尝试通过 JavaMail 连接到 gmail 时出现 SSL 握手错误

【问题标题】:SSL handshake error while trying to connect to gmail via JavaMail尝试通过 JavaMail 连接到 gmail 时出现 SSL 握手错误
【发布时间】:2016-09-28 18:51:30
【问题描述】:

尝试使用 JavaMail 库通过 POP3 从 gmail 获取邮件并输出,但发生 SSL 握手错误。您如何进行 SSL 握手?

任何帮助将不胜感激

代码:

import java.util.Properties;
import javax.mail.Folder;
import javax.mail.Message;
import javax.mail.MessagingException;
import javax.mail.NoSuchProviderException;
import javax.mail.Session;
import javax.mail.Store;

public class CheckingMails {

public static void check(String host, String storeType, String user,
  String password) 
{
  try {


  Properties properties = new Properties();

  properties.put("mail.pop3.host", host);
  properties.put("mail.pop3.port", "995");
  properties.put("mail.pop3.starttls.enable", "true");
  Session emailSession = Session.getDefaultInstance(properties);


  Store store = emailSession.getStore("pop3s");

  store.connect(host, user, password);


  Folder emailFolder = store.getFolder("INBOX");
  emailFolder.open(Folder.READ_ONLY);


  Message[] messages = emailFolder.getMessages();
  System.out.println("messages.length---" + messages.length);

  for (int i = 0, n = messages.length; i < n; i++) {
     Message message = messages[i];
     System.out.println("---------------------------------");
     System.out.println("Email Number " + (i + 1));
     System.out.println("Subject: " + message.getSubject());
     System.out.println("From: " + message.getFrom()[0]);
     System.out.println("Text: " + message.getContent().toString());

  }

  //close the store and folder objects
  emailFolder.close(false);
  store.close();

  } catch (NoSuchProviderException e) {
     e.printStackTrace();
  } catch (MessagingException e) {
     e.printStackTrace();
  } catch (Exception e) {
     e.printStackTrace();
  }} public static void main(String[] args) {

  String host = "pop.gmail.com";
  String mailStoreType = "pop3";
  String username = "xxx@gmail.com";
  String password = "xxx";

  check(host, mailStoreType, username, password);}}

输出:

javax.mail.MessagingException: Connect failed;
  nested exception is:
    javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at com.sun.mail.pop3.POP3Store.protocolConnect(POP3Store.java:213)
    at javax.mail.Service.connect(Service.java:366)
    at javax.mail.Service.connect(Service.java:246)
    at reademail.CheckingMails.check(CheckingMails.java:30)
    at reademail.CheckingMails.main(CheckingMails.java:70)
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
    at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1937)
    at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302)
    at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296)
    at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1478)
    at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:212)
    at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979)
    at sun.security.ssl.Handshaker.process_record(Handshaker.java:914)
    at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1050)
    at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1363)
    at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1391)
    at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1375)
    at com.sun.mail.util.SocketFetcher.configureSSLSocket(SocketFetcher.java:598)
    at com.sun.mail.util.SocketFetcher.createSocket(SocketFetcher.java:372)
    at com.sun.mail.util.SocketFetcher.getSocket(SocketFetcher.java:238)
    at com.sun.mail.pop3.Protocol.<init>(Protocol.java:112)
    at com.sun.mail.pop3.POP3Store.getPort(POP3Store.java:265)
    at com.sun.mail.pop3.POP3Store.protocolConnect(POP3Store.java:207)
    ... 4 more
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:387)
    at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292)
    at sun.security.validator.Validator.validate(Validator.java:260)
    at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324)
    at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229)
    at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124)
    at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1460)
    ... 17 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:145)
    at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:131)
    at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)
    at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:382)
    ... 23 more

【问题讨论】:

  • 您的信任库不信任他们的证书。您是否使用自定义信任库? Java 附带的应该信任它。
  • 常见原因见this JavaMail FAQ entry

标签: java gmail jakarta-mail truststore jsse


【解决方案1】:

如果以后有人像我一样遇到这个问题,解决办法是:

properties.put("mail.pop3.host", host);
properties.put("mail.pop3.port", "995");
properties.put("mail.pop3.starttls.enable", "true");
props.put( "mail.pop3s.ssl.trust", host); // add this line
Session emailSession = Session.getDefaultInstance(properties);

您可以添加第四行以信任您尝试连接的主机。永远不要用 host 参数代替 "*"

