Question

我正在尝试使用apache httpclient 4.1在hidemyass.com（https://hidemyass.com/proxy-list/search-225434）上使用其中一个免费的https-proxy-servers列表。我现在几乎尝试了所有这些，但我总是得到 javax.net.ssl.SSLPeerUnverifiedException：peer not authenticated 所以我用谷歌搜索并发现没有服务器有对等证书，例如：

> openssl s_client -tls1 -showcerts -connect 109.75.178.230:3128  
CONNECTED(00000003)
139856907785896:error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number:s3_pkt.c:337:

no peer certificate available

No client certificate CA names sent

SSL handshake has read 5 bytes and written 7 bytes

New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1
    Cipher    : 0000
    Session-ID: 
    Session-ID-ctx: 
    Master-Key: 
    Key-Arg   : None
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    Start Time: 1393183549
    Timeout   : 7200 (sec)
    Verify return code: 0 (ok)

当我尝试在相同的端口上切换到http时，但是在hidemyass的代理列表中，类型为https。所以我现在不知道该怎么办...请帮忙。

如果您需要查看我的代码：http://paste.debian.net/83674/

Answer 1

所以，如果你没事，你可以信任所有证书，如下所示

final TrustStrategy trustStrategy = new TrustStrategy() {

        @Override
        public boolean isTrusted(final X509Certificate[] chain, final String authType) throws CertificateException {
            return true;
        }
    };
    SSLContext sslcontext = null;
    try {
        sslcontext = SSLContexts.custom().loadTrustMaterial(null, trustStrategy).build();
    } catch (KeyManagementException | NoSuchAlgorithmException | KeyStoreException e) {
        // TODO Auto-generated catch block
        e.printStackTrace();
    }
    socketFactory = new SSLConnectionSocketFactory(sslcontext, SSLConnectionSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);

然后使用

创建您的HTTPClient

httpClient = HttpClients.custom().setSSLSocketFactory(socketFactory).build();

这将确保所有https呼叫的证书都是可信的但请确保您只打电话给受信任的站点

apache httpclient使用https代理：peer未经过身份验证

1 个答案: