首页 > 代码库 > Java1.7 SSL访问Https occur SSLProtocolException and CertificateException

Java1.7 SSL访问Https occur SSLProtocolException and CertificateException


最近在调用微信公众平台高级群发接口之一:

https://file.api.weixin.qq.com/cgi-bin/media/uploadvideo?access_token=ACCESS_TOKEN 时,https访问抛出异常:

javax.net.ssl.SSLProtocolException: handshake alert: unrecognized_name

异常中出现关键字:unrecognized 未被承认的name。

google之,处理办法,代码加入:

 //bug fiexd for: javax.net.ssl.SSLProtocolException: handshake alert: unrecognized_name
 System.setProperty ("jsse.enableSNIExtension", "false");

再次调用该接口,抛出新的异常:

javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No subject alternative DNS name matching file.api.weixin.qq.com found.

继续处理,代码加入:

 URL url = new URL(requestUrl);
 httpUrlConn = (HttpsURLConnection)url.openConnection();
 httpUrlConn.setSSLSocketFactory(ssf);

 //bug fixed for: java.security.cert.CertificateException: No subject alternative DNS name matching
 httpUrlConn.setHostnameVerifier(new CustomizedHostnameVerifier());
其中CustomizedHostnameVerifier类如下:

import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.SSLSession;


/**
 * HostnameVerifier
 * bug fixed : <http://iteches.com/archives/45015>
 * @author will_awoke
 * @version 2014-8-15
 * @see CustomizedHostnameVerifier
 * @since
 */
public class CustomizedHostnameVerifier implements HostnameVerifier
{

    @Override
    public boolean verify(String arg0, SSLSession arg1)
    {
        return true;
    }

}

原因

and then apply this class to your single SSL connection
HttpsURLConnection connection = (HttpsURLConnection) new URL("
https://url").openConnection();
connection.setHostnameVerifier(new CustomizedHostNameVerifier());
or apply to all SLL connection
HttpsURLConnection.setDefaultHostnameVerifier(new CustomizedHostnameVerifier());
However this method might pose a security risk because basically we don’t verify the hostname anymore. The server may use other website’s certificate and the program will still accept it.

简而言之:

因为微信的这个接口是未认证https不安全的,所有需要代码中需要dont verify。



参考:

http://iteches.com/archives/45015

http://stackoverflow.com/questions/7615645/ssl-handshake-alert-unrecognized-name-error-since-upgrade-to-java-1-7-0