解决此问题的其他方法是将 ssl 证书添加到您的 java cacerts

为此,您必须:

  1. 使用 Firefox,通过单击地址栏上的绿色挂锁从页面(例如 gmail.com)导出“.crt”文件。
  2. 在 Windows 中,使用管理员权限打开 CMD。

  3. 执行以下操作(例如,对于 google gmail 证书)

    keytool -import -trustcacerts -alias googlemail -file mailgooglecom.crt -noprompt -keystore cacerts

完成。

【讨论】:

    【解决方案2】:

    对于其他在类似问题上苦苦挣扎的人... 如果这给出了 write:errno=104,则 TLS 1.0 被禁用,您需要强制邮件连接协议跳过它。在 java.security tls.disabledAlgorithms 或其他属性中更改此设置不会使 mail.pop3 协议跳过 TLS1.0,它只会跳过所有 TLS 并放弃,因为不支持任何协议。您可以检查其他如 -tls1_1、-ssl3 或禁用如 -no_tls1_1 等。

    openssl s_client -connect somemailserver.domain.com:995 -tls1

    相反,添加这个额外的属性来指定你的目标服务器允许的协议。

    props.setProperty("mail.pop3.ssl.protocols","TLSv1.2");

    我们的堆栈类似,但像这样:

    javax.mail.MessagingException: Connect failed; 
  nested exception is: 
        javax.net.ssl.SSLException: Connection reset 
        at com.sun.mail.pop3.POP3Store.protocolConnect(POP3Store.java:210) 
        at javax.mail.Service.connect(Service.java:295) 
        at javax.mail.Service.connect(Service.java:176) 
        at javax.mail.Service.connect(Service.java:125) 
        at ABC.Classname.Classname.vAccess(Classname.java:163) 
        at ABC.Classname.Classname.<init>(Classname.java:63) 
        at ABC.Classname.Classname.main(Classname.java:156) 
Caused by: javax.net.ssl.SSLException: Connection reset 
        at sun.security.ssl.Alert.createSSLException(Alert.java:127) 
        at sun.security.ssl.TransportContext.fatal(TransportContext.java:327) 
        at sun.security.ssl.TransportContext.fatal(TransportContext.java:270) 
        at sun.security.ssl.TransportContext.fatal(TransportContext.java:265) 
        at sun.security.ssl.SSLTransport.decode(SSLTransport.java:141) 
        at sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1198) 
        at sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1107) 
        at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:400) 
        at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:372) 
        at com.sun.mail.util.SocketFetcher.configureSSLSocket(SocketFetcher.java:507) 
        at com.sun.mail.util.SocketFetcher.getSocket(SocketFetcher.java:238) 
        at com.sun.mail.pop3.Protocol.<init>(Protocol.java:107) 
        at com.sun.mail.pop3.POP3Store.getPort(POP3Store.java:261) 
        at com.sun.mail.pop3.POP3Store.protocolConnect(POP3Store.java:206) 
        ... 6 more 
        Suppressed: java.net.SocketException: Broken pipe (Write failed) 
                at java.net.SocketOutputStream.socketWrite0(Native Method) 
                at java.net.SocketOutputStream.socketWrite(SocketOutputStream.java:111) 
                at java.net.SocketOutputStream.write(SocketOutputStream.java:155) 
                at sun.security.ssl.SSLSocketOutputRecord.encodeAlert(SSLSocketOutputRecord.java:81) 
                at sun.security.ssl.TransportContext.fatal(TransportContext.java:358)

    答案来自:How to force JavaMailSenderImpl to use TLS1.2?

    【讨论】:

      猜你喜欢
      • 1970-01-01
      • 1970-01-01
      • 1970-01-01
      • 1970-01-01
      • 2014-07-07
      • 1970-01-01
      • 2019-02-25
      • 1970-01-01
      • 2017-08-08
      相关资源
      最近更新 更多
      热门标签
      Java Python linux javascript Mysql C# Docker 算法 前端 SpringBoot Redis Vue spring 设计模式 .net core .net kubernetes c++ 数据库 数据结构 大数据 js 机器学习 微服务 Android Go 程序员 面试 JVM ASP.net core 云原生 人工智能 后端 PHP git CSS golang k8s Nginx Django mybatis 深度学习 多线程 React 架构 devops 爬虫 云计算 Spring Boot LeetCode