https://www.apis.google.com/在春季社交中驗證主機驗證失敗

Question

我使用Spring Social將gmail帳戶登錄到我的webapp。這是當我已經實現了功能，但今天我得到

javax.net.ssl.SSLPeerUnverifiedException: Host name 'www.googleapis.com' does not match the certificate subject provided by the peer (CN=*.storage.googleapis.com, O=Google Inc, L=Mountain View, ST=California, C=US)

這是堆棧跟蹤一切ok：

Caused by: javax.net.ssl.SSLPeerUnverifiedException: Host name 'www.googleapis.com' does not match the certificate subject provided by the peer (CN=*.storage.googleapis.com, O=Google Inc, L=Mountain View, ST=California, C=US) 
    at org.apache.http.conn.ssl.SSLConnectionSocketFactory.verifyHostname(SSLConnectionSocketFactory.java:465) 
    at org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:395) 
    at org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:353) 
    at org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:134) 
    at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:353) 
    at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:380) 
    at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:236) 
    at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:184) 
    at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:88) 
    at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:110) 
    at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:184) 
    at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82) 
    at org.springframework.http.client.HttpComponentsClientHttpRequest.executeInternal(HttpComponentsClientHttpRequest.java:84) 
    at org.springframework.http.client.AbstractBufferingClientHttpRequest.executeInternal(AbstractBufferingClientHttpRequest.java:46) 
    at org.springframework.http.client.AbstractClientHttpRequest.execute(AbstractClientHttpRequest.java:52) 
    at org.springframework.http.client.InterceptingClientHttpRequest$RequestExecution.execute(InterceptingClientHttpRequest.java:94) 
    at org.springframework.social.oauth2.OAuth2RequestInterceptor.intercept(OAuth2RequestInterceptor.java:45) 
    at org.springframework.http.client.InterceptingClientHttpRequest$RequestExecution.execute(InterceptingClientHttpRequest.java:84) 
    at org.springframework.http.client.InterceptingClientHttpRequest.executeInternal(InterceptingClientHttpRequest.java:69) 
    at org.springframework.http.client.AbstractBufferingClientHttpRequest.executeInternal(AbstractBufferingClientHttpRequest.java:46) 
    at org.springframework.http.client.AbstractClientHttpRequest.execute(AbstractClientHttpRequest.java:52) 
    at org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:541) 
    ... 44 more 

如果我用Firefox瀏覽的網址：https://www.apis.google.com/ 我會得到證書對該域無效的警告。

春季社會的召喚有什麼問題嗎？ 如何臨時禁用gmail spring社區的主機驗證？

Answer 1

如果我使用firefox瀏覽到url：https://www.apis.google.com/我收到警告說證書對這個域無效。

主機名必須是apis.google.com，即沒有www。然後證書驗證應該成功。

春天社會的召喚有什麼問題嗎？

此處使用不同的名稱，即www.googleapis.com。該名稱的證書是正確的。

主機名「www.googleapis.com」與對方提供的證書主題不符（CN = *。storage.googleapis.com，O = Google Inc，L = Mountain View，ST = California， C = US）

雖然CN確實*.storage.googleapis.com沒有用於*.googleapis.com相匹配www.googleapis.com主題備用名稱。這意味着代碼使用的主機名檢查是錯誤的。我不知道這個錯誤檢查源自哪裏，但它可能是Java的舊版本或您使用的庫。

如何臨時禁用gmail spring的主機驗證社交？

這將是一個壞主意，因爲這會破壞爲什麼使用https的原因。

Answer 2

我遇到了同樣的問題。我最好的猜測。 HTTPs調用和證書之間不匹配。這看起來更像是Google問題，然後是Spring Social Google API問題。

不知道這個問題持續了多久。我昨天開始研究這個代碼。

將打開錯誤與谷歌和谷歌春社會

提起臭蟲以Google，併爲社會上Github

59:27:345 ERROR org.springframework.social.connect.web.ProviderSignInController.oauth2Callback Message=Exception while completing OAuth 2 connection: 
org.springframework.web.client.ResourceAccessException: I/O error on GET request for "https://www.googleapis.com/plus/v1/people/me":Host name 'www.googleapis.com' does not match the certificate subject provided by the peer (CN=*.storage.googleapis.com, O=Google Inc, L=Mountain View, ST=California, C=US); nested exception is javax.net.ssl.SSLPeerUnverifiedException: Host name 'www.googleapis.com' does not match the certificate subject provided by the peer (CN=*.storage.googleapis.com, O=Google Inc, L=Mountain View, ST=California, C=US) 
    at org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:580) 
    at org.springframework.web.client.RestTemplate.execute(RestTemplate.java:530) 
    at org.springframework.web.client.RestTemplate.getForObject(RestTemplate.java:237) 
    at org.springframework.social.google.api.impl.AbstractGoogleApiOperations.getEntity(AbstractGoogleApiOperations.java:50) 
    at org.springframework.social.google.api.plus.impl.PlusTemplate.getPerson(PlusTemplate.java:105) 
    at org.springframework.social.google.api.plus.impl.PlusTemplate.getGoogleProfile(PlusTemplate.java:110) 
    at org.springframework.social.google.connect.GoogleAdapter.fetchUserProfile(GoogleAdapter.java:51) 
    at org.springframework.social.google.connect.GoogleAdapter.fetchUserProfile(GoogleAdapter.java:31) 
    at org.springframework.social.google.connect.GoogleConnectionFactory.extractProviderUserId(GoogleConnectionFactory.java:37) 
    at org.springframework.social.connect.support.OAuth2ConnectionFactory.createConnection(OAuth2ConnectionFactory.java:91) 
    at org.springframework.social.connect.web.ConnectSupport.completeConnection(ConnectSupport.java:161) 
    at org.springframework.social.connect.web.ProviderSignInController.oauth2Callback(ProviderSignInController.java:216) 
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) 
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) 
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) 
    at java.lang.reflect.Method.invoke(Method.java:497) 

終於找到了解決這個問題。

將HttpClient降級到4.3.x.有申請和解析錯誤標記爲4.5.x https://issues.apache.org/jira/browse/HTTPCLIENT-1613

僅供參考 - 如果你使用的HttpClient https://github.com/GabiAxel/spring-social-google/issues/67#issuecomment-97154525

Answer 3

檢查。然後轉到HttpClient 4.3.x庫，而不是4.4.x.

<!-- http://mvnrepository.com/artifact/org.apache.httpcomponents/httpclient --> 
<dependency> 
    <groupId>org.apache.httpcomponents</groupId> 
    <artifactId>httpclient</artifactId> 
    <version>4.3.1</version> 
</dependency>