我有可疑的SSL连接案例。
证书路径有效,但在tomcat应用程序中经过几个小时后停止工作。当我重新启动tomcat应用程序时,它再次工作。
我正在连接https://android.googleapis.com。
主机android.googleapis.com具有以下证书链
Subject: CN=*.googleapis.com, O=Google Inc, L=Mountain View, ST=California, C=US
Subject: CN=Google Internet Authority G2, O=Google Inc, C=US
Subject: CN=GeoTrust Global CA, O=GeoTrust Inc., C=US
由于它的ROOT CA是GeoTrust,它应该可以正常运行,而无需将其添加到我信任的商店。
堆栈转储如下所示:
http-8090-6, SEND TLSv1 ALERT: fatal, description = certificate_unknown
http-8090-6, WRITE: TLSv1 Alert, length = 2
[Raw write]: length = 7
0000: 15 03 01 00 02 02 2E .......
http-8090-6, called closeSocket()
http-8090-6, handling exception: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
http-8090-6, called close()
http-8090-6, called closeInternal(true)
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(Unknown Source)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(Unknown Source)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(Unknown Source)
at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Unknown Source)
at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(Unknown Source)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(Unknown Source)
...
at org.springframework.web.method.support.InvocableHandlerMethod.invoke(InvocableHandlerMethod.java:219)
at org.springframework.web.method.support.InvocableHandlerMethod.invokeForRequest(InvocableHandlerMethod.java:132)
at org.springframework.web.servlet.mvc.method.annotation.ServletInvocableHandlerMethod.invokeAndHandle(ServletInvocableHandlerMethod.java:100)
at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.invokeHandlerMethod(RequestMappingHandlerAdapter.java:604)
at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.handleInternal(RequestMappingHandlerAdapter.java:565)
at org.springframework.web.servlet.mvc.method.AbstractHandlerMethodAdapter.handle(AbstractHandlerMethodAdapter.java:80)
at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:923)
at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:852)
at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:882)
at org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServlet.java:789)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:637)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:88)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:298)
at org.apache.coyote.http11.Http11AprProcessor.process(Http11AprProcessor.java:861)
at org.apache.coyote.http11.Http11AprProtocol$Http11ConnectionHandler.process(Http11AprProtocol.java:579)
at org.apache.tomcat.util.net.AprEndpoint$Worker.run(AprEndpoint.java:1584)
at java.lang.Thread.run(Unknown Source)
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(Unknown Source)
at sun.security.validator.PKIXValidator.engineValidate(Unknown Source)
at sun.security.validator.Validator.validate(Unknown Source)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(Unknown Source)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)
... 46 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown Source)
at java.security.cert.CertPathBuilder.build(Unknown Source)
... 52 more
这是整个网络追踪:
*** ClientHello, TLSv1
RandomCookie: GMT: 1427119884 bytes = { 32, 116, 13, 171, 110, 175, 191, 29, 167, 64, 218, 10, 42, 39, 239, 148, 92, 232, 0, 187, 83, 41, 158, 112, 77, 230, 127, 107 }
Session ID: {}
Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA]
Compression Methods: { 0 }
***
[write] MD5 and SHA1 hashes: len = 79
[write] MD5 and SHA1 hashes: len = 107
http-8090-6, WRITE: SSLv2 client hello message, length = 107
[Raw write]: length = 109
[Raw read]: length = 5
[Raw read]: length = 74
http-8090-6, READ: TLSv1 Handshake, length = 74
*** ServerHello, TLSv1
RandomCookie: GMT: 1427119884 bytes = { 169, 89, 61, 230, 86, 219, 246, 181, 117, 182, 73, 163, 123, 159, 140, 101, 9, 219, 7, 91, 102, 80, 229, 235, 140, 43, 175, 170 }
Session ID: {228, 214, 31, 142, 230, 65, 68, 159, 82, 48, 174, 186, 64, 225, 167, 1, 92, 212, 150, 124, 103, 17, 91, 53, 38, 51, 145, 15, 101, 60, 114, 99}
Cipher Suite: SSL_RSA_WITH_RC4_128_SHA
Compression Method: 0
***
%% Created: [Session-625, SSL_RSA_WITH_RC4_128_SHA]
** SSL_RSA_WITH_RC4_128_SHA
[read] MD5 and SHA1 hashes: len = 74
[Raw read]: length = 5
[Raw read]: length = 3164
http-8090-6, READ: TLSv1 Handshake, length = 3164
*** Certificate chain
chain [0] = [
[
Version: V3
Subject: CN=*.googleapis.com, O=Google Inc, L=Mountain View, ST=California, C=US
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: Sun RSA public key, 2048 bits
modulus: 24000908991916098496876413836423865147420754144890034973734444557449934671854892211479661184310809058799504252696393899851758831459499001982104016612941962136348031202160582847350381597900449459258131418939759896793523119325373324662540374144084538566367685059004110878223473156453841127743674749566197296597910629125480323087182424886412231271232878856151765223624016968109795169163690579559354210632065905390252671268436619584534551945699768649394103191136228473534529047690175304320356470934346917571726340573254390305379238378806407702539071391979907028373821255506822492653509861306234931022788700588664177461849
public exponent: 65537
Validity: [From: Wed Mar 11 17:08:11 CET 2015,
To: Tue Jun 09 02:00:00 CEST 2015]
Issuer: CN=Google Internet Authority G2, O=Google Inc, C=US
SerialNumber: [ 0e05e3b8 705f8f63]
Certificate Extensions: 8
[1]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 6B 89 38 54 FE 95 5E 00 CB 0E 6A 0A E3 47 08 A2 k.8T..^...j..G..
