hc-httpclient-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sunil Chandrasekharan <sunil.kai...@gmail.com>
Subject Re: issue with https connection using Apache http client 4.3.5 with android
Date Fri, 22 Apr 2016 09:27:57 GMT
How can i disable certifcate verification at client side.
I dont need to verify the certificate at client side.

Can you help me achieve HTTPS connection without verifying certifcate at
client side.



On Wed, Apr 20, 2016 at 3:34 PM, <ecki@zusammenkunft.net> wrote:

> Hello,
>
> If you specify a URL with an IP literal, then the target host must have a
> SSL/TLS certificate mentioning this name as commonName or
> subjectAlternateName. This prevents person-in-the-middle attacks and is, as
> you noticed enforced by the Hostname Verifier.
>
> Not sure about android, but on a pc i would add a hostname alias to the
> /etc/hosts file and specify the name in the URL for testing purposes
> (production servers should obviously use DNS).
>
> If you absolutely must use an IP you could think about a specific verifier
> which binds the certificate to the IP with no additional checking.
>
> As for your "other error", you need to tell us which one.
>
> Does not look like an issue with Android or your code so far.
>
> Gruss
> Bernd
>
> --
> http://bernd.eckenfels.net
>
> -----Original Message-----
> From: Sunil Chandrasekharan <sunil.kainat@gmail.com>
> To: httpclient-users@hc.apache.org
> Sent: Mi., 20 Apr. 2016 8:02
> Subject: issue with https connection using Apache http client 4.3.5 with
> android
>
> Hi ,
>
> I am trying to implement https connection support using Apache http client
> 4.3.5 on my Android devices
>
> HttpClientBuilder builder = HttpClientBuilder.create();KeyStore
> trustStore = KeyStore.getInstance(KeyStore.getDefaultType());
> trustStore.load(null, null);
> SSLContext sslContext =
> SSLContexts.custom().loadTrustMaterial(trustStore, new
> TrustSelfSignedStrategy()).build();
> SSLConnectionSocketFactory sslConnectionFactory = new
> SSLConnectionSocketFactory(sslContext, new String[] { "TLSv1"
> },null,SSLConnectionSocketFactory.BROWSER_COMPATIBLE_HOSTNAME_VERIFIER);
>
> builder.setSSLSocketFactory(sslConnectionFactory);
>  Registry<ConnectionSocketFactory> registry =
> RegistryBuilder.<ConnectionSocketFactory>create()
>   .register("https", sslConnectionFactory)
>   .register("http", PlainConnectionSocketFactory.getSocketFactory())
>   .build();
> HttpClientConnectionManager connectionManager = new
> BasicHttpClientConnectionManager(registry);
> builder.setConnectionManager(connectionManager);
>
> builder.setDefaultCredentialsProvider(credsProvider);
> builder.setRedirectStrategy(new MyRedirectStrategy());
>
> builder.setHostnameVerifier(SSLConnectionSocketFactory.BROWSER_COMPATIBLE_HOSTNAME_VERIFIER);CloseableHttpClient
> client = builder.build();
>
> I did this example by referring many posts on SSL confirguration with
> Apache HttpClient 4.3.5
>
> But when i try to run, my execute method fails with this error
>
> javax.net.ssl.SSLException: hostname in certificate didn't match:
> <12.17.7.0> != <suniltv.com.in>
> at
> org.apache.http.conn.ssl.AbstractVerifierHC4.verify(AbstractVerifierHC4.java:234)
>
> I tried lot of samples given on web related to ApacheHTTPclient
> library 4.3.5 . But i am just not able to come out of this situation.
> I dont know what is happening .
>
> I even tried changing to Allow-All-HostNameVerifier. but it gives
> another exception.
>
> Kindly help me to achieve HTTPS connection
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
> For additional commands, e-mail: httpclient-users-help@hc.apache.org
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message