database “握手期间远程主机关闭连接”错误的原因是什么?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/6666389/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
What is the cause of the error "Remote host closed connection during handshake"?
提问by Horcrux7
I want connect to the Oracle database 11.2 with SSL. But the only error that I receive is:
我想使用 SSL 连接到 Oracle 数据库 11.2。但我收到的唯一错误是:
Exception in thread "main" java.sql.SQLException: I/O-Fehler: Remote host closed connection during handshake
at oracle.jdbc.driver.T4CConnection.logon(T4CConnection.java:465)
at oracle.jdbc.driver.PhysicalConnection.<init>(PhysicalConnection.java:534)
at oracle.jdbc.driver.T4CConnection.<init>(T4CConnection.java:217)
at oracle.jdbc.driver.T4CDriverExtension.getConnection(T4CDriverExtension.java:28)
at oracle.jdbc.driver.OracleDriver.connect(OracleDriver.java:527)
at java.sql.DriverManager.getConnection(DriverManager.java:582)
at java.sql.DriverManager.getConnection(DriverManager.java:154)
at TestOracle.testSSL(TestOracle.java:157)
at TestOracle.main(TestOracle.java:131)
Caused by: javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:808)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1112)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:623)
at com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:59)
at oracle.net.ns.Packet.send(Packet.java:420)
at oracle.net.ns.ConnectPacket.send(ConnectPacket.java:169)
at oracle.net.ns.NSProtocol.connect(NSProtocol.java:301)
at oracle.jdbc.driver.T4CConnection.connect(T4CConnection.java:1406)
at oracle.jdbc.driver.T4CConnection.logon(T4CConnection.java:327)
... 8 more
Caused by: java.io.EOFException: SSL peer shut down incorrectly
at com.sun.net.ssl.internal.ssl.InputRecord.read(InputRecord.java:333)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:789)
... 16 more
I have add a self signed certificate to a created wallet. But I does not understand how the Oracle server can use it because it need a password which the oracle server does not know. Must I see the password and where must I set it?
我已将自签名证书添加到创建的钱包中。但我不明白 Oracle 服务器如何使用它,因为它需要一个 oracle 服务器不知道的密码。我必须看到密码吗?我必须在哪里设置密码?
On the network I can see that the Oracle server does not send any bytes. It close the socket after the client has start the handshake. That I think the problem is on the server side.
在网络上,我可以看到 Oracle 服务器不发送任何字节。它在客户端开始握手后关闭套接字。我认为问题出在服务器端。
My listener.ora
我的听众.ora
SID_LIST_LISTENER =
(SID_LIST =
(SID_DESC =
(SID_NAME = CLRExtProc)
(ORACLE_HOME = C:\app\Administrator\product.2.0\dbhome_2)
(PROGRAM = extproc)
(ENVS = "EXTPROC_DLLS=ONLY:C:\app\Administrator\product.2.0\dbhome_2\bin\oraclr11.dll")
)
)
LISTENER =
(DESCRIPTION_LIST =
(DESCRIPTION =
(ADDRESS = (PROTOCOL = TCP)(HOST = ora11.inetsoftware.local)(PORT = 1521))
(ADDRESS = (PROTOCOL = TCPS)(HOST = ora11.inetsoftware.local)(PORT = 2484))
)
)
ADR_BASE_LISTENER = C:\app\Administrator
WALLET_LOCATION=(SOURCE=(METHOD=FILE)(METHOD_DATA=(DIRECTORY=C:\app\Administrator\product.2.0\dbhome_2\BIN\owm\wallets\Administrator)))
SSL_CLIENT_AUTHENTICATION=FALSE
My sqlnet.ora:
我的 sqlnet.ora:
SQLNET.AUTHENTICATION_SERVICES= (NTS)
NAMES.DIRECTORY_PATH= (TNSNAMES, EZCONNECT)
WALLET_LOCATION=(SOURCE=(METHOD=FILE)(METHOD_DATA=(DIRECTORY=C:\app\Administrator\product.2.0\dbhome_2\BIN\owm\wallets\Administrator)))
SSL_CLIENT_AUTHENTICATION=FALSE
采纳答案by Horcrux7
I have found the solution. It is very simple. First you need set auto login. This creates a file cwallet.sso in the wallet directory. And the most important thing is that you have closed the wallet in the wallet manager when you start the TNS listener service. Else the listener can not load the file cwallet.sso. In the trace file you can see the error:
我找到了解决方案。这很简单。首先你需要设置自动登录。这将在 wallet 目录中创建一个文件 cwallet.sso。而且最重要的是你在启动TNS监听服务的时候已经在钱包管理器中关闭了钱包。否则侦听器无法加载文件 cwallet.sso。在跟踪文件中,您可以看到错误:
ntzlogin:Wallet open failed with error 28759
If you close the wallet later, this has no effect. It looks like the listener read the file only once.
如果您稍后关闭钱包,则不会有任何影响。看起来侦听器只读取了一次文件。
回答by user207421
The certificate doesn't have a password. The thing the certificate is in has a password. Your client knows the password, gets the certificate outcof the thing, sends the certificate to the server.
证书没有密码。证书所在的东西有一个密码。您的客户端知道密码,从事物中获取证书,将证书发送到服务器。
If the server doesn't like the certificate for some reason, it may then close the connection rather than continuing the handshake. Same if you don't send it on request, which would happen if your certificate doesn't satisfy the constraints specified by the server in the certificate request. For example, if the server doesn't recognize the self-signer. Have you exported the certificate to the server's trust store?
如果服务器由于某种原因不喜欢该证书,则它可能会关闭连接而不是继续握手。如果您不根据请求发送它,则相同,如果您的证书不满足服务器在证书请求中指定的约束,则会发生这种情况。例如,如果服务器无法识别自签名者。您是否已将证书导出到服务器的信任库?
