JavaSSL文件下载报错需求:准备下载一个文件,是https连接,浏览器没有问题。查看了org.apache.commons.io.FileUtils工具类就有这个方法,太麻烦了;FileUtils.copyURLToFile(新URL(url),文件);不出所料,报错javax.net.ssl.SSLHandshakeException:java.security.cert.CertificateException:NosubjectalternativenamesmatchingIPaddress47.114.190.241foundatsun.security.ssl.Alerts.getSSLException(Alerts.java:192)在sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1946)在sun.security.ssl.Handshaker.fatalSE(Handshaker.java:316)在sun.security.ssl.Handshaker.fatalSE(Handshaker.java:310)在sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1639)在sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:223)在sun.security.ssl.Handshaker.processLoop(Handshaker.java:1037)在sun.security.ssl.Handshaker.process_record(Handshaker.java:965)在sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1064)在sun.security.ssl.SSLSsun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1395)在sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1379)在sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:559)在sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)在sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1564)在sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1492)在sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:263)在org.apache.commons.io.FileUtils.copyURLToFile(FileUtils.java:1478)处的java.net.URL.openStream(URL.java:1045)引起:java.security.cert.CertificateException:没有与IP匹配的主题替代名称在sun.secu找到地址47.114.190.241rity.util.HostnameChecker.matchIP(HostnameChecker.java:168)在sun.security.util.HostnameChecker.match(HostnameChecker.java:94)在sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:455)在sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:436)在sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:200)在sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java)在:124sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1621)查看报错,只需要修改HostnameChecker的matchIP方法,写入转换方法privateURLtransUrl(StringurlStr){//用于更高跳过证书验证的版本JDK}publicvoidcheckClientTrusted(java.security.cert.X509Certificate[]certs,StringauthType){}publicvoidcheckServerTrusted(java.security.cert.X509Certificate[]certs,StringauthType){}}};//激活新的信任管理器SSLContextsc=null;尝试{sc=SSLContext.getInstance("TLS");sc.init(null,trustAllCerts,newjava.security.SecureRandom());HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());//用于校验SSL的IPHostnameVerifierallHostsValid=newHostnameVerifier(){publicbooleanverify(Stringhostname,SSLSessionsession){returntrue;}};HttpsURLConnection.setDefaultHostnameVerifier(allHostsValid);//打开到URL的连接URLurl=newURL(urlStr);URLConnection连接=url.openConnection();返回连接.getURL();}赶上(异常e){抛出新的RuntimeException(e);}}重写下载的代码FileUtils.copyURLToFile(transUrl(url),file);问题解决了
