Python中文网

一个关于 编程问题的解答网站.

有 Java 编程相关的问题?

你可以在下面搜索框中键入要查询的问题!

ssljava。lang.IllegalArgumentException:类型为0的重复服务器名称

4 月 Questions & Answers

我正在尝试一个客户端SNI实现,在该实现中,我可以将多个主机名(生成相同的证书)传递给sslparemeters,下面的代码片段

SSLSocketFactory factory =(SSLSocketFactory)SSLSocketFactory.getDefault();
SSLSocket socket =(SSLSocket)factory.createSocket("www.verisign.com", 443);     
SNIHostName serverName1 = new SNIHostName("www.verisign.co.in");
SNIHostName serverName2 = new SNIHostName("www.verisign.co.uk");
List<SNIServerName> serverNames = new ArrayList<>();
serverNames.add(serverName1);
serverNames.add(serverName2);
SSLParameters params = socket.getSSLParameters();
params.setServerNames(serverNames);
socket.setSSLParameters(params);

但在进行SSL握手之前,我收到以下异常

java.lang.IllegalArgumentException: Duplicated server name of type 0
at java.base/javax.net.ssl.SSLParameters.setServerNames(SSLParameters.java:343)
at SSLSocketClient.main(SSLSocketClient.java:69)

在eclipse中检查显示,对于两个SNI主机名,类型都是host_name(0)。 [type=host\u name(0),value=www.verisign.co.in,type=host\u name(0),value=www.verisign.co.uk]

如果它不允许多个主机名,那么为什么会有传递服务器名列表的规定呢


共 (1) 个答案

  1. # 1 楼答案

    该标准似乎曾经支持多个主机名,但该支持已被放弃

    根据SNI的RFC(https://datatracker.ietf.org/doc/html/rfc6066

    The ServerNameList MUST NOT contain more than one name of the same name_type.

    ...

    Note: Earlier versions of this specification permitted multiple names of the same name_type. In practice, current client implementations only send one name, and the client cannot necessarily find out which name the server selected. Multiple names of the same name_type are therefore now prohibited.

    人们可能会尝试添加具有不同名称类型的其他名称。但是,似乎唯一定义的名称类型是“主机名称”,即0