禁用 SSL 连接的主机名检查?
我正在使用 clojure-http 进行以下 POST:
(clojure-http.resourcefully/post "https://android.apis.google.com/c2dm/send"
{"Authorization" (str "GoogleLogin auth=" auth-token)}
{"registration_id" registration-id
"data.msg" "blah"
"collapse_key" "blah"})
并收到此异常:
java.security.cert.CertificateException: No subject alternative DNS name matching android.apis.google.com found.
[Thrown class javax.net.ssl.SSLHandshakeException]
由于某些奇怪的原因,大约 10% 的时间我没有收到异常并且请求通过。
我认为这是 Java 主机名检查 SSL 连接的问题*,所以我的问题是,如何从 Clojure 禁用它? (或者从安全角度来说这是一个坏主意?)
谢谢, 魏
*从这篇文章和其他类似文章中推断出:http://www.jroller.com/hasant /entry/no_subject_alternative_names_matching
I'm using clojure-http to make the following POST:
(clojure-http.resourcefully/post "https://android.apis.google.com/c2dm/send"
{"Authorization" (str "GoogleLogin auth=" auth-token)}
{"registration_id" registration-id
"data.msg" "blah"
"collapse_key" "blah"})
And getting this exception:
java.security.cert.CertificateException: No subject alternative DNS name matching android.apis.google.com found.
[Thrown class javax.net.ssl.SSLHandshakeException]
For some weird reason, about 10% of the time I don't get the exception and the request goes through.
I believe it's an issue with Java's host name checking on SSL connections*, so my question is, how do I disable that from Clojure? (or is that a bad idea security-wise?)
Thanks,
Wei
*deduced from this post and others like it: http://www.jroller.com/hasant/entry/no_subject_alternative_names_matching
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
这不是你的代码的问题,而是android网站的问题。
在现代浏览器中打开此链接 - https://android.apis.google.com/。您将看到 SSL 证书属于
*.google.com,但您正在访问*.apis.google.com下的域。您可能应该在 Android 论坛上搜索此问题的解决方案。禁用主机名检查是一个坏主意,您将面临中间人攻击。如果你不太关心安全性,你不妨使用http,它比禁用主机名检查更容易。
Its not a problem with your code, its a problem with android's website.
Open this link in a modern browser- https://android.apis.google.com/. You will see that the SSL certificate belongs to
*.google.com, but you are visiting a domain under*.apis.google.com. You should probably search on Android forums for a solution to this problem.Its a bad idea to disable host name checking, you are opening up yourself to man-in-the-middle attacks. If you don't really care about security, you might as well use http, its easier than disabling host name checks.