sssssjkl

证书链完整，okhttp3请求错误？

证书情况 "myssl.com"验证证书是正常的 "https://myssl.com/ynslyszx.com" (https://link.segmentfault.com/?enc=Rl58bPUsLiXYbKR4SPkgog%3D%3D.BlyaOYBBPkulzooS98TibCDfCcm03tjWdZTvEPlpC2U%3D) 浏览器中查看 "image.png" (https://wmprod.oss-cn-shanghai.aliyuncs.com/images/20250121/0a265834b3836233c2083ad2f3fb6134.png) 使用命令查看 "image.png" (https://wmprod.oss-cn-shanghai.aliyuncs.com/images/20250121/be59a99dd5ffb7bb1928f0e025ce0bab.png) 测试代码 public static void main(String[] args) { String url = "https://ynslyszx.com/fp04/ldt-service/msp/getPublicKey.do"; OkHttpClient client = new OkHttpClient(); // 指定你要请求的URL Request request = new Request.Builder() .url(url) .build(); try (Response response = client.newCall(request).execute()) { if (!response.isSuccessful()) { throw new IOException("Unexpected code " + response); } // 打印响应体的内容 System.out.println(response.body().string()); } catch (IOException e) { e.printStackTrace(); } } 错误信息 使用okhttp请求报错： javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) at sun.security.ssl.TransportContext.fatal(TransportContext.java:353) at sun.security.ssl.TransportContext.fatal(TransportContext.java:296) at sun.security.ssl.TransportContext.fatal(TransportContext.java:291) at sun.security.ssl.CertificateMessage$T12CertificateConsumer.checkServerCerts(CertificateMessage.java:652) at sun.security.ssl.CertificateMessage$T12CertificateConsumer.onCertificate(CertificateMessage.java:471) at sun.security.ssl.CertificateMessage$T12CertificateConsumer.consume(CertificateMessage.java:367) at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:376) at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:444) at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:422) at sun.security.ssl.TransportContext.dispatch(TransportContext.java:183) at sun.security.ssl.SSLTransport.decode(SSLTransport.java:154) at sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1279) at sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1188) at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:401) at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:373) at okhttp3.internal.connection.RealConnection.connectTls(RealConnection.kt:379) at okhttp3.internal.connection.RealConnection.establishProtocol(RealConnection.kt:337) at okhttp3.internal.connection.RealConnection.connect(RealConnection.kt:209) at okhttp3.internal.connection.ExchangeFinder.findConnection(ExchangeFinder.kt:226) at okhttp3.internal.connection.ExchangeFinder.findHealthyConnection(ExchangeFinder.kt:106) at okhttp3.internal.connection.ExchangeFinder.find(ExchangeFinder.kt:74) at okhttp3.internal.connection.RealCall.initExchange$okhttp(RealCall.kt:255) at okhttp3.internal.connection.ConnectInterceptor.intercept(ConnectInterceptor.kt:32) at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.kt:109) at okhttp3.internal.cache.CacheInterceptor.intercept(CacheInterceptor.kt:95) at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.kt:109) at okhttp3.internal.http.BridgeInterceptor.intercept(BridgeInterceptor.kt:83) at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.kt:109) at okhttp3.internal.http.RetryAndFollowUpInterceptor.intercept(RetryAndFollowUpInterceptor.kt:76) at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.kt:109) at okhttp3.internal.connection.RealCall.getResponseWithInterceptorChain$okhttp(RealCall.kt:201) at okhttp3.internal.connection.RealCall.execute(RealCall.kt:154) at org.example.App.main(App.java:35) Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) at sun.security.validator.Validator.validate(Validator.java:271) at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:312) at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:221) at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:128) at sun.security.ssl.CertificateMessage$T12CertificateConsumer.checkServerCerts(CertificateMessage.java:636) ... 29 more Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280) at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ... 35 more 问题 1. 同样的代码，请求"https://baidu.com" (https://link.segmentfault.com/?enc=LAsp%2FXr6f6q8V1UnW07%2FBA%3D%3D.VaQZUVr0UBPH5NOsd9mM%2BBVBBQIxSjUsmimAlhCsqoU%3D)或"https://qq.com" (https://link.segmentfault.com/?enc=q5rFqEJ56pJ4MsdHXM%2BI7A%3D%3D.0ENTZ1%2FO3icYP0ebmhX2CQ%3D%3D)是正常的，请求ynslyszx.com就出错；使用"myssl.com"验证后，证书也是正常的，请问是哪个环节出错？ 2. 服务器中尝试用"myssl.com"修复过证书，也是请求不通。 3. 目前解决办法是使okhttp3忽略全部证书验证，但是这样不太合适，请问是否有其他解决方案？

