Apache HttpClient 将域解析为 IP 地址且不匹配证书

发布于 2024-12-12 06:09:16 字数 936 浏览 3 评论 0原文

使用 Apache HttpComponents HttpClient 库 (4.0.2) 时，我遇到了证书无法正确验证的问题。该证书对于域名（我们称之为 example.com）有效，但它是根据 IP 地址进行验证的：

证书中的主机名不匹配：<123.123.123.123> != <*.example.com>

我用于建立连接的代码是：

    HttpParams httpParams = new BasicHttpParams();
    HttpConnectionParams.setConnectionTimeout(httpParams, 5000);
    HttpConnectionParams.setSoTimeout(httpParams, 5000);
    DefaultHttpClient httpClient = new DefaultHttpClient(httpParams);            
    String url = "https://www.example.com";
    HttpGet get = new HttpGet(url);
    HttpResponse httpResponse = httpClient.execute(get);
    String response = EntityUtils.toString(httpResponse.getEntity()).trim();

通过网络浏览器连接时证书本身显示为有效，并且对于我要连接的域名有效：

CN = *.example.com

该证书也会添加到 Java 密钥库中（使用常规 HttpsURLConnection 进行测试）。

你知道为什么这段代码使用 IP 地址而不是域名吗？

原文

When using the Apache HttpComponents HttpClient library (4.0.2) I'm having a problem where the certificate doesn't get validated properly. The certificate is valid for the domain name (let's call it example.com) however it's getting validated against the IP address instead:

hostname in certificate didn't match: <123.123.123.123> !=
<*.example.com>

My code for making the connection is:

    HttpParams httpParams = new BasicHttpParams();
    HttpConnectionParams.setConnectionTimeout(httpParams, 5000);
    HttpConnectionParams.setSoTimeout(httpParams, 5000);
    DefaultHttpClient httpClient = new DefaultHttpClient(httpParams);            
    String url = "https://www.example.com";
    HttpGet get = new HttpGet(url);
    HttpResponse httpResponse = httpClient.execute(get);
    String response = EntityUtils.toString(httpResponse.getEntity()).trim();

The certificate itself shows as valid when connecting through a web browser and is valid for the domain name I'm connecting to: