java JNLP错误:javax.net.ssl.SSLHandshakeException

时间:2015-11-25 10:54:58

标签: java security java-web-start jnlp http-proxy

我正在尝试运行基于java JNLP 的应用程序。 它在家里运行良好:javac + javaws与v.1.8相同。?

现在我正试图在工作中运行我的应用程序。我在代理后面工作,我使用Controlpanel告诉java绕过托管JNLP的本地服务器的代理。 在服务器端,应用程序使用

编译
javac 1.7.0_60

在客户端,我试图用:

运行它
$ javaws -version
Java(TM) Web Start 11.40.2.26-fcs 

$ java -version
java version "1.8.0_40"

尽管如此,我在javaws中得到以下异常

javax.net.ssl.SSLHandshakeException: com.sun.deploy.security.RevocationChecker$StatusUnknownException
    at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
    at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1937)
    at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302)
    at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296)
    at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1478)
    at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:212)
    at sun.security.ssl.Handshaker.processLoop(Handshaker.java:969)
    at sun.security.ssl.Handshaker.process_record(Handshaker.java:904)
    at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1050)
    at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1363)
    at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1391)
    at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1375)
    at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:563)
    at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
    at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1512)
    at sun.net.www.protocol.http.HttpURLConnection.access$200(HttpURLConnection.java:90)
    at sun.net.www.protocol.http.HttpURLConnection$9.run(HttpURLConnection.java:1432)
    at sun.net.www.protocol.http.HttpURLConnection$9.run(HttpURLConnection.java:1430)
    at java.security.AccessController.doPrivileged(Native Method)
    at java.security.AccessController.doPrivileged(AccessController.java:713)
    at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1429)
    at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:254)
    at com.sun.deploy.net.HttpUtils.followRedirects(Unknown Source)
    at com.sun.deploy.net.BasicHttpRequest.doRequest(Unknown Source)
    at com.sun.deploy.net.BasicHttpRequest.doGetRequestEX(Unknown Source)
    at com.sun.deploy.cache.ResourceProviderImpl.checkUpdateAvailable(Unknown Source)
    at com.sun.deploy.cache.ResourceProviderImpl.isUpdateAvailable(Unknown Source)
    at com.sun.deploy.cache.ResourceProviderImpl.getResource(Unknown Source)
    at com.sun.deploy.cache.ResourceProviderImpl.getResource(Unknown Source)
    at com.sun.javaws.Launcher.updateFinalLaunchDesc(Unknown Source)
    at com.sun.javaws.Launcher.prepareToLaunch(Unknown Source)
    at com.sun.javaws.Launcher.prepareToLaunch(Unknown Source)
    at com.sun.javaws.Launcher.launch(Unknown Source)
    at com.sun.javaws.Main.launchApp(Unknown Source)
    at com.sun.javaws.Main.continueInSecureThread(Unknown Source)
    at com.sun.javaws.Main.access$000(Unknown Source)
    at com.sun.javaws.Main$1.run(Unknown Source)
    at java.lang.Thread.run(Thread.java:745)
Caused by: com.sun.deploy.security.RevocationChecker$StatusUnknownException
    at com.sun.deploy.security.RevocationChecker.checkCRLs(Unknown Source)
    at com.sun.deploy.security.RevocationChecker.check(Unknown Source)
    at com.sun.deploy.security.RevocationCheckHelper.doRevocationCheck(Unknown Source)
    at com.sun.deploy.security.RevocationCheckHelper.doRevocationCheck(Unknown Source)
    at com.sun.deploy.security.RevocationCheckHelper.checkRevocationStatus(Unknown Source)
    at com.sun.deploy.security.X509TrustManagerDelegate.checkTrusted(Unknown Source)
    at com.sun.deploy.security.X509Extended7DeployTrustManagerDelegate.checkServerTrusted(Unknown Source)
    at com.sun.deploy.security.X509Extended7DeployTrustManager.checkServerTrusted(Unknown Source)
    at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1460)
    ... 33 more

我看了https://community.oracle.com/thread/3651870?start=15&tstart=0 但我真的不明白我应该做些什么。

例如,我已注释掉<> /lib/security/java.security

#jdk.tls.disabledAlgorithms=SSLv3

但这仍然无效。当我看到' getInputStream '在stacktrace中,我想知道javaws是否试图下载代理之外的东西?

有什么想法吗?

编辑:如果在controlPanel中检查

,则JNLP有效
  • 执行签名代码:不检查(不推荐)
  • 执行TLS证书撤销:不检查(不推荐)

此问题是否与我的代理服务器相关联?

1 个答案:

答案 0 :(得分:0)

Java certificate revocation checking使用以下一种或两种方法:

  

证书撤销列表(CRL)

     

此方法需要由证书颁发机构(CA)定期生成和发布列表,以使其保持最新状态。

     

在线证书状态协议(OCSP)

     

此方法使用CA执行实时证书状态检查,使其更可靠,更快速。

如果您的服务器证书是自签名的,或者您的公司有内部CA,则您的JRE可能无法正确完成撤销检查 - 因此“未知”状态。如果要运行撤销检查(通常是这样做),则需要由支持其中一种或两种方法的CA签署的证书。

同样重要的是要记住,这里可能有两个证书:

  • 用于签署JAR的证书;和
  • 用于连接服务器的证书

两个证书必须签名且有效(即未撤销)才能使握手成功。