0010: AF 98 F9 E0 ....
]
]
[2]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 4A DD 06 16 1B BC F6 68 B5 76 F5 81 B6 BB 62 1A J......h.v....b.
0010: BA 5A 81 2F .Z./
]
]
[3]: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
[DistributionPoint:
[URIName: http://pki.google.com/GIAG2.crl]
]]
[4]: ObjectId: 2.5.29.17 Criticality=false
SubjectAlternativeName [
DNSName: *.googleapis.com
DNSName: *.clients6.google.com
DNSName: *.cloudendpointsapis.com
DNSName: cloudendpointsapis.com
DNSName: googleapis.com
]
[5]: ObjectId: 2.5.29.32 Criticality=false
CertificatePolicies [
[CertificatePolicyId: [1.3.6.1.4.1.11129.2.5.1]
[] ]
]
[6]: ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
serverAuth
clientAuth
]
[7]: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:false
PathLen: undefined
]
[8]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
AuthorityInfoAccess [
[
accessMethod: 1.3.6.1.5.5.7.48.2
accessLocation: URIName: http://pki.google.com/GIAG2.crt,
accessMethod: 1.3.6.1.5.5.7.48.1
accessLocation: URIName: http://clients1.google.com/ocsp]
]
]
Algorithm: [SHA1withRSA]
Signature:
0000: 20 42 B7 F0 3D 11 5D 4E 10 98 97 77 6B E3 DD 5E B..=.]N...wk..^
0010: E5 1E 75 AC 00 44 5A 10 52 31 E3 FC 08 DD 7F 74 ..u..DZ.R1.....t
0020: E8 87 F4 11 C8 5F 21 4F 41 4B 18 61 76 AB 1F A5 ....._!OAK.av...
0030: 7C 07 F4 DD 55 24 C3 38 9B FC DD 92 8A E9 5D F2 ....U$.8......].
0040: 4F 78 DA 7D A3 35 A1 30 AB 8A D6 A2 8B AE 62 15 Ox...5.0......b.
0050: 66 ED 8E 0D 93 C6 7A 0B 04 CA 00 39 A5 F4 48 15 f.....z....9..H.
0060: 67 C0 57 39 41 72 52 83 9B A4 46 88 A5 AC FB 84 g.W9ArR...F.....
0070: D6 45 6E 05 09 21 02 CF 23 16 D6 BF CB AB 84 30 .En..!..#......0
0080: A3 0F 53 77 82 B8 5C BD F6 3C 19 1D B3 75 FD 38 ..Sw..\..<...u.8
0090: 96 82 46 C9 EA 04 1B 6E 2F 8F 7C 7E 91 BC 1C D7 ..F....n/.......
00A0: 62 F4 82 DF 4F 8E E5 D4 42 4C 57 81 32 84 7B 73 b...O...BLW.2..s
00B0: 8C A8 5C F0 DE 9C 8E 70 E3 01 36 7A 19 82 CB 29 ..\....p..6z...)
00C0: 8D C7 0B 59 04 89 7A 7C 8F C6 43 E7 30 2D 73 ED ...Y..z...C.0-s.
00D0: 1F E9 C4 A2 AD 6A 3B 40 4C 47 F4 58 A8 10 2D 49 .....j;@LG.X..-I
00E0: 63 11 C1 99 09 85 AC 2A 56 49 5F 3C 4B 38 43 1C c......*VI_<K8C.