猫界袁隆平

如何实现https的自动部署？

在服务端做一个https自动部署的功能，需要打通哪些方面的服务？求支招！

Daily毅星

域名过期，ssl证书有效，如何防止被攻击？

https是需要证书的，如果我申请的一个证书，申请通过后域名过期被其他人购买并搭建https服务，那我的证书是否可用，没有任何一个检测机制来检验我的证书是否不可信，那我是否相当于伪造了一份受信任的并且是对应网站的证书用来中间人攻击，拿这种情况应该如何防范呢

周舟莫UI设计

如何解决Nginx HTTPS配置访问失败问题？

配置HTTP成功，并且所有网页皆可访问。唯独HTTPS失败，我的nginx配置文件如下 user www-data; worker_processes auto; pid /run/nginx.pid; include /etc/nginx/modules-enabled/*.conf; events { worker_connections 768; # multi_accept on; } http { sendfile on; tcp_nopush on; tcp_nodelay on; keepalive_timeout 65; types_hash_max_size 2048; include /etc/nginx/mime.types; default_type application/octet-stream; server{ listen 443 ssl; server_name www.xiaoyangst.top; ssl_certificate /home/xyst/XrtcDemo/server/cert/www.xiaoyangst.top_cert_chain.pem; ssl_certificate_key /home/xyst/XrtcDemo/server/cert/www.xiaoyangst.top_key.key; location / { proxy_pass https://www.xiaoyangst.top:8443; } } server { listen 80; server_name www.xiaoyangst.top; root /home/xyst/XrtcDemo/myapp/build; index index.html; location / { try_files $uri %uri/ /index.html; } location /api { proxy_pass http://www.xiaoyangst.top:8888; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } return 301 https://$server_name$request_uri; } ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE ssl_prefer_server_ciphers on; access_log /var/log/nginx/access.log; error_log /var/log/nginx/error.log; gzip on; include /etc/nginx/conf.d/*.conf; include /etc/nginx/sites-enabled/*; } 访问情况 "image.png" (https://wmprod.oss-cn-shanghai.aliyuncs.com/c/user/20240929/3ab4ae1639a620dde6c35635fd870882.png) 通过 openssl s_client -connect www.xiaoyangst.top:443 命令确保SSL和证书没有问题 后端Node.js服务正常启动，且通过PostMan工具测试后端没有问题。所以问题应该在nginx这边 "image.png" (https://wmprod.oss-cn-shanghai.aliyuncs.com/c/user/20240929/a6f3ce6feb2cc74e5459f0b476a5d60b.png) "image.png" (https://wmprod.oss-cn-shanghai.aliyuncs.com/c/user/20240929/f3065e6589b5b025b66e7102b5b00104.png) 我怀疑是没有把资源给到HTTPS，所以我把HTTP去掉，直接给到HTTPS server{ listen 443 ssl; server_name www.xiaoyangst.top; ssl_certificate /home/xyst/XrtcDemo/server/cert/www.xiaoyangst.top_cert_chain.pem; ssl_certificate_key /home/xyst/XrtcDemo/server/cert/www.xiaoyangst.top_key.key; server_name www.xiaoyangst.top; root /home/xyst/XrtcDemo/myapp/build; index index.html; location / { try_files $uri %uri/ /index.html; } location /api { proxy_pass https://www.xiaoyangst.top:8443; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } } 问题得到解决，但是我想说如何既可以配置HTTP，还可以配置HTTPS呢？ 就是访问HTTP可以成功，访问HTTPS也可以成功，难道只能选择再Copy一份吗？（因为不很熟悉nginx）

庆广大

如何判断一个网站无法访问的原因?

如果有一个网站无法访问,假设原因可能只有两个,一个是被墙了,一个是网站本身不让墙内的人用。 有什么方法可以判断是哪一个原因造成的?

北北che

java 使用 websocket 的包, 连接 wss 的 websocket 失败?

