JetS3t客户端putObject停止使用HTTPS主机名无效异常

时间:2012-08-05 21:19:50

标签: amazon-s3 amazon-web-services openssl jets3t

基本的put对象调用突然停止工作(有时它已成功)。它一直在努力。

看起来像SSL证书问题。

Stack Trace片段。

   org.jets3t.service.S3ServiceException: S3 PUT connection failed for '/s3_request_message-38afbd8e-7d65-428a-a708-5d34104ded95-4912660956668093023.xml'
            at org.jets3t.service.impl.rest.httpclient.RestS3Service.performRequest(RestS3Service.java:516)
            at org.jets3t.service.impl.rest.httpclient.RestS3Service.performRestPut(RestS3Service.java:800)
            at org.jets3t.service.impl.rest.httpclient.RestS3Service.createObjectImpl(RestS3Service.java:1399)
            at org.jets3t.service.impl.rest.httpclient.RestS3Service.putObjectImpl(RestS3Service.java:1317)
            at org.jets3t.service.S3Service.putObject(S3Service.java:1661)
            at org.jets3t.service.S3Service.putObject(S3Service.java:1914)
            at com.amazon.lm.utils.aws.S3Box.putFile(S3Box.java:111)
            at com.amazon.lm.engine.LMEngine.copyRequestS3(LMEngine.java:350)
            at com.amazon.lm.engine.LMEngine.run(LMEngine.java:165)
            at com.amazon.lm.engine.discover.DiscoveryEngine.run(DiscoveryEngine.java:156)
            at com.amazon.lm.engine.discover.GoogleBaseSearch.run(GoogleBaseSearch.java:25)
            at com.amazon.lm.ui.UIDiscoverTask.run(UIDiscoverTask.java:41)
            at java.lang.Thread.run(Thread.java:662)
    Caused by: javax.net.ssl.SSLPeerUnverifiedException: HTTPS hostname invalid: expected 'lm-requests-prod.s3.amazonaws.com', received '*.s3.amazonaws.com'
            at org.apache.commons.httpclient.contrib.ssl.StrictSSLProtocolSocketFactory.verifyHostname(StrictSSLProtocolSocketFactory.java:293)
            at org.apache.commons.httpclient.contrib.ssl.StrictSSLProtocolSocketFactory.createSocket(StrictSSLProtocolSocketFactory.java:215)
            at org.apache.commons.httpclient.HttpConnection.open(HttpConnection.java:707)
            at org.apache.commons.httpclient.MultiThreadedHttpConnectionManager$HttpConnectionAdapter.open(MultiThreadedHttpConnectionManager.java:1361)
            at org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:387)
            at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:171)
            at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:397)
            at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:323)
            at org.jets3t.service.impl.rest.httpclient.RestS3Service.performRequest(RestS3Service.java:342)
            ... 12 more

看起来Java并不喜欢以#39; *。s3.amazonaws.com' *呈现的通配符域。

Can Java connect to wildcard ssl ...通配符在java中可能会有问题。

但如前所述,我们长期以来一直在使用它,并且突然开始面对这个问题,这种情况太间歇了。

我们使用以下版本:

jdk: 1.6 
jets3: 0.7
openssl:1.0

有没有人遇到过这个问题?如果是,是否有解决方法?

1 个答案:

答案 0 :(得分:1)

这个wasn't an issue with the AWSS3JavaClient code,基于这个问题在S3库和其他Java S3库中发生的事实,以及SSL cert verification is done inside the JVM platform library code不在我们的S3库代码中的事实。

问题是我们的JVM密钥库没有最新的证书颁发机构(CA),允许JVM为我们从S3获得的任何证书形成信任链SSL端点。这是Java和SSL的一个相当普遍的问题,因为JVM维护它自己的密钥库(即它不使用来自OS的证书)。

如果遇到此问题,请尝试使用其他JVM重现此问题。每当客户过去看到这个问题时,都是因为他们的本地JVM keystore(密钥库附带JVM并包含最新的证书和CA)已经过时了。升级到最新的JVM版本在过去一直都在修复它。

尝试将JVM version升级到最近的版本,它应该会有所帮助,因为您的密钥库必须已过期! :)