Hi there,
I'm cross-posting from StackOverflow (http://stackoverflow.com/
questions/3507536/sslexception-when-server-cert-uses-san-subject-
alternative-name) to see if there's anyone here who might be able to
help.
I'm trying to establish a https connection using the classes in
org.apache.http.*. As part of my setup, I'm using the
BrowserCompatHostnameVerifier() class which states:
The hostname must match either the first CN, or any of the subject-
alts. A wildcard can occur in the CN, and in any of the subject-alts.
When I hit a server who's hostname doesn't match that which is
specified in the CN but does match one of the entries in the subject-
alts, I get the following exception:
javax.net.ssl.SSLException: hostname in certificate didn't match:
<mtvniph1-f.akamaihd.net> != <a248.e.akamai.net>
at
org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:
222)
at
org.apache.http.conn.ssl.BrowserCompatHostnameVerifier.verify(BrowserCompatHostnameVerifier.java:
54)
at
org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:
151)
at
org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:
132)
at
org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:
321)
Here's the relevant code block that's causing this error:
DefaultHttpClient seed = new DefaultHttpClient();
SchemeRegistry registry = new SchemeRegistry();
SSLSocketFactory ssf = SSLSocketFactory.getSocketFactory();
// XXX: This verifier isn't working with Subject Alternative Names
ssf.setHostnameVerifier(new BrowserCompatHostnameVerifier());
registry.register(new Scheme("https", ssf, 443));
SingleClientConnManager mgr = new
SingleClientConnManager(seed.getParams(), registry);
DefaultHttpClient http = new DefaultHttpClient(mgr,
seed.getParams());
// Config point, change to your preference
String url = "https://mtvniph1-f.akamaihd.net/
e3_ubisoft_prod0.m3u8";
HttpGet method = new HttpGet(url);
HttpResponse response = null;
try
{
response = http.execute(method);
}
catch (Exception e)
{
Log.e(TAG, "Request failed", e);
}
Compare this behavior and that when you replace the url with "https://
www.google.com". I can work around this by creating my own
X509HostnameVerifier, but I want to know if this is a valid bug in
BrowserCompatHostnameVerifier or if I'm doing something wrong.
Anyone else having similar issues?
--
You received this message because you are subscribed to the Google
Groups "Android Developers" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/android-developers?hl=en
