javax.net.ssl.SSLHandshakeException:远程主机在握手期间关闭连接,同时在 bigquery 中插入行
Posted
技术标签:
【中文标题】javax.net.ssl.SSLHandshakeException:远程主机在握手期间关闭连接,同时在 bigquery 中插入行【英文标题】:javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake while inserting rows in bigquery 【发布时间】:2015-06-22 11:32:37 【问题描述】:您好,我正在开发集成了 bigquery 的 android 应用程序。我看到有时我们在向大查询表插入数据时会遇到很多 SSL 异常。我不知道如何处理这个。请帮助解决此问题的确切原因。这是同一个线程但没有答案Bigquery SSL error while doing streaming insert api call
javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:946) ~[na:1.7.0_51]
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1312) ~[na:1.7.0_51]
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1339) ~[na:1.7.0_51]
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1323) ~[na:1.7.0_51]
at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:563) ~[na:1.7.0_51]
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185) ~[na:1.7.0_51]
at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:1091) ~[na:1.7.0_51]
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.java:250) ~[na:1.7.0_51]
at com.google.api.client.http.javanet.NetHttpRequest.execute(NetHttpRequest.java:77) ~[google-http-client-1.19.0.jar:1.19.0]
at com.google.api.client.http.HttpRequest.execute(HttpRequest.java:965) ~[google-http-client-1.19.0.jar:1.19.0]
at com.google.api.client.googleapis.batch.BatchRequest.execute(BatchRequest.java:241) ~[google-api-client-1.19.1.jar:1.19.1]
at com.livestream.analytics.datastorage.worker.InsertApiActor$$anonfun$2$$anonfun$4.apply(InsertApiActor.scala:131) ~[analytics-data-storage-worker_2.11-1.0.0.jar:1.0.0]
at com.livestream.analytics.datastorage.worker.InsertApiActor$$anonfun$2$$anonfun$4.apply(InsertApiActor.scala:118) ~[analytics-data-storage-worker_2.11-1.0.0.jar:1.0.0]
at com.livestream.analytics.common.store.bigquery.api.BigQueryApi$.withSyncClient(BigQueryApi.scala:71) ~[analytics-common_2.11-1.0.0.jar:1.0.0]
at com.livestream.analytics.datastorage.worker.InsertApiActor$$anonfun$2.apply$mcV$sp(InsertApiActor.scala:118) ~[analytics-data-storage-worker_2.11-1.0.0.jar:1.0.0]
at com.livestream.analytics.datastorage.worker.InsertApiActor$$anonfun$2.apply(InsertApiActor.scala:115) ~[analytics-data-storage-worker_2.11-1.0.0.jar:1.0.0]
at com.livestream.analytics.datastorage.worker.InsertApiActor$$anonfun$2.apply(InsertApiActor.scala:115) ~[analytics-data-storage-worker_2.11-1.0.0.jar:1.0.0]
at com.livestream.analytics.common.monitoring.Timer.time(Timer.scala:15) ~[analytics-common_2.11-1.0.0.jar:1.0.0]
at com.livestream.analytics.datastorage.worker.InsertApiActor.com$livestream$analytics$datastorage$worker$InsertApiActor$$insertDataRowsToBigQueryTable(InsertApiActor.scala:115) [analytics-data-storage-worker_2.11-1.0.0.jar:1.0.0]
at com.livestream.analytics.datastorage.worker.InsertApiActor$$anonfun$receive$1.applyOrElse(InsertApiActor.scala:80) [analytics-data-storage-worker_2.11-1.0.0.jar:1.0.0]
at akka.actor.Actor$class.aroundReceive(Actor.scala:465) [akka-actor_2.11-2.3.9.jar:na]
at com.livestream.analytics.datastorage.worker.InsertApiActor.aroundReceive(InsertApiActor.scala:54) [analytics-data-storage-worker_2.11-1.0.0.jar:1.0.0]
at akka.actor.ActorCell.receiveMessage(ActorCell.scala:516) [akka-actor_2.11-2.3.9.jar:na]
at akka.actor.ActorCell.invoke(ActorCell.scala:487) [akka-actor_2.11-2.3.9.jar:na]
at akka.dispatch.Mailbox.processMailbox(Mailbox.scala:254) [akka-actor_2.11-2.3.9.jar:na]
at akka.dispatch.Mailbox.run(Mailbox.scala:221) [akka-actor_2.11-2.3.9.jar:na]