00F0: 51 C3 2D E5 B5 DD 03 08 FC E2 A5 60 4F C8 25 62 Q.-........`O.%b
]
chain [1] = [
[
Version: V3
Subject: CN=Google Internet Authority G2, O=Google Inc, C=US
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: Sun RSA public key, 2048 bits
modulus: 19713895149719550196537065661910573762693934593220985668782860735427060889140793885919063737778303548724916253252606564904177491762533295616984617709378739783748100146882543612565825906799282133510087546060971220666055151463898734279731009956582933624646298029265838127046200538496591314458940937082185029845612274584845875286257057247598474925565775989866310636633768255501748172403430876460228793912189332026189491067186811703150477068536877439284697584041860237489395099402658887745588613142391209024263265842301844868193180477031165936332420984796347731387363914950895491332976177715889375379088870580457661428329
public exponent: 65537
Validity: [From: Fri Apr 05 17:15:55 CEST 2013,
To: Sun Jan 01 00:59:59 CET 2017]
Issuer: CN=GeoTrust Global CA, O=GeoTrust Inc., C=US
SerialNumber: [ 023a76]
Certificate Extensions: 7
[1]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 4A DD 06 16 1B BC F6 68 B5 76 F5 81 B6 BB 62 1A J......h.v....b.
0010: BA 5A 81 2F .Z./
]
]
[2]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: C0 7A 98 68 8D 89 FB AB 05 64 0C 11 7D AA 7D 65 .z.h.....d.....e
0010: B8 CA CC 4E ...N
]
]
[3]: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
[DistributionPoint:
[URIName: http://g.symcb.com/crls/gtglobal.crl]
]]
[4]: ObjectId: 2.5.29.32 Criticality=false
CertificatePolicies [
[CertificatePolicyId: [1.3.6.1.4.1.11129.2.5.1]
[] ]
]
[5]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
Key_CertSign
Crl_Sign
]
[6]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
AuthorityInfoAccess [
[
accessMethod: 1.3.6.1.5.5.7.48.1
accessLocation: URIName: http://g.symcd.com]
]
[7]: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:true
PathLen:0
]
]
Algorithm: [SHA1withRSA]
Signature:
0000: 27 8C CF E9 C7 3B BE C0 6F E8 96 84 FB 9C 5C 5D '....;..o.....\]
0010: 90 E4 77 DB 8B 32 60 9B 65 D8 85 26 B5 BA 9F 1E ..w..2`.e..&....
0020: DE 64 4E 1F C6 C8 20 5B 09 9F AB A9 E0 09 34 45 .dN... [......4E
0030: A2 65 25 37 3D 7F 5A 6F 20 CC F9 FA F1 1D 8F 10 .e%7=.Zo .......
0040: 0C 02 3A C4 C9 01 76 96 BE 9B F9 15 D8 39 D1 C5 ..:...v......9..
0050: 03 47 76 B8 8A 8C 31 D6 60 D5 E4 8F DB FA 3C C6 .Gv...1.`.....<.
0060: D5 98 28 F8 1C 8F 17 91 34 CB CB 52 7A D1 FB 3A ..(.....4..Rz..:
0070: 20 E4 E1 86 B1 D8 18 0F BE D6 87 64 8D C5 0A 25 ..........d...%
0080: 42 51 EF B2 38 B8 E0 1D D0 E1 FC E6 F4 AF 46 BA BQ..8.........F.
0090: EF C0 BF C5 B4 05 F5 94 75 0C FE A2 BE 02 BA EA ........u.......
00A0: 86 5B F9 35 B3 66 F5 C5 8D 85 A1 1A 23 77 1A 19 .[.5.f......#w..
00B0: 17 54 13 60 9F 0B E1 B4 9C 28 2A F9 AE 02 34 6D .T.`.....(*...4m
00C0: 25 93 9C 82 A8 17 7B F1 85 B0 D3 0F 58 E1 FB B1 %...........X...
00D0: FE 9C A1 A3 E8 FD C9 3F F4 D7 71 DC BD 8C A4 19 .......?..q.....
00E0: E0 21 23 23 55 13 8F A4 16 02 09 7E B9 AF EE DB .!##U...........
00F0: 53 64 BD 71 2F B9 39 CE 30 B7 B4 BC 54 E0 47 07 Sd.q/.9.0...T.G.
