来自 Soap UI 的 SSL 请求失败,适用于 fiddler 代理
SSL request fails from Soap UI, works with fiddler proxy
对 SOAP Web 服务的 HTTPŞ 请求不能直接从 SOAP UI 工作,但是当我放置 fiddler 代理时,它可以工作,它也可以与来自 Visual studio 的 WcfTestClient 一起工作。
我试过了:
1.using SOAP UI 5.0.0 和 5.2.0。
2.Putting 这些开关:
-Djavax.net.debug=all
-Dsun.security.ssl.allowUnsafeRenegotiation=true
-Dsun.security.ssl.allowLegacyHelloMessages=true
-Dhttps.protocols=TLSv1 (because server doesn't support SSL, only TLS)
3.Adding CA 证书和服务器 SSL 证书到(因为 SSL 证书是用 "homemade CA certficate" 签名的)
- \jdk1.7.0_51\jre\lib\security\cacerts
- 通过 java 控制面板导入它们。
这是我得到的异常:
Mon Jul 06 13:42:57 CEST 2015:ERROR:javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
at sun.security.ssl.SSLSocketImpl.writeRecord(Unknown Source)
at sun.security.ssl.AppOutputStream.write(Unknown Source)
at org.apache.http.impl.io.AbstractSessionOutputBuffer.flushBuffer(AbstractSessionOutputBuffer.java:131)
at org.apache.http.impl.io.AbstractSessionOutputBuffer.flush(AbstractSessionOutputBuffer.java:138)
at org.apache.http.impl.conn.LoggingSessionOutputBuffer.flush(LoggingSessionOutputBuffer.java:95)
at org.apache.http.impl.io.ContentLengthOutputStream.flush(ContentLengthOutputStream.java:102)
at org.apache.http.entity.ByteArrayEntity.writeTo(ByteArrayEntity.java:69)
at org.apache.http.entity.HttpEntityWrapper.writeTo(HttpEntityWrapper.java:96)
at org.apache.http.impl.client.EntityEnclosingRequestWrapper$EntityWrapper.writeTo(EntityEnclosingRequestWrapper.java:108)
at org.apache.http.impl.entity.EntitySerializer.serialize(EntitySerializer.java:120)
at org.apache.http.impl.AbstractHttpClientConnection.sendRequestEntity(AbstractHttpClientConnection.java:263)
at org.apache.http.impl.conn.AbstractClientConnAdapter.sendRequestEntity(AbstractClientConnAdapter.java:227)
at org.apache.http.protocol.HttpRequestExecutor.doSendRequest(HttpRequestExecutor.java:255)
at com.eviware.soapui.impl.wsdl.support.http.HttpClientSupport$SoapUIHttpRequestExecutor.doSendRequest(HttpClientSupport.java:119)
at org.apache.http.protocol.HttpRequestExecutor.execute(HttpRequestExecutor.java:123)
at org.apache.http.impl.client.DefaultRequestDirector.tryExecute(DefaultRequestDirector.java:633)
at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:454)
at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:820)
at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:754)
at com.eviware.soapui.impl.wsdl.support.http.HttpClientSupport$Helper.execute(HttpClientSupport.java:233)
at com.eviware.soapui.impl.wsdl.support.http.HttpClientSupport.execute(HttpClientSupport.java:323)
at com.eviware.soapui.impl.wsdl.submit.transports.http.HttpClientRequestTransport.submitRequest(HttpClientRequestTransport.java:290)
at com.eviware.soapui.impl.wsdl.submit.transports.http.HttpClientRequestTransport.sendRequest(HttpClientRequestTransport.java:220)
at com.eviware.soapui.impl.wsdl.WsdlSubmit.run(WsdlSubmit.java:119)
at java.util.concurrent.Executors$RunnableAdapter.call(Unknown Source)
at java.util.concurrent.FutureTask.run(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
Caused by: java.io.EOFException: SSL peer shut down incorrectly
at sun.security.ssl.InputRecord.read(Unknown Source)
... 31 more
这个问题是由于 Server Name Indication。
我们在同一个 IP:port 上为不同的 FQDN-s 运行 设置了多个 SSL 证书,因此服务器被迫使用 SNI,这显然是 supported from java 7。
我不知道的另一件事是 SOAP UI 在安装文件夹中打包了 jre,SOAP UI 5.2.0 的版本报告为 1.7u55,但是用户- fiddler 报告中 http 请求中的代理 Java 1.5.
