hc-httpclient-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From e...@zusammenkunft.net
Subject Re: issue with https connection using Apache http client 4.3.5 with android
Date Wed, 20 Apr 2016 06:34:15 GMT
Hello,

If you specify a URL with an IP literal, then the target host must have a SSL/TLS certificate
mentioning this name as commonName or subjectAlternateName. This prevents person-in-the-middle
attacks and is, as you noticed enforced by the Hostname Verifier.

Not sure about android, but on a pc i would add a hostname alias to the /etc/hosts file and
specify the name in the URL for testing purposes (production servers should obviously use
DNS).

If you absolutely must use an IP you could think about a specific verifier which binds the
certificate to the IP with no additional checking.

As for your "other error", you need to tell us which one.

Does not look like an issue with Android or your code so far.

Gruss
Bernd

-- 
http://bernd.eckenfels.net

-----Original Message-----
From: Sunil Chandrasekharan <sunil.kainat@gmail.com>
To: httpclient-users@hc.apache.org
Sent: Mi., 20 Apr. 2016 8:02
Subject: issue with https connection using Apache http client 4.3.5 with android

Hi ,

I am trying to implement https connection support using Apache http client
4.3.5 on my Android devices

HttpClientBuilder builder = HttpClientBuilder.create();KeyStore
trustStore = KeyStore.getInstance(KeyStore.getDefaultType());
trustStore.load(null, null);
SSLContext sslContext =
SSLContexts.custom().loadTrustMaterial(trustStore, new
TrustSelfSignedStrategy()).build();
SSLConnectionSocketFactory sslConnectionFactory = new
SSLConnectionSocketFactory(sslContext, new String[] { "TLSv1"
},null,SSLConnectionSocketFactory.BROWSER_COMPATIBLE_HOSTNAME_VERIFIER);

builder.setSSLSocketFactory(sslConnectionFactory);
 Registry<ConnectionSocketFactory> registry =
RegistryBuilder.<ConnectionSocketFactory>create()
  .register("https", sslConnectionFactory)
  .register("http", PlainConnectionSocketFactory.getSocketFactory())
  .build();
HttpClientConnectionManager connectionManager = new
BasicHttpClientConnectionManager(registry);
builder.setConnectionManager(connectionManager);

builder.setDefaultCredentialsProvider(credsProvider);
builder.setRedirectStrategy(new MyRedirectStrategy());
builder.setHostnameVerifier(SSLConnectionSocketFactory.BROWSER_COMPATIBLE_HOSTNAME_VERIFIER);CloseableHttpClient
client = builder.build();

I did this example by referring many posts on SSL confirguration with
Apache HttpClient 4.3.5

But when i try to run, my execute method fails with this error

javax.net.ssl.SSLException: hostname in certificate didn't match:
<12.17.7.0> != <suniltv.com.in>
at org.apache.http.conn.ssl.AbstractVerifierHC4.verify(AbstractVerifierHC4.java:234)

I tried lot of samples given on web related to ApacheHTTPclient
library 4.3.5 . But i am just not able to come out of this situation.
I dont know what is happening .

I even tried changing to Allow-All-HostNameVerifier. but it gives
another exception.

Kindly help me to achieve HTTPS connection

---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
For additional commands, e-mail: httpclient-users-help@hc.apache.org


Mime
View raw message