最近线下调试银联支付时报错:
javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
at sun.security.ssl.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:431)
at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:128)
at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:572)
at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:180)
at org.apache.http.impl.conn.ManagedClientConnectionImpl.open(ManagedClientConnectionImpl.java:294)
at org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:640)
at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:479)
at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:906)
at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:805)
at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:784)
测试环境一直报这个错误,本地调试和生产环境没有问题。
然后就开始搜索 javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated ,网上也有很多解决方案,基本都是与https证书、协议版本有关,尝试了各种方法:
1、忽略证书校验、域名校验
2、将银联https证书导入到JDK中
3、打印ssl debug信息
System.setProperty("javax.net.debug", "ssl");
debug信息如下:
resin-port-8080-30, handling exception: java.net.SocketException: Connection reset
%% Invalidated: [Session-4, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256]
resin-port-8080-30, SEND TLSv1.2 ALERT: fatal, description = unexpected_message
resin-port-8080-30, WRITE: TLSv1.2 Alert, length = 2
resin-port-8080-30, Exception sending alert: java.net.SocketException: 断开的管道
resin-port-8080-30, called closeSocket()
resin-port-8080-30, IOException in getSession(): java.net.SocketException: Connection reset
resin-port-8080-30, called close()
resin-port-8080-30, called closeInternal(true)
resin-port-8080-30, called close()
resin-port-8080-30, called closeInternal(true)
然后搜索debug中的各种信息,寻找解决方法,依然没有解决。
最终在一天晚上找到问题了,测试环境 禁止外网访问了!!!
允许银联支付域名访问外网,问题解决了。