SSLHandshakeException:收到致命警报: handshake_failure -2 2Way SSL

Question

我使用ApacheHTTP4.1.13编写了一个HttpClient客户端，它使用2way-Sl调用远程Http服务。

我配置了：

包含私钥和客户端certificate

• keystore密码: keystore.jks

• truststore.jks:的密码包含server

• truststore密码的CA e中间CA证书: truststore.jks

密码

守则：

        KeyStore keyStore  = KeyStore.getInstance(KeyStore.getDefaultType());
        FileInputStream instream = new FileInputStream(new File(keystore));
        try {
            keyStore.load(instream, keyStorePassword.toCharArray());
        } finally {
            instream.close();
        }
    
    
        KeyStore trustStore  = KeyStore.getInstance(KeyStore.getDefaultType());
        instream = new FileInputStream(new File(trustore));
        try {
            trustStore.load(instream, trustorePassword.toCharArray());
        } finally {
            instream.close();
        }


        SSLContext sslContext = SSLContexts.custom()
                .loadKeyMaterial(keyStore, keyStorePassword.toCharArray())
                .loadTrustMaterial(trustStore, new TrustSelfSignedStrategy())
                .build();
       

        SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(
                sslContext,
                new String[] {"TLSv1.1","TLSv1.2"},
                null,
                SSLConnectionSocketFactory.BROWSER_COMPATIBLE_HOSTNAME_VERIFIER);
                    
        poolingConnManager = new PoolingHttpClientConnectionManager(
                RegistryBuilder.<ConnectionSocketFactory>create()
                .register("http", PlainConnectionSocketFactory.INSTANCE)
                .register("https", sslsf)
                .build());

如果我运行一个执行调用的java ( Java(TM) SE Runtime (Build1.8.0_231-b11))，我获得了一个成功的连接，并在日志中看到

[2022-01-25 17:49:18][][][][][main][DEBUG]o.a.h.c.s.SSLConnectionSocketFactory - Secure session established
[2022-01-25 17:49:18][][][][][main][DEBUG]o.a.h.c.s.SSLConnectionSocketFactory -  negotiated protocol: TLSv1.2
[2022-01-25 17:49:18][][][][][main][DEBUG]o.a.h.c.s.SSLConnectionSocketFactory -  negotiated cipher suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
[2022-01-25 17:49:18][][][][][main][DEBUG]o.a.h.c.s.SSLConnectionSocketFactory -  peer principal: XXXXX
[2022-01-25 17:49:18][][][][][main][DEBUG]o.a.h.c.s.SSLConnectionSocketFactory -  peer alternative names: [YYYYY]
[2022-01-25 17:49:18][][][][][main][DEBUG]o.a.h.c.s.SSLConnectionSocketFactory -  issuer principal: XXXXX

如果在Docker OpenJDK运行时环境(AdoptOpenJDK)(Build1.8.0_252-B09)中运行具有相同密钥存储和密码的相同代码，则会得到以下握手错误

http-nio-8080-exec-1, READ: TLSv1.2 Alert, length = 2
http-nio-8080-exec-1, RECV TLSv1.2 ALERT:  fatal, handshake_failure
%% Invalidated:  [Session-1, SSL_NULL_WITH_NULL_NULL]
%% Invalidated:  [Session-2, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256]
http-nio-8080-exec-1, called closeSocket()
http-nio-8080-exec-1, handling exception: javax.net.ssl.SSLHandshakeException:   Received fatal alert: handshake_failure
[2022-01-25 16:47:45][SESSION_NOT_INITIALIZED][10.60.168.202][http-nio-8080-exec-1]   [DEBUG]o.a.h.i.c.DefaultManagedHttpClientConnection - http-outgoing-0: Shutdown connection
[2022-01-25 16:47:45][SESSION_NOT_INITIALIZED][10.60.168.202][http-nio-8080-exec-1]   [DEBUG]o.a.h.impl.execchain.MainClientExec - Connection discarded

我该找什么？有什么暗示吗？

UPDATE：密钥库包含私钥和证书链：证书->中间CA -> ；我不明白为什么客户端找不到发送到服务器的正确证书。

在工作测试中我得到了这个日志

*** ServerHelloDone
[read] MD5 and SHA1 hashes:  len = 4
0000: 0E 00 00 00                                        ....
matching alias: 1
*** Certificate chain

在失败的考试中我得到了：

*** ServerHelloDone
Warning: no suitable certificate found - continuing without client  authentication
*** Certificate chain

Answer 1

这是我的错误，问题在完全不同的地方。以上代码是正确的。