我已经使用相同的身份验证配置了带有AMQP over SSL的ActiveMQ代理,并且它与自签名证书配合良好。尝试使用我的客户端证书之一进行测试时出现问题,该证书包含一些关键扩展,导致握手失败。
这是堆栈跟踪:
DEBUG | Transport Connection to: tcp://127.0.0.1:49318 failed: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Certificate contains unsupported critical extensions: [2.5.29.32] | org.apache.activemq.broker.TransportConnection.Transport | ActiveMQ Transport: ssl:///127.0.0.1:49318
javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Certificate contains unsupported critical extensions: [2.5.29.32]
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)[:1.7.0_75]
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1904)[:1.7.0_75]
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:279)[:1.7.0_75]
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:273)[:1.7.0_75]
at sun.security.ssl.ServerHandshaker.clientCertificate(ServerHandshaker.java:1682)[:1.7.0_75]
at sun.security.ssl.ServerHandshaker.processMessage(ServerHandshaker.java:176)[:1.7.0_75]
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:901)[:1.7.0_75]
at sun.security.ssl.Handshaker.process_record(Handshaker.java:837)[:1.7.0_75]
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1023)[:1.7.0_75]
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1332)[:1.7.0_75]
at sun.security.ssl.SSLSocketImpl.readDataRecord(SSLSocketImpl.java:889)[:1.7.0_75]
at sun.security.ssl.AppInputStream.read(AppInputStream.java:102)[:1.7.0_75]
at org.apache.activemq.transport.tcp.TcpBufferedInputStream.fill(TcpBufferedInputStream.java:50)[activemq-client-5.13.1.jar:5.13.1]
at org.apache.activemq.transport.tcp.TcpTransport$2.fill(TcpTransport.java:629)[activemq-client-5.13.1.jar:5.13.1]
at org.apache.activemq.transport.tcp.TcpBufferedInputStream.readStream(TcpBufferedInputStream.java:73)[activemq-client-5.13.1.jar:5.13.1]
at org.apache.activemq.transport.tcp.TcpBufferedInputStream.read(TcpBufferedInputStream.java:94)[activemq-client-5.13.1.jar:5.13.1]
at org.apache.activemq.transport.tcp.TcpTransport$2.read(TcpTransport.java:619)[activemq-client-5.13.1.jar:5.13.1]
at java.io.DataInputStream.readFully(DataInputStream.java:195)[:1.7.0_75]
at org.fusesource.hawtbuf.Buffer.readFrom(Buffer.java:412)[hawtbuf-1.11.jar:1.11]
at org.apache.activemq.transport.amqp.AmqpWireFormat.unmarshal(AmqpWireFormat.java:102)[activemq-amqp-5.13.1.jar:5.13.1]
at org.apache.activemq.transport.tcp.TcpTransport.readCommand(TcpTransport.java:240)[activemq-client-5.13.1.jar:5.13.1]
at org.apache.activemq.transport.tcp.TcpTransport.doRun(TcpTransport.java:232)[activemq-client-5.13.1.jar:5.13.1]
at org.apache.activemq.transport.tcp.TcpTransport.run(TcpTransport.java:215)[activemq-client-5.13.1.jar:5.13.1]
at java.lang.Thread.run(Thread.java:745)[:1.7.0_75]
我的理解是,这是证书扩展的默认行为,对于任何特定情况,都应该覆盖它。
有人知道我的假设是否正确吗?任何人都有解决这个问题的方法吗?
感谢。