.I have a akka-streams topology, where I make a POST call using akka-http.I am getting following error when hitting the post request to a un-secure server(having self-signed certs). It is a internal server, so I am fine from security point of view. javax.net.ssl.SSLHandshakeException: General SSLEngine problem at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1478) ~[?:1.8.0_131] at sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:535) ~[?:1.8.0_131] at sun.security.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:813) ~[?:1.8.0_131] at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:781) ~[?:1.8.0_131] at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:624) ~[?:1.8.0_131] at akka.stream.impl.io.TLSActor.akka$stream$impl$io$TLSActor$$doUnwrap(TLSActor.scala:367) ~[akka-stream_2.11-2.4.17.jar:?] at akka.stream.impl.io.TLSActor.akka$stream$impl$io$TLSActor$$doInbound(TLSActor.scala:290) ~[akka-stream_2.11-2.4.17.jar:?] at akka.stream.impl.io.TLSActor$$anonfun$1.apply$mcV$sp(TLSActor.scala:225) ~[akka-stream_2.11-2.4.17.jar:?] at akka.stream.impl.Pump$class.pump(Transfer.scala:199) ~[akka-stream_2.11-2.4.17.jar:?] at akka.stream.impl.io.TLSActor.pump(TLSActor.scala:48) ~[akka-stream_2.11-2.4.17.jar:?] at akka.stream.impl.BatchingInputBuffer.enqueueInputElement(ActorProcessor.scala:90) ~[akka-stream_2.11-2.4.17.jar:?] at akka.stream.impl.BatchingInputBuffer$$anonfun$upstreamRunning$1.applyOrElse(ActorProcessor.scala:141) ~[akka-stream_2.11-2.4.17.jar:?] at scala.runtime.AbstractPartialFunction.apply(AbstractPartialFunction.scala:36) ~[scala-library-2.11.8.jar:?] at akka.stream.impl.SubReceive.apply(Transfer.scala:16) ~[akka-stream_2.11-2.4.17.jar:?] at akka.stream.impl.FanIn$InputBunch$$anonfun$subreceive$1.applyOrElse(FanIn.scala:234) ~[akka-stream_2.11-2.4.17.jar:?] at scala.runtime.AbstractPartialFunction.apply(AbstractPartialFunction.scala:36) ~[scala-library-2.11.8.jar:?] at akka.stream.impl.SubReceive.apply(Transfer.scala:16) ~[akka-stream_2.11-2.4.17.jar:?] at akka.stream.impl.SubReceive.apply(Transfer.scala:12) ~[akka-stream_2.11-2.4.17.jar:?] at scala.PartialFunction$class.applyOrElse(PartialFunction.scala:123) ~[scala-library-2.11.8.jar:?] at akka.stream.impl.SubReceive.applyOrElse(Transfer.scala:12) ~[akka-stream_2.11-2.4.17.jar:?] at scala.PartialFunction$OrElse.applyOrElse(PartialFunction.scala:170) ~[scala-library-2.11.8.jar:?] at akka.actor.Actor$class.aroundReceive(Actor.scala:497) ~[akka-actor_2.11-2.4.17.jar:?] at akka.stream.impl.io.TLSActor.aroundReceive(TLSActor.scala:48) ~[akka-stream_2.11-2.4.17.jar:?] at akka.actor.ActorCell.receiveMessage(ActorCell.scala:526) ~[akka-actor_2.11-2.4.17.jar:?] at akka.actor.ActorCell.invoke(ActorCell.scala:495) ~[akka-actor_2.11-2.4.17.jar:?] at akka.dispatch.Mailbox.processMailbox(Mailbox.scala:257) ~[akka-actor_2.11-2.4.17.jar:?] at akka.dispatch.Mailbox.run(Mailbox.scala:224) ~[akka-actor_2.11-2.4.17.jar:?] at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) ~[?:1.8.0_131] at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) ~[?:1.8.0_131] at java.lang.Thread.run(Thread.java:748) ~[?:1.8.0_131]Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem at sun.security.ssl.Alerts.getSSLException(Alerts.java:192) ~[?:1.8.0_131] at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1728) ~[?:1.8.0_131] at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:304) ~[?:1.8.0_131] at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296) ~[?:1.8.0_131] at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1514) ~[?:1.8.0_131] at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216) ~[?:1.8.0_131] at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1026) ~[?:1.8.0_131] at sun.security.ssl.Handshaker$1.run(Handshaker.java:966) ~[?:1.8.0_131] at sun.security.ssl.Handshaker$1.run(Handshaker.java:963) ~[?:1.8.0_131] at java.security.AccessController.doPrivileged(Native Method) ~[?:1.8.0_131] at sun.security.ssl.Handshaker$DelegatedTask.run(Handshaker.java:1416) ~[?:1.8.0_131] at akka.stream.impl.io.TLSActor.runDelegatedTasks(TLSActor.scala:402) ~[akka-stream_2.11-2.4.17.jar:?] at akka.stream.impl.io.TLSActor.akka$stream$impl$io$TLSActor$$doUnwrap(TLSActor.scala:371) ~[akka-stream_2.11-2.4.17.jar:?] ... 