碼頭http2客戶端忽略自簽名證書

Question

我有一個http2服務器在https://ec2-52-57-54-142.eu-central-1.compute.amazonaws.com/與自簽名證書。我有一個碼頭http2客戶端，它只是簡單地發佈信息。出於某種原因，我沒有忽視自簽名證書的工作。下面是相關的代碼

SslContextFactory factory = new SslContextFactory(true); 
factory.setTrustAll(true); 
factory.setValidateCerts(false); 
factory.setValidatePeerCerts(false); 
factory.setEndpointIdentificationAlgorithm(null); 

SSLContext sslContext = factory.getSslContext(); 
if(null == sslContext) { 
    sslContext = SSLContext.getInstance("TLS"); 
} 
TrustManager[] verifiers = new TrustManager[] {...// some dummy trust manager that always passes}; 
sslContext.init(null, verifiers, null); 
factory.setSslContext(sslContext); 

HttpClientTransportOverHTTP2 httpClientTransportOverHTTP2 
      = new HttpClientTransportOverHTTP2(new HTTP2Client()); 
HttpClient httpClient = new HttpClient(httpClientTransportOverHTTP2, factory); 


Request request = httpClient.POST(destination); 
ContentProvider contentProvider = new InputStreamContentProvider(new StringInputStream(payload)); 
request.content(contentProvider); 
ContentResponse response = request.send(); 

片段而我得到這些堆棧跟蹤

Caused by: java.util.concurrent.ExecutionException: java.nio.channels.ClosedChannelException 
    at org.eclipse.jetty.client.util.FutureResponseListener.getResult(FutureResponseListener.java:118) 
    at org.eclipse.jetty.client.util.FutureResponseListener.get(FutureResponseListener.java:101) 
    at org.eclipse.jetty.client.HttpRequest.send(HttpRequest.java:652) 
    at my code 
    ... 34 more 
Caused by: java.nio.channels.ClosedChannelException 
    at org.eclipse.jetty.io.WriteFlusher.onClose(WriteFlusher.java:498) 
    at org.eclipse.jetty.io.ssl.SslConnection$DecryptedEndPoint.onIncompleteFlush(SslConnection.java:409) 
    at org.eclipse.jetty.io.AbstractEndPoint$2.onIncompleteFlush(AbstractEndPoint.java:54) 
    at org.eclipse.jetty.io.WriteFlusher.write(WriteFlusher.java:322) 
    at org.eclipse.jetty.io.AbstractEndPoint.write(AbstractEndPoint.java:140) 
    at org.eclipse.jetty.http2.HTTP2Flusher.process(HTTP2Flusher.java:243) 
    at org.eclipse.jetty.util.IteratingCallback.processing(IteratingCallback.java:241) 
    at org.eclipse.jetty.util.IteratingCallback.succeeded(IteratingCallback.java:365) 
    at org.eclipse.jetty.http2.HTTP2Flusher.succeeded(HTTP2Flusher.java:258) 
    at org.eclipse.jetty.io.WriteFlusher$PendingState.complete(WriteFlusher.java:269) 
    at org.eclipse.jetty.io.WriteFlusher.completeWrite(WriteFlusher.java:394) 
    at org.eclipse.jetty.io.ssl.SslConnection$1.run(SslConnection.java:101) 
    at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:671) 
    at org.eclipse.jetty.util.thread.QueuedThreadPool$2.run(QueuedThreadPool.java:589) 
    ... 1 more 

當我經過的事情一步一個調試器，我看到一些關於NOT_HANDSHAKE在連接對象之一。

我真的不關心驗證任何事情。我只想通過HTTP2/TLS進行連接。我搜索了很多不同的術語，但它們都以或多或少相同的方式結束（setTrustAll，自定義TrustManager等）

任何幫助？謝謝！

P.S.碼頭版本9.3.12

Answer 1

您的客戶端代碼是正確的，儘管是多餘的。 這足以做到：

SslContextFactory sslContextFactory = new SslContextFactory(true); 

    HTTP2Client http2Client = new HTTP2Client(); 
    HttpClient httpClient = new HttpClient(new HttpClientTransportOverHTTP2(http2Client), sslContextFactory); 
    httpClient.start(); 

    ContentResponse response = httpClient.GET("https://ec2-52-57-54-142.eu-central-1.compute.amazonaws.com/"); 

如果啓用了碼頭HTTP/2客戶端上的調試日誌記錄，你會看到，客戶端接收：

2016-10-05 09:20:33.102:DBUG:oejhp.Parser:qtp1897115967-15: Parsed GO_AWAY frame header from java.nio.HeapByteBuffer[pos=9 lim=35 cap=16384] 
2016-10-05 09:20:33.103:DBUG:oejh.HTTP2Session:qtp1897115967-15: Received GoAwayFrame@3bc447d3,0/INADEQUATE_SECURITY_ERROR/Unknown error code 

所以問題是，服務器認爲安全性不足（GOAWAY幀到達，錯誤代碼爲INADEQUATE_SECURITY_ERROR）。

此時，問題出在服務器上。你必須弄清楚爲什麼服務器認爲安全性不足。可能只是服務器上的配置問題。