hc-httpclient-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Bhowmik, Bindul" <bindulbhow...@gmail.com>
Subject Re: issue with https connection using Apache http client 4.3.5 with android
Date Fri, 22 Apr 2016 20:17:15 GMT
Sunil,

While it is a bad idea to turn off certificate verification in
production code (allows MITM attacks); if you absolutely have you, you
can look at org.apache.http.conn.ssl.AllowAllHostnameVerifier (or
org.apache.http.conn.ssl.NoopHostnameVerifier for newer versions of
Http Client).

Bindul

On Fri, Apr 22, 2016 at 3:27 AM, Sunil Chandrasekharan
<sunil.kainat@gmail.com> wrote:
> How can i disable certifcate verification at client side.
> I dont need to verify the certificate at client side.
>
> Can you help me achieve HTTPS connection without verifying certifcate at
> client side.
>
>
>
> On Wed, Apr 20, 2016 at 3:34 PM, <ecki@zusammenkunft.net> wrote:
>
>> Hello,
>>
>> If you specify a URL with an IP literal, then the target host must have a
>> SSL/TLS certificate mentioning this name as commonName or
>> subjectAlternateName. This prevents person-in-the-middle attacks and is, as
>> you noticed enforced by the Hostname Verifier.
>>
>> Not sure about android, but on a pc i would add a hostname alias to the
>> /etc/hosts file and specify the name in the URL for testing purposes
>> (production servers should obviously use DNS).
>>
>> If you absolutely must use an IP you could think about a specific verifier
>> which binds the certificate to the IP with no additional checking.
>>
>> As for your "other error", you need to tell us which one.
>>
>> Does not look like an issue with Android or your code so far.
>>
>> Gruss
>> Bernd
>>
>> --
>> http://bernd.eckenfels.net
>>
>> -----Original Message-----
>> From: Sunil Chandrasekharan <sunil.kainat@gmail.com>
>> To: httpclient-users@hc.apache.org
>> Sent: Mi., 20 Apr. 2016 8:02
>> Subject: issue with https connection using Apache http client 4.3.5 with
>> android
>>
>> Hi ,
>>
>> I am trying to implement https connection support using Apache http client
>> 4.3.5 on my Android devices
>>
>> HttpClientBuilder builder = HttpClientBuilder.create();KeyStore
>> trustStore = KeyStore.getInstance(KeyStore.getDefaultType());
>> trustStore.load(null, null);
>> SSLContext sslContext =
>> SSLContexts.custom().loadTrustMaterial(trustStore, new
>> TrustSelfSignedStrategy()).build();
>> SSLConnectionSocketFactory sslConnectionFactory = new
>> SSLConnectionSocketFactory(sslContext, new String[] { "TLSv1"
>> },null,SSLConnectionSocketFactory.BROWSER_COMPATIBLE_HOSTNAME_VERIFIER);
>>
>> builder.setSSLSocketFactory(sslConnectionFactory);
>>  Registry<ConnectionSocketFactory> registry =
>> RegistryBuilder.<ConnectionSocketFactory>create()
>>   .register("https", sslConnectionFactory)
>>   .register("http", PlainConnectionSocketFactory.getSocketFactory())
>>   .build();
>> HttpClientConnectionManager connectionManager = new
>> BasicHttpClientConnectionManager(registry);
>> builder.setConnectionManager(connectionManager);
>>
>> builder.setDefaultCredentialsProvider(credsProvider);
>> builder.setRedirectStrategy(new MyRedirectStrategy());
>>
>> builder.setHostnameVerifier(SSLConnectionSocketFactory.BROWSER_COMPATIBLE_HOSTNAME_VERIFIER);CloseableHttpClient
>> client = builder.build();
>>
>> I did this example by referring many posts on SSL confirguration with
>> Apache HttpClient 4.3.5
>>
>> But when i try to run, my execute method fails with this error
>>
>> javax.net.ssl.SSLException: hostname in certificate didn't match:
>> <12.17.7.0> != <suniltv.com.in>
>> at
>> org.apache.http.conn.ssl.AbstractVerifierHC4.verify(AbstractVerifierHC4.java:234)
>>
>> I tried lot of samples given on web related to ApacheHTTPclient
>> library 4.3.5 . But i am just not able to come out of this situation.
>> I dont know what is happening .
>>
>> I even tried changing to Allow-All-HostNameVerifier. but it gives
>> another exception.
>>
>> Kindly help me to achieve HTTPS connection
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
>> For additional commands, e-mail: httpclient-users-help@hc.apache.org
>>
>>

---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
For additional commands, e-mail: httpclient-users-help@hc.apache.org


Mime
View raw message