24 moreCaused by: java.security.cert.CertificateException: No subject alternative names present at sun.security.util.HostnameChecker.matchIP(HostnameChecker.java:144) ~[?:1.8.0_131] at sun.security.util.HostnameChecker.match(HostnameChecker.java:93) ~[?:1.8.0_131] at sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:455) ~[?:1.8.0_131] at sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:436) ~[?:1.8.0_131] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:252) ~[?:1.8.0_131] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:136) ~[?:1.8.0_131] at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1501) ~[?:1.8.0_131] at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216) ~[?:1.8.0_131] at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1026) ~[?:1.8.0_131] at sun.security.ssl.Handshaker$1.run(Handshaker.java:966) ~[?:1.8.0_131] at sun.security.ssl.Handshaker$1.run(Handshaker.java:963) ~[?:1.8.0_131] at java.security.AccessController.doPrivileged(Native Method) ~[?:1.8.0_131] at sun.security.ssl.Handshaker$DelegatedTask.run(Handshaker.java:1416) ~[?:1.8.0_131] at akka.stream.impl.io.TLSActor.runDelegatedTasks(TLSActor.scala:402) ~[akka-stream_2.11-2.4.17.jar:?] at akka.stream.impl.io.TLSActor.akka$stream$impl$io$TLSActor$$doUnwrap(TLSActor.scala:371) ~[akka-stream_2.11-2.4.17.jar:?]Some discussion happened here, and another solution here and here, but didn't worked for me and one unfinished discussion here. One solution is proposed here but not sure how to implement the same for akka-http.Few more relevant links:akka-issueConfiguring Trust StoresSO Question1SO Question 2Solution in Javaearlier I was using just following to execute it:Http().superPool[MyTracker]()I also tried following, getting inspiration from here and here, but problem persists: val badSslConfig = AkkaSSLConfig().mapSettings(s => s.withLoose(s.loose.withAcceptAnyCertificate(true))) val badCtx = Http().createClientHttpsContext(badSslConfig) Http().superPool[MyTracker]()(httpMat)Edit #1I added one more flag, but got different error than earlier: val badSslConfig = AkkaSSLConfig().mapSettings(s => s.withLoose(s.loose.withAcceptAnyCertificate(true).withDisableHostnameVerification(true))) val badCtx = Http().createClientHttpsContext(badSslConfig) Http().superPool[MyTracker]()(httpMat)Error:Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:1.8.0_131] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:1.8.0_131] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280) ~[?:1.8.0_131] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:382) ~[?:1.8.0_131] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292) ~[?:1.8.0_131] at sun.security.validator.Validator.validate(Validator.java:260) ~[?:1.8.0_131]Edit #2Getting inspiration from this answer, not sure how to implement that with akka-httlp exactly, I tried following:val trustStoreConfig = TrustStoreConfig(None, Some("/Users/user/path/my.cer")).withStoreType("PEM")val trustManagerConfig = TrustManagerConfig().withTrustStoreConfigs(List(trustStoreConfig))val sslConfig = AkkaSSLConfig().mapSettings { s => s.withHostnameVerifierClass(classOf[DisabledComplainingHostnameVerifier]) s.withTrustManagerConfig(trustManagerConfig) s}val badCtx = Http().createClientHttpsContext(sslConfig)Http().superPool[RequestTracker](badCtx)(httpMat)But still getting this error: Caused by: java.security.cert.CertificateException: No subject alternative names present at sun.security.util.HostnameChecker.matchIP(HostnameChecker.java:144) ~[?:1.8.0_131] at sun.security.util.HostnameChecker.match(HostnameChecker.java:93) ~[?:1.8.0_131] at sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:455) ~[?:1.8.0_131] at sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:436) ~[?:1.8.0_131] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:252) ~[?:1.8.0_131] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:136) ~[?:1.8.0_131] at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1501) ~[?:1.8.0_131]Is this not possible in Akka? 解决方案 Finally, Getting inspiration from this answer, which seems way complicated, With following code snippet it worked:val trustStoreConfig = TrustStoreConfig(None, Some("/etc/Project/keystore/my.cer")).withStoreType("PEM")val trustManagerConfig = TrustManagerConfig().withTrustStoreConfigs(List(trustStoreConfig))val badSslConfig = AkkaSSLConfig().mapSettings(s => s.withLoose(s.loose .withAcceptAnyCertificate(true) .withDisableHostnameVerification(true)).withTrustManagerConfig(trustManagerConfig))val badCtx = Http().createClientHttpsContext(badSslConfig)Http().superPool[RequestTracker](badCtx)(httpMat)Not sure why it did not work with other attempts of mine, will like to understand this deeply, Please post an explanation if you know the internals. 这篇关于如何使用 akka-http 对自认证服务器进行 POST 调用的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持! 上岸,阿里云! 08-24 12:50