使用 jar 包 , 连接 websocket, 用域名的方式连接失败, 中间有通过 nginx 转发 org.java-websocket Java-WebSocket 1.5.3 用浏览器的控制台 new Websocket(wss://域名) 已经成功 nginx 配置正常的 , 用于 websocket 的配置添加了 proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_http_version 1.1; 使用 ws://域名 方式报 400 错误 用 wss://域名 方式 nginx 连请求都没收到 域名是买的, 是能通过验证的 使用 http 直接连接服务的方式是成功的 java 代码 ClientWs clientWs = new ClientWs(url); clientWs.connect(); while (!clientWs.getReadyState().equals(ReadyState.OPEN)) { try { Thread.sleep(1000); } catch (InterruptedException e) { } System.out.println("Connecting..."); if (clientWs.getReadyState() == ReadyState.CLOSED){ System.out.println("连接失败"); System.exit(-1); } } System.out.println("Connected."); public class ClientWs extends WebSocketClient { public ClientWs(URI serverUri) { super(serverUri); trustAllHosts(this); } public ClientWs(URI serverUri, Map httpHeaders) { super(serverUri, httpHeaders); trustAllHosts(this); } @Override public void onOpen(ServerHandshake serverHandshake) { } @Override public void onMessage(String s) { } @Override public void onClose(int i, String s, boolean b) { } @Override public void onError(Exception e) { } static void trustAllHosts(ClientWs clientWs){ TrustManager[] trustAllCerts =new TrustManager[]{new X509TrustManager(){ @Override public void checkClientTrusted(X509Certificate[] x509Certificates, String s) throws CertificateException { } @Override public void checkServerTrusted(X509Certificate[] x509Certificates, String s) throws CertificateException { } @Override public X509Certificate[] getAcceptedIssuers() { return new java.security.cert.X509Certificate[]{}; } }}; try { SSLContext ssl = SSLContext.getInstance("TLS"); ssl.init(null, trustAllCerts,new java.security.SecureRandom()); } catch (NoSuchAlgorithmException e) { e.printStackTrace(); } catch (KeyManagementException e) { e.printStackTrace(); } } }

无敌奥特MEN

axios.js 怎么区分net::ERR_CONNECTION_TIMED_OUT 和 net::ERR_CERT_AUTHORITY_INVALID？

现在碰到问题为不清楚如何在js内部判断 区分net::ERR_CONNECTION_TIMED_OUT 后端服务挂了 和 ssl证书无效 net::ERR_CERT_AUTHORITY_INVALID； 在axios的错误返回中都是Err_network,有办法在js中区分开么？ 补充三种不同错误axios的错误返回截图 "image.png" (https://wmprod.oss-cn-shanghai.aliyuncs.com/c/user/20241015/99e4ba928c5482e1ac28ad97c014aa40.png) "image.png" (https://wmprod.oss-cn-shanghai.aliyuncs.com/c/user/20241015/5dbecd658df31e171d1eff0cbe79fd28.png) "image.png" (https://wmprod.oss-cn-shanghai.aliyuncs.com/c/user/20241015/3cea1d28f50289205aedd47bc5031cd0.png)

Fronttend

post http重定向到https会改变 请求的method类型吗?

"image.png" (https://wmprod.oss-cn-shanghai.aliyuncs.com/c/user/20240914/411aa7e550a01e43b2246157050b0f3f.png) 这种场景是怎样的?

MastFancy

无法下载网页urllib.error.HTTPError: HTTP Error 403: Forbidden？

想提取这个网页的数据 from urllib.request import urlretrieve import urllib import random url="https://cn.investing.com/indices/hnx-30-components" opener = urllib.request.build_opener() ua_list = ['Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101 Firefox/102.0', 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.0.0 Safari/537.36', 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.114 Safari/537.36 Edg/103.0.1264.62', 'Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:98.0) Gecko/20100101 Firefox/98.0', 'Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.81 Safari/537.36 SE 2.X MetaSr 1.0' ] opener.addheaders = [('User-Agent', random.choice(ua_list))] urllib.request.install_opener(opener) urlretrieve(url, '/tmp/test.html') 网页无法打开，浏览器可以打开 File "/usr/local/lib/python3.11/urllib/request.py", line 643, in http_error_default raise HTTPError(req.full_url, code, msg, hdrs, fp) urllib.error.HTTPError: HTTP Error 403: Forbidden 请问，如何解决？