]
chain [2] = [
[
Version: V3
Subject: CN=GeoTrust Global CA, O=GeoTrust Inc., C=US
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: Sun RSA public key, 2048 bits
modulus: 27620593608073140957439440929253438012688864718977347268272053725994928948867769687165112265058896553974818505070806430256424431940072485024407486246475597522063246121214348496326377341879755851197260401080498544606788760407243324127929930612201002157618691487713632251700065187865963692723720912135393438861302779432180613616167225206519123176430362410262429702404863434904116727055203524505580952824336979641923534005571504410997292144760317953739063178352809680844232935574095508445145910310675421726257114605895831426222686272114090063230017292595425393719031924942422176213538487957041730136782988405751614792953
public exponent: 65537
Validity: [From: Tue May 21 06:00:00 CEST 2002,
To: Tue Aug 21 06:00:00 CEST 2018]
Issuer: OU=Equifax Secure Certificate Authority, O=Equifax, C=US
SerialNumber: [ 12bbe6]
Certificate Extensions: 6
[1]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: C0 7A 98 68 8D 89 FB AB 05 64 0C 11 7D AA 7D 65 .z.h.....d.....e
0010: B8 CA CC 4E ...N
]
]
[2]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 48 E6 68 F9 2B D2 B2 95 D7 47 D8 23 20 10 4F 33 H.h.+....G.# .O3
0010: 98 90 9F D4 ....
]
]
[3]: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
[DistributionPoint:
[URIName: http://crl.geotrust.com/crls/secureca.crl]
]]
[4]: ObjectId: 2.5.29.32 Criticality=false
CertificatePolicies [
[CertificatePolicyId: [2.5.29.32.0]
[PolicyQualifierInfo: [
qualifierID: 1.3.6.1.5.5.7.2.1
qualifier: 0000: 16 2D 68 74 74 70 73 3A 2F 2F 77 77 77 2E 67 65 .-https://www.ge
0010: 6F 74 72 75 73 74 2E 63 6F 6D 2F 72 65 73 6F 75 otrust.com/resou
0020: 72 63 65 73 2F 72 65 70 6F 73 69 74 6F 72 79 rces/repository
]] ]
]
[5]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
Key_CertSign
Crl_Sign
]
[6]: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:true
PathLen:2147483647
]
]
Algorithm: [SHA1withRSA]
Signature:
0000: 76 E1 12 6E 4E 4B 16 12 86 30 06 B2 81 08 CF F0 v..nNK...0......
0010: 08 C7 C7 71 7E 66 EE C2 ED D4 3B 1F FF F0 F0 C8 ...q.f....;.....
0020: 4E D6 43 38 B0 B9 30 7D 18 D0 55 83 A2 6A CB 36 N.C8..0...U..j.6
0030: 11 9C E8 48 66 A3 6D 7F B8 13 D4 47 FE 8B 5A 5C ...Hf.m....G..Z\
0040: 73 FC AE D9 1B 32 19 38 AB 97 34 14 AA 96 D2 EB s....2.8..4.....
0050: A3 1C 14 08 49 B6 BB E5 91 EF 83 36 EB 1D 56 6F ....I......6..Vo
0060: CA DA BC 73 63 90 E4 7F 7B 3E 22 CB 3D 07 ED 5F ...sc....>".=.._
0070: 38 74 9C E3 03 50 4E A1 AF 98 EE 61 F2 84 3F 12 8t...PN....a..?.
]
***
http-8090-6, SEND TLSv1 ALERT: fatal, description = certificate_unknown
http-8090-6, WRITE: TLSv1 Alert, length = 2
[Raw write]: length = 7
0000: 15 03 01 00 02 02 2E .......
http-8090-6, called closeSocket()
http-8090-6, handling exception: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
http-8090-6, called close()
http-8090-6, called closeInternal(true)
这是什么原因?
答案 0 :(得分:0)
哦,这是一个地狱之旅: - )
我已经找到了这个问题的原因。另一个Web应用程序弄乱了SSLSocketFactory,这就是为什么tomcat实例中的所有其他应用程序都失败的原因。
KeyStore keyStore = KeyStore.getInstance("JKS");
keyStore.load(...);
TrustManagerFactory tmf = TrustManagerFactory.getInstance("PKIX");
tmf.init(keyStore);
SSLContext sslctx = SSLContext.getInstance("SSL");
sslctx.init(null, tmf.getTrustManagers(), null);
HttpsURLConnection.setDefaultSSLSocketFactory(sslctx.getSocketFactory());
修复是在连接后恢复原始SSLSocketFactory。