at akka.dispatch.Mailbox.exec(Mailbox.scala:231) [akka-actor_2.11-2.3.9.jar:na]
at scala.concurrent.forkjoin.ForkJoinTask.doExec(ForkJoinTask.java:260) [scala-library-2.11.5.jar:na]
at scala.concurrent.forkjoin.ForkJoinPool$WorkQueue.runTask(ForkJoinPool.java:1339) [scala-library-2.11.5.jar:na]
at scala.concurrent.forkjoin.ForkJoinPool.runWorker(ForkJoinPool.java:1979) [scala-library-2.11.5.jar:na]
at scala.concurrent.forkjoin.ForkJoinWorkerThread.run(ForkJoinWorkerThread.java:107) [scala-library-2.11.5.jar:na]
Caused by: java.io.EOFException: SSL peer shut down incorrectly
at sun.security.ssl.InputRecord.read(InputRecord.java:482) ~[na:1.7.0_51]
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:927) ~[na:1.7.0_51]
... 30 common frames omitted
【问题讨论】:
如果您有办法可靠地重现此问题,并且您有理由相信这不是您的应用程序的错,您应该使用您可以在public issue tracker for BigQuery。届时,支持工程师将对其进行分类,并根据其严重程度、为该问题加注星标的人数以及该问题的新程度按比例进行处理。 您是否设法创建了一个公共问题跟踪线程,或者您在调试方面取得了任何进展?如果这个问题对你来说完全不透明(而且你似乎无能为力,鉴于SSL peer shut down incorrectly),那么这是让这个问题得到关注的最佳行动方案。确保包含尽可能多的相关代码或日志。
我也遇到过这个异常。然后我通过使用 volley api 解决了它。如果你愿意,我可以分享代码。
@hitesh141 请分享
您在调用 Web 服务时是否遇到此问题?
【参考方案1】:
可能服务器正在请求客户端证书,而您没有提供。服务器将提供受信任的签名者列表,您的客户端证书需要由其中一个签名。除非您与服务器进行了特殊安排,否则您不能为客户端使用自签名证书,即将您的客户端证书导入其受信任的证书列表。如果您的 SSL 客户端找不到证书,或者它找到的证书没有受信任的签名者,则它不会发送证书。
它与 SSL 连接在建立后将要做什么没有任何关系,例如SQL 查询、更新等
【讨论】:
【参考方案2】:如果您使用 (https) 请求,则需要在您的应用中添加安全证书。这是如何添加它的链接。
http://***.com/questions/4065379/how-to-create-a-bks-bouncycastle-format-java-keystore-that-contains-a-client-c
您可以测试是否确实是安全证书导致它,在您的项目中添加此类。
import java.security.KeyManagementException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.cert.X509Certificate;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSession;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
public class HttpsTrustManager implements X509TrustManager
private static TrustManager[] trustManagers;
private static final X509Certificate[] _AcceptedIssuers = new X509Certificate[];
@Override
public void checkClientTrusted(
java.security.cert.X509Certificate[] x509Certificates, String s)
throws java.security.cert.CertificateException
@Override
public void checkServerTrusted(
java.security.cert.X509Certificate[] x509Certificates, String s)
throws java.security.cert.CertificateException
public boolean isClientTrusted(X509Certificate[] chain)
return true;
public boolean isServerTrusted(X509Certificate[] chain)
return true;
@Override
public X509Certificate[] getAcceptedIssuers()
return _AcceptedIssuers;
public static void allowAllSSL()
HttpsURLConnection.setDefaultHostnameVerifier(new HostnameVerifier()
@Override
public boolean verify(String arg0, SSLSession arg1)
return true;
);
SSLContext context = null;
if (trustManagers == null)
trustManagers = new TrustManager[]new HttpsTrustManager();
try
context = SSLContext.getInstance("TLS");
context.init(null, trustManagers, new SecureRandom());
catch (NoSuchAlgorithmException e)
e.printStackTrace();
catch (KeyManagementException e)
e.printStackTrace();
HttpsURLConnection.setDefaultSSLSocketFactory(context
.getSocketFactory());
并调用
HttpsTrustManager.allowAllSSL(); // Allow all SSL connections
在 API 调用之前。
注意: 此代码跳过验证并允许任何证书工作。 此方法不应用于安全通信。 这只是为了检查证书身份验证是否导致错误。
【讨论】:
这个不安全的代码不会测试服务器是否在请求客户端证书。 如果这个问题是关于客户端证书的,那么context.init(null, trustManagers, new SecureRandom());这一行肯定是错误的; null参数是可以提供客户端证书的KeyManager。以上是关于javax.net.ssl.SSLHandshakeException:远程主机在握手期间关闭连接,同时在 bigquery 中插入行的主要内容,如果未能解决你的问题,请参考以下文章