连接测试导致401 HTTP错误

时间:2015-09-08 20:36:53

标签: http authentication ssl https

我目前正在测试两个独立系统之间的连接。当我尝试通过我们的软件进行Web服务调用时,我注意到日志中反复显示401错误:

Caused by: org.apache.cxf.transport.http.HTTPException: HTTP response '401: Unauthorized' when communicating with https://testsystem.endpoint/webservice
at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponseInternal(HTTPConduit.java:1530)
at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponse(HTTPConduit.java:1490)

根据我的read on SO,401告诉您尚未成功登录或验证您尝试连接的服务器。我已经通知那些控制目标端点的人,并且我被告知我不需要登录,并且“所有内容都通过证书进行身份验证”。据我了解,SSL / TLS证书当然可以作为一种认证方式,即如果您声称证书中的X是您的证书并且您的证书已由受信任的CA签名,那么您很可能是X.但是,我相信这与输入有效或无效的登录凭据(我认为更接近401错误的原因)不同。

我尝试使用我的公钥对以及目标端点证书的根证书来卷曲端点。我可以看到似乎有两个单独的SSL握手,我认为这是SSL renegotiation。我可以清楚地看到再次出现401错误:

$ curl -vv --cert cert.pem --cacert root.pem https://testsystem.endpoint/webservice
* About to connect() to testsystem.endpoint/webserivce port 443 (#0)
*   Trying TEST.IP.ADDRESS.FAKE... connected
* Connected to testsystem.endpoint/webserivce (TEST.IP.ADDRESS.FAKE) port 443 (#0)
Enter PEM pass phrase:
* successfully set certificate verify locations:
*   CAfile: root.pem
  CApath: none
* SSLv2, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Server finished (14):
* SSLv3, TLS handshake, Client key exchange (16):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSL connection using AES128-SHA
* Server certificate:
*    subject: /OU=Domain Control Validated/CN=TEST.CN.FAKE
*    start date: 2015-07-07 22:44:38 GMT
*    expire date: 2016-07-19 16:55:05 GMT
*    subjectAltName: testsystem.endpoint/webserivce matched
*    issuer: /C=US/ST=fake/L=fake/O=Company.com, Inc./OU=http://certs.company.com/repository//CN=Company Secure Certificate Authority 
* SSL certificate verify ok.
> GET /webservice HTTP/1.1
> User-Agent: curl/7.16.2 (x86_64-unknown-linux-gnu) libcurl/7.16.2 OpenSSL/0.9.8b zlib/1.2.3
> Host: testsystem.endpoint/webserivce
> Accept: */*
> 
* SSLv3, TLS handshake, Hello request (0):
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Request CERT (13):
* SSLv3, TLS handshake, Server finished (14):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Client key exchange (16):
* SSLv3, TLS handshake, CERT verify (15):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
< HTTP/1.1 401 Unauthorized
< Content-Type: text/html
< Server: Microsoft-IIS/7.5
< X-Powered-By: ASP.NET
< Date: Sat, 05 Sep 2015 00:16:21 GMT

我不相信我的问题必然与SSL / TLS握手有关:我为另一端建立了完整的证书链(我的目的是可靠的),我可以看到第一个SSL / TLS握手似乎有效。我想我的问题是:当我使用我认为是有效的密钥对的时候,为什么另一端为我?

1 个答案:

答案 0 :(得分:0)

Probably you are using a too old version of OpenSSL.

TLS 1.2 support has been introduced in 2012 with 1.0.1 version, while you are using 0.9.8b

Try to upgrade cUrl and OpenSSL.

相关问题
最新问题