Mule:javax.net.ssl.SSLPeerUnverifiedException:peer未通过身份验证

时间:2015-12-03 14:39:11

标签: ssl mule

我有一个mule项目,它使用自签名证书通过HTTPS(TLS)使用到本地tomcat服务器的出站连接。当我执行流程时,我得到以下异常

Mule HTTP连接器

<http:request-config name="SP2" host="my_fqdn" port="38443" doc:name="SP Request Configuration" protocol="HTTPS" >
    <tls:context>
        <tls:trust-store path="/temp/temp1.keystore.jks" password="changeit" type="jks"/>
    </tls:context>
</http:request-config>

来自骡流的错误

javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
at sun.security.ssl.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:397) ~[?:1.7.0_67]
at org.mule.module.http.internal.domain.request.ClientConnection.getClientCertificate(ClientConnection.java:67) ~[mule-module-http-3.7.2.jar:3.7.2]
at org.mule.module.http.internal.listener.HttpRequestToMuleEvent.transform(HttpRequestToMuleEvent.java:63) ~[mule-module-http-3.7.2.jar:3.7.2]
at org.mule.module.http.internal.listener.DefaultHttpListener.createEvent(DefaultHttpListener.java:165) ~[mule-module-http-3.7.2.jar:3.7.2]
at org.mule.module.http.internal.listener.DefaultHttpListener.access$000(DefaultHttpListener.java:39) ~[mule-module-http-3.7.2.jar:3.7.2]
at org.mule.module.http.internal.listener.DefaultHttpListener$1.handleRequest(DefaultHttpListener.java:124) ~[mule-module-http-3.7.2.jar:3.7.2]
at org.mule.module.http.internal.listener.grizzly.GrizzlyRequestDispatcherFilter.handleRead(GrizzlyRequestDispatcherFilter.java:83) ~[mule-module-http-3.7.2.jar:3.7.2]
at org.glassfish.grizzly.filterchain.ExecutorResolver$9.execute(ExecutorResolver.java:119) ~[grizzly-framework-2.3.21.jar:2.3.21]
at org.glassfish.grizzly.filterchain.DefaultFilterChain.executeFilter(DefaultFilterChain.java:283) ~[grizzly-framework-2.3.21.jar:2.3.21]
at org.glassfish.grizzly.filterchain.DefaultFilterChain.executeChainPart(DefaultFilterChain.java:200) ~[grizzly-framework-2.3.21.jar:2.3.21]
at org.glassfish.grizzly.filterchain.DefaultFilterChain.execute(DefaultFilterChain.java:132) ~[grizzly-framework-2.3.21.jar:2.3.21]
at org.glassfish.grizzly.filterchain.DefaultFilterChain.process(DefaultFilterChain.java:111) ~[grizzly-framework-2.3.21.jar:2.3.21]
at org.glassfish.grizzly.ProcessorExecutor.execute(ProcessorExecutor.java:77) ~[grizzly-framework-2.3.21.jar:2.3.21]
at org.glassfish.grizzly.nio.transport.TCPNIOTransport.fireIOEvent(TCPNIOTransport.java:536) ~[grizzly-framework-2.3.21.jar:2.3.21]
at org.glassfish.grizzly.strategies.AbstractIOStrategy.fireIOEvent(AbstractIOStrategy.java:112) ~[grizzly-framework-2.3.21.jar:2.3.21]
at org.mule.module.http.internal.listener.grizzly.ExecutorPerServerAddressIOStrategy.run0(ExecutorPerServerAddressIOStrategy.java:102) ~[mule-module-http-3.7.2.jar:3.7.2]
at org.mule.module.http.internal.listener.grizzly.ExecutorPerServerAddressIOStrategy.access$100(ExecutorPerServerAddressIOStrategy.java:30) ~[mule-module-http-3.7.2.jar:3.7.2]
at org.mule.module.http.internal.listener.grizzly.ExecutorPerServerAddressIOStrategy$WorkerThreadRunnable.run(ExecutorPerServerAddressIOStrategy.java:125) ~[mule-module-http-3.7.2.jar:3.7.2]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) [?:1.7.0_67]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) [?:1.7.0_67]
at java.lang.Thread.run(Thread.java:745) [?:1.7.0_67]

通常这意味着我的信任存储设置不正确。就我而言,我在Mule的TLS上下文中设置了信任存储。由于我仍然收到错误,我认为Mule在某种程度上不尊重我的TLS上下文设置。

此外,我在Anypoint Studio内部设置了一个测试程序,该程序与我的Mule流程执行的项目相同。

System.setProperty("javax.net.ssl.trustStore","/temp/temp1.keystore.jks");
System.setProperty("javax.net.ssl.trustStoreType", KeyStore.getDefaultType());
System.setProperty("javax.net.ssl.trustStorePassword","changeit");

SocketFactory sslContext = (SSLSocketFactory) SSLSocketFactory.getDefault();
SSLSocket sslSocket = (SSLSocket) sslContext.createSocket("my_fqdn",38443);
SSLSession sslSession = sslSocket.getSession();
sslSession.getPeerCertificates();

在上面提到的Java代码中,如果我没有正确设置信任存储,我会得到&#34; peer未经过身份验证的&#34;错误。但是,当我按照提到的设置信任存储时,程序执行时没有任何错误。最后,我尝试将信任存储作为JVM args传递,但这也没有用。

所以我对为什么骡子这样做是无能为力的。有谁知道如何解决这个问题?

1 个答案:

答案 0 :(得分:0)

Mule 3.7.2默认使用SSLV2Hello。 Tomcat连接器在收到SSLV2Hello时正在关闭连接。我通过修改tomcat连接器修复了这个问题,主要围绕sslEnabledProtocols列表。

<Connector port="38443" protocol="org.apache.coyote.http11.Http11NioProtocol"
 maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
 clientAuth="false" sslProtocol="TLS"
 keystoreFile="/tmp/temp1.keystore.jks" 
 keystorePass="changeit"  
 sslEnabledProtocols="TLSv1,TLSv1.1,TLSv1.2,SSLv2Hello"/>