忽略证书验证- Tomcat8 WebSocket (JSR-356)

Question

SslContextFactory sec = new SslContextFactory();
sec.setValidateCerts(false);
WebSocketClient client = new WebSocketClient(sec);

上面的代码是为Jetty WebSockets实现的，以告知java客户端禁用证书验证。有没有什么方法可以在Java API for Tomcat8 WebSockets (JSR356)中实现同样的目标？

PS:我已经尝试过this方法了。它不适用于Tomcat WebSockets安全WebSocket连接

Answer 1

您是否生成了自签名证书并尝试使用它？然后将您的自签名证书导入到新的keystore，并将该keystore用作客户端上的信任存储库。

对于tyrus websocket客户端，我的用法如下：

String keyStorePath = StompClientTest.class.getResource("/myapp.keystore").getPath();
System.getProperties().put("javax.net.debug", "all"); // debug your certificate checking
System.getProperties().put(SslContextConfigurator.KEY_STORE_FILE, keyStorePath);
System.getProperties().put(SslContextConfigurator.TRUST_STORE_FILE, keyStorePath);
System.getProperties().put(SslContextConfigurator.KEY_STORE_PASSWORD, "secret");
System.getProperties().put(SslContextConfigurator.TRUST_STORE_PASSWORD, "secret");
final SslContextConfigurator defaultConfig = new SslContextConfigurator();
defaultConfig.retrieve(System.getProperties());

SslEngineConfigurator sslEngineConfigurator = new SslEngineConfigurator(defaultConfig);
sslEngineConfigurator.setHostVerificationEnabled(false);
StandardWebSocketClient webSocketClient = new StandardWebSocketClient();
webSocketClient.getUserProperties().put(ClientProperties.SSL_ENGINE_CONFIGURATOR, sslEngineConfigurator);

对于tomcat阅读以下问题中的答案：https://stackoverflow.com/a/32205864/386213