javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated 問題解決
阿新 • • 發佈:2018-12-09
最近線下除錯銀聯支付時報錯:
javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated at sun.security.ssl.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:431) at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:128) at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:572) at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:180) at org.apache.http.impl.conn.ManagedClientConnectionImpl.open(ManagedClientConnectionImpl.java:294) at org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:640) at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:479) at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:906) at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:805) at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:784)
測試環境一直報這個錯誤,本地除錯和生產環境沒有問題。
然後就開始搜尋 javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated ,網上也有很多解決方案,基本都是與https證書、協議版本有關,嘗試了各種方法:
1、忽略證書校驗、域名校驗
2、將銀聯https證書匯入到JDK中
3、列印ssl debug資訊
System.setProperty("javax.net.debug", "ssl");
debug資訊如下:
resin-port-8080-30, handling exception: java.net.SocketException: Connection reset %% Invalidated: [Session-4, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256] resin-port-8080-30, SEND TLSv1.2 ALERT: fatal, description = unexpected_message resin-port-8080-30, WRITE: TLSv1.2 Alert, length = 2 resin-port-8080-30, Exception sending alert: java.net.SocketException: 斷開的管道 resin-port-8080-30, called closeSocket() resin-port-8080-30, IOException in getSession(): java.net.SocketException: Connection reset resin-port-8080-30, called close() resin-port-8080-30, called closeInternal(true) resin-port-8080-30, called close() resin-port-8080-30, called closeInternal(true)
然後搜尋debug中的各種資訊,尋找解決方法,依然沒有解決。
最終在一天晚上找到問題了,測試環境 禁止外網訪問了!!!
允許銀聯支付域名訪問外網,問題解決了。