一旦我们删除了其他 SSL 证书,它就可以从 SOAP UI 中运行,这只是为了证明这一点——这是由于 SNI。在生产中,我们必须使用 SNI 并确保我们的客户支持它。
这里是 thread about SOAP UI SNI 但线程中的建议不起作用,所以我假设 SOAP UI 中不支持 SNI(很明显,因为 http 客户端报告用户代理:Java1.5)
对 SOAP Web 服务的 HTTPŞ 请求不能直接从 SOAP UI 工作,但是当我放置 fiddler 代理时,它可以工作,它也可以与来自 Visual studio 的 WcfTestClient 一起工作。
我试过了:
1.using SOAP UI 5.0.0 和 5.2.0。
2.Putting 这些开关:
-Djavax.net.debug=all
-Dsun.security.ssl.allowUnsafeRenegotiation=true
-Dsun.security.ssl.allowLegacyHelloMessages=true
-Dhttps.protocols=TLSv1 (because server doesn't support SSL, only TLS)
3.Adding CA 证书和服务器 SSL 证书到(因为 SSL 证书是用 "homemade CA certficate" 签名的)
- \jdk1.7.0_51\jre\lib\security\cacerts
- 通过 java 控制面板导入它们。
这是我得到的异常:
Mon Jul 06 13:42:57 CEST 2015:ERROR:javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
at sun.security.ssl.SSLSocketImpl.writeRecord(Unknown Source)
at sun.security.ssl.AppOutputStream.write(Unknown Source)
at org.apache.http.impl.io.AbstractSessionOutputBuffer.flushBuffer(AbstractSessionOutputBuffer.java:131)
at org.apache.http.impl.io.AbstractSessionOutputBuffer.flush(AbstractSessionOutputBuffer.java:138)
at org.apache.http.impl.conn.LoggingSessionOutputBuffer.flush(LoggingSessionOutputBuffer.java:95)
at org.apache.http.impl.io.ContentLengthOutputStream.flush(ContentLengthOutputStream.java:102)
at org.apache.http.entity.ByteArrayEntity.writeTo(ByteArrayEntity.java:69)
at org.apache.http.entity.HttpEntityWrapper.writeTo(HttpEntityWrapper.java:96)
at org.apache.http.impl.client.EntityEnclosingRequestWrapper$EntityWrapper.writeTo(EntityEnclosingRequestWrapper.java:108)
at org.apache.http.impl.entity.EntitySerializer.serialize(EntitySerializer.java:120)
at org.apache.http.impl.AbstractHttpClientConnection.sendRequestEntity(AbstractHttpClientConnection.java:263)
at org.apache.http.impl.conn.AbstractClientConnAdapter.sendRequestEntity(AbstractClientConnAdapter.java:227)
at org.apache.http.protocol.HttpRequestExecutor.doSendRequest(HttpRequestExecutor.java:255)
at com.eviware.soapui.impl.wsdl.support.http.HttpClientSupport$SoapUIHttpRequestExecutor.doSendRequest(HttpClientSupport.java:119)
at org.apache.http.protocol.HttpRequestExecutor.execute(HttpRequestExecutor.java:123)
at org.apache.http.impl.client.DefaultRequestDirector.tryExecute(DefaultRequestDirector.java:633)
at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:454)
at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:820)
at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:754)
at com.eviware.soapui.impl.wsdl.support.http.HttpClientSupport$Helper.execute(HttpClientSupport.java:233)
at com.eviware.soapui.impl.wsdl.support.http.HttpClientSupport.execute(HttpClientSupport.java:323)
at com.eviware.soapui.impl.wsdl.submit.transports.http.HttpClientRequestTransport.submitRequest(HttpClientRequestTransport.java:290)
at com.eviware.soapui.impl.wsdl.submit.transports.http.HttpClientRequestTransport.sendRequest(HttpClientRequestTransport.java:220)
at com.eviware.soapui.impl.wsdl.WsdlSubmit.run(WsdlSubmit.java:119)
at java.util.concurrent.Executors$RunnableAdapter.call(Unknown Source)
at java.util.concurrent.FutureTask.run(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
Caused by: java.io.EOFException: SSL peer shut down incorrectly
at sun.security.ssl.InputRecord.read(Unknown Source)
... 31 more
这个问题是由于 Server Name Indication。 我们在同一个 IP:port 上为不同的 FQDN-s 运行 设置了多个 SSL 证书,因此服务器被迫使用 SNI,这显然是 supported from java 7。
我不知道的另一件事是 SOAP UI 在安装文件夹中打包了 jre,SOAP UI 5.2.0 的版本报告为 1.7u55,但是用户- fiddler 报告中 http 请求中的代理 Java 1.5.
一旦我们删除了其他 SSL 证书,它就可以从 SOAP UI 中运行,这只是为了证明这一点——这是由于 SNI。在生产中,我们必须使用 SNI 并确保我们的客户支持它。
这里是 thread about SOAP UI SNI 但线程中的建议不起作用,所以我假设 SOAP UI 中不支持 SNI(很明显,因为 http 客户端报告用户代理:Java1.5)