木子弓长

前端页面跳转时发生无限循环是为什么？

前端页面渲染前向其他页面跳转，发生无限循环的问题。 import Vue from 'vue' import App from './App.vue' //引入VueRouter import VueRouter from 'vue-router' import router from './router/index.js' import './assets/style/index.css' import './assets/style/public.css' import './assets/font/font_svcu02nytc/iconfont.css' import './assets/script/js.js' import './assets/script/jquery-3.4.1.min.js' import ElementUI from 'element-ui'; import 'element-ui/lib/theme-chalk/index.css'; import $ from 'jquery' import store from "./store" import Antd from 'ant-design-vue' import 'ant-design-vue/dist/antd.css' Vue.config.productionTip = false //应用插件 Vue.use(VueRouter) Vue.use(ElementUI); Vue.use(Antd) // 获取当前页面的协议 const currentProtocol = window.location.protocol; // 如果是 HTTPS 协议，则执行跳转逻辑 if (currentProtocol === 'https:') { const temp_url = window.location.href.replace("https","http") alert("由于服务器暂未配置域名，点击确定后跳转到http协议网址下") window.location.href = temp_url } else{ // console.log('当前页面使用 HTTPS 协议'); const vm =new Vue({ render: h => h(App), router, store }).$mount('#app') } // const vm =new Vue({ // render: h => h(App), // router, // store // }).$mount('#app') 代码如上： 问题背景是这样：我自己的一个云服务器网站还没有域名，只实现了前端的ssl认证，但是没有实现后端的ssl认证，导致前端无法向后端发送https请求。于是我目前打算，当用户通过https协议登录前端网站的时候，自动跳转到http协议下的该网站，具体实现的代码如上面所写，但是部署到云服务器并测试的时候发现网页不断弹出alert框，且一直在当前页面循环。 经过几次尝试，还发现我即使将这段判断的代码放到单独的component下面的mounted方法里，也会出现无限循环，我在本地测试的时候好像没有问题，但是部署到服务器上就有问题了。可能的情况是什么？ nginx的配置如下： user root; #user nobody; worker_processes 1; #error_log logs/error.log; #error_log logs/error.log notice; #error_log logs/error.log info; #pid logs/nginx.pid; events { worker_connections 1024; } http { include mime.types; default_type application/octet-stream; #log_format main '$remote_addr - $remote_user [$time_local] "$request" ' # '$status $body_bytes_sent "$http_referer" ' # '"$http_user_agent" "$http_x_forwarded_for"'; #access_log logs/access.log main; sendfile on; #tcp_nopush on; #keepalive_timeout 0; keepalive_timeout 65; #gzip on; server { listen 80; server_name xxx.xxx.xxx.xx; #charset koi8-r; #access_log logs/host.access.log main; root /www/dist; index index.html; #location / { # root /home/www/dist; # index index.html index.htm; #} #location / { # try_files $uri $uri/ /index.html; #新的 #} #error_page 404 /404.html; # redirect server error pages to the static page /50x.html # error_page 500 502 503 504 /50x.html; location = /50x.html { root html; } location / { try_files $uri $uri/ @router;#需要指向下面的@router否则会出现vue的路由在nginx中刷新出现404 index index.html index.htm; } location @router { rewrite ^.*$ /index.html last; } # proxy the PHP scripts to Apache listening on 127.0.0.1:80 # #location ~ \.php$ { # proxy_pass http://127.0.0.1; #} # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 # #location ~ \.php$ { # root html; # fastcgi_pass 127.0.0.1:9000; # fastcgi_index index.php; # fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name; # include fastcgi_params; #} # deny access to .htaccess files, if Apache's document root # concurs with nginx's one # #location ~ /\.ht { # deny all; #} } # another virtual host using mix of IP-, name-, and port-based configuration # #server { # listen 8000; # listen somename:8080; # server_name somename alias another.alias; # location / { # root html; # index index.html index.htm; # } #} # HTTPS server # server { listen 443 ssl; server_name xxx.xxx.xxx.xx; ssl_certificate /usr/local/nginx/conf/ssl/ipssl/zenon.crt; ssl_certificate_key /usr/local/nginx/conf/ssl/ipssl/zenon.key; # ssl_certificate cert.pem; # ssl_certificate_key cert.key; root /www/dist; index index.html; ssl_session_cache shared:SSL:1m; ssl_session_timeout 5m; ssl_ciphers HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on; location / { try_files $uri $uri/ @router;#需要指向下面的@router否则会出现vue的路由在nginx中刷新出现404 index index.html index.htm; } location @router { rewrite ^.*$ /index.html last; } } }