hc-httpclient-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sunil Chandrasekharan <sunil.kai...@gmail.com>
Subject Re: issue with https connection using Apache http client 4.3.5 with android
Date Wed, 20 Apr 2016 13:08:32 GMT
Hi ,

Thanks for the reply

I wish to give you my sample code which i was using in previos android
version.
>From Android 6.0, they stopped support for Apache http. and hence i had to
change my implementation

My old code:

-------------------------------------------------------

HttpParams params = *new *BasicHttpParams();
ClientConnectionManager connectionManager = *null*;

*try *{
   KeyStore trustStore = KeyStore.getInstance(KeyStore.getDefaultType());
   trustStore.load(*null*, *null*);

   SchemeRegistry registry = *new *SchemeRegistry();
   SSLSocketFactory sf = *new *MySSLSocketFactory(trustStore);
   sf.setHostnameVerifier(SSLSocketFactory.
*BROWSER_COMPATIBLE_HOSTNAME_VERIFIER*);
   registry.register(*new *Scheme(*"http"*, PlainSocketFactory.
getSocketFactory(), 80));
   registry.register(*new *Scheme(*"https"*, sf, 443));

   connectionManager = *new *SingleClientConnManager(params, registry);
} *catch *(Exception e) {
   Log.e(*TAG*, Log.getStackTraceString(e));
}

DefaultHttpClient client = *null*;

HttpResponse response = client.execute(httpget);

HttpGet httpget = *new *HttpGet(url);

     *private class *MySSLSocketFactory *extends *SSLSocketFactory {
*private *SSLContext *sslContext *= SSLContext.getInstance(*"TLS"*);

*public *MySSLSocketFactory(KeyStore truststore)
      *throws *NoSuchAlgorithmException, KeyManagementException,
KeyStoreException, UnrecoverableKeyException {
   *super*(truststore);

   TrustManager tm = *new *X509TrustManager() {
      *public void *checkClientTrusted(X509Certificate[] chain, String
authType) *throws *CertificateException {
         Log.d(*TAG*, *"SSLSocketFactory ##### checkClientTrusted #####"*);
      }

      *public void *checkServerTrusted(X509Certificate[] chain, String
authType) *throws *CertificateException {
         Log.d(*TAG*, *"SSLSocketFactory ##### checkServerTrusted
#####" *+ authType);
      }

      *public *X509Certificate[] getAcceptedIssuers() {
         Log.d(*TAG*, *"SSLSocketFactory ##### getAcceptedIssuers #####"*);

         *return null*;
      }
   };

   *sslContext*.init(*null*, *new *TrustManager[] { tm }, *null*);
}

------------------------------------


After moving to Apache http client 4.3.5,  everything works for me
perfectly. But only HTTPS connection has the issue. as mentioned in my
previous post.





On Wed, Apr 20, 2016 at 3:34 PM, <ecki@zusammenkunft.net> wrote:

> Hello,
>
> If you specify a URL with an IP literal, then the target host must have a
> SSL/TLS certificate mentioning this name as commonName or
> subjectAlternateName. This prevents person-in-the-middle attacks and is, as
> you noticed enforced by the Hostname Verifier.
>
> Not sure about android, but on a pc i would add a hostname alias to the
> /etc/hosts file and specify the name in the URL for testing purposes
> (production servers should obviously use DNS).
>
> If you absolutely must use an IP you could think about a specific verifier
> which binds the certificate to the IP with no additional checking.
>
> As for your "other error", you need to tell us which one.
>
> Does not look like an issue with Android or your code so far.
>
> Gruss
> Bernd
>
> --
> http://bernd.eckenfels.net
>
> -----Original Message-----
> From: Sunil Chandrasekharan <sunil.kainat@gmail.com>
> To: httpclient-users@hc.apache.org
> Sent: Mi., 20 Apr. 2016 8:02
> Subject: issue with https connection using Apache http client 4.3.5 with
> android
>
> Hi ,
>
> I am trying to implement https connection support using Apache http client
> 4.3.5 on my Android devices
>
> HttpClientBuilder builder = HttpClientBuilder.create();KeyStore
> trustStore = KeyStore.getInstance(KeyStore.getDefaultType());
> trustStore.load(null, null);
> SSLContext sslContext =
> SSLContexts.custom().loadTrustMaterial(trustStore, new
> TrustSelfSignedStrategy()).build();
> SSLConnectionSocketFactory sslConnectionFactory = new
> SSLConnectionSocketFactory(sslContext, new String[] { "TLSv1"
> },null,SSLConnectionSocketFactory.BROWSER_COMPATIBLE_HOSTNAME_VERIFIER);
>
> builder.setSSLSocketFactory(sslConnectionFactory);
>  Registry<ConnectionSocketFactory> registry =
> RegistryBuilder.<ConnectionSocketFactory>create()
>   .register("https", sslConnectionFactory)
>   .register("http", PlainConnectionSocketFactory.getSocketFactory())
>   .build();
> HttpClientConnectionManager connectionManager = new
> BasicHttpClientConnectionManager(registry);
> builder.setConnectionManager(connectionManager);
>
> builder.setDefaultCredentialsProvider(credsProvider);
> builder.setRedirectStrategy(new MyRedirectStrategy());
>
> builder.setHostnameVerifier(SSLConnectionSocketFactory.BROWSER_COMPATIBLE_HOSTNAME_VERIFIER);CloseableHttpClient
> client = builder.build();
>
> I did this example by referring many posts on SSL confirguration with
> Apache HttpClient 4.3.5
>
> But when i try to run, my execute method fails with this error
>
> javax.net.ssl.SSLException: hostname in certificate didn't match:
> <12.17.7.0> != <suniltv.com.in>
> at
> org.apache.http.conn.ssl.AbstractVerifierHC4.verify(AbstractVerifierHC4.java:234)
>
> I tried lot of samples given on web related to ApacheHTTPclient
> library 4.3.5 . But i am just not able to come out of this situation.
> I dont know what is happening .
>
> I even tried changing to Allow-All-HostNameVerifier. but it gives
> another exception.
>
> Kindly help me to achieve HTTPS connection
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
> For additional commands, e-mail: httpclient-users-help@hc.apache.org
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message