我希望使用SSL连接到Oracle数据库11.2。但我收到的唯一错误是:
Exception in thread "main" java.sql.SQLException: I/O-Fehler: Remote host closed connection during handshake
at oracle.jdbc.driver.T4CConnection.logon(T4CConnection.java:465)
at oracle.jdbc.driver.PhysicalConnection.<init>(PhysicalConnection.java:534)
at oracle.jdbc.driver.T4CConnection.<init>(T4CConnection.java:217)
at oracle.jdbc.driver.T4CDriverExtension.getConnection(T4CDriverExtension.java:28)
at oracle.jdbc.driver.OracleDriver.connect(OracleDriver.java:527)
at java.sql.DriverManager.getConnection(DriverManager.java:582)
at java.sql.DriverManager.getConnection(DriverManager.java:154)
at TestOracle.testSSL(TestOracle.java:157)
at TestOracle.main(TestOracle.java:131)
Caused by: javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:808)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1112)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:623)
at com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:59)
at oracle.net.ns.Packet.send(Packet.java:420)
at oracle.net.ns.ConnectPacket.send(ConnectPacket.java:169)
at oracle.net.ns.NSProtocol.connect(NSProtocol.java:301)
at oracle.jdbc.driver.T4CConnection.connect(T4CConnection.java:1406)
at oracle.jdbc.driver.T4CConnection.logon(T4CConnection.java:327)
... 8 more
Caused by: java.io.EOFException: SSL peer shut down incorrectly
at com.sun.net.ssl.internal.ssl.InputRecord.read(InputRecord.java:333)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:789)
... 16 more
我已将自签名证书添加到已创建的钱包中。但我不明白Oracle服务器如何使用它,因为它需要一个oracle服务器不知道的密码。我必须看密码吗?我必须在哪里设置密码?
在网络上我可以看到Oracle服务器不发送任何字节。它在客户端启动握手后关闭套接字。我认为问题出在服务器端。
我的listener.ora
SID_LIST_LISTENER =
(SID_LIST =
(SID_DESC =
(SID_NAME = CLRExtProc)
(ORACLE_HOME = C:\app\Administrator\product\11.2.0\dbhome_2)
(PROGRAM = extproc)
(ENVS = "EXTPROC_DLLS=ONLY:C:\app\Administrator\product\11.2.0\dbhome_2\bin\oraclr11.dll")
)
)
LISTENER =
(DESCRIPTION_LIST =
(DESCRIPTION =
(ADDRESS = (PROTOCOL = TCP)(HOST = ora11.inetsoftware.local)(PORT = 1521))
(ADDRESS = (PROTOCOL = TCPS)(HOST = ora11.inetsoftware.local)(PORT = 2484))
)
)
ADR_BASE_LISTENER = C:\app\Administrator
WALLET_LOCATION=(SOURCE=(METHOD=FILE)(METHOD_DATA=(DIRECTORY=C:\app\Administrator\product\11.2.0\dbhome_2\BIN\owm\wallets\Administrator)))
SSL_CLIENT_AUTHENTICATION=FALSE
我的sqlnet.ora:
SQLNET.AUTHENTICATION_SERVICES= (NTS)
NAMES.DIRECTORY_PATH= (TNSNAMES, EZCONNECT)
WALLET_LOCATION=(SOURCE=(METHOD=FILE)(METHOD_DATA=(DIRECTORY=C:\app\Administrator\product\11.2.0\dbhome_2\BIN\owm\wallets\Administrator)))
SSL_CLIENT_AUTHENTICATION=FALSE
答案 0 :(得分:1)
证书没有密码。证书所在的东西有密码。您的客户端知道密码,获取证书外的东西,将证书发送到服务器。
如果服务器由于某种原因不喜欢证书,则可能会关闭连接而不是继续握手。如果您未根据请求发送它,则相同,如果您的证书不满足证书请求中服务器指定的约束,则会发生这种情况。例如,如果服务器无法识别自签名者。您是否已将证书导出到服务器的信任存储区?
答案 1 :(得分:0)
我找到了解决方案。这很简单。首先,您需要设置自动登录。这会在wallet目录中创建一个文件cwallet.sso。最重要的是,当您启动TNS监听器服务时,您已关闭钱包管理器中的钱包。否则,侦听器无法加载文件cwallet.sso。在跟踪文件中,您可以看到错误:
ntzlogin:Wallet open failed with error 28759
如果您稍后关闭钱包,则无效。看起来监听器只读取一次文件。