Hello, If you specify a URL with an IP literal, then the target host must have a SSL/TLS certificate mentioning this name as commonName or subjectAlternateName. This prevents person-in-the-middle attacks and is, as you noticed enforced by the Hostname Verifier.
Not sure about android, but on a pc i would add a hostname alias to the /etc/hosts file and specify the name in the URL for testing purposes (production servers should obviously use DNS). If you absolutely must use an IP you could think about a specific verifier which binds the certificate to the IP with no additional checking. As for your "other error", you need to tell us which one. Does not look like an issue with Android or your code so far. Gruss Bernd -- http://bernd.eckenfels.net -----Original Message----- From: Sunil Chandrasekharan <sunil.kai...@gmail.com> To: httpclient-users@hc.apache.org Sent: Mi., 20 Apr. 2016 8:02 Subject: issue with https connection using Apache http client 4.3.5 with android Hi , I am trying to implement https connection support using Apache http client 4.3.5 on my Android devices HttpClientBuilder builder = HttpClientBuilder.create();KeyStore trustStore = KeyStore.getInstance(KeyStore.getDefaultType()); trustStore.load(null, null); SSLContext sslContext = SSLContexts.custom().loadTrustMaterial(trustStore, new TrustSelfSignedStrategy()).build(); SSLConnectionSocketFactory sslConnectionFactory = new SSLConnectionSocketFactory(sslContext, new String[] { "TLSv1" },null,SSLConnectionSocketFactory.BROWSER_COMPATIBLE_HOSTNAME_VERIFIER); builder.setSSLSocketFactory(sslConnectionFactory); Registry<ConnectionSocketFactory> registry = RegistryBuilder.<ConnectionSocketFactory>create() .register("https", sslConnectionFactory) .register("http", PlainConnectionSocketFactory.getSocketFactory()) .build(); HttpClientConnectionManager connectionManager = new BasicHttpClientConnectionManager(registry); builder.setConnectionManager(connectionManager); builder.setDefaultCredentialsProvider(credsProvider); builder.setRedirectStrategy(new MyRedirectStrategy()); builder.setHostnameVerifier(SSLConnectionSocketFactory.BROWSER_COMPATIBLE_HOSTNAME_VERIFIER);CloseableHttpClient client = builder.build(); I did this example by referring many posts on SSL confirguration with Apache HttpClient 4.3.5 But when i try to run, my execute method fails with this error javax.net.ssl.SSLException: hostname in certificate didn't match: <12.17.7.0> != <suniltv.com.in> at org.apache.http.conn.ssl.AbstractVerifierHC4.verify(AbstractVerifierHC4.java:234) I tried lot of samples given on web related to ApacheHTTPclient library 4.3.5 . But i am just not able to come out of this situation. I dont know what is happening . I even tried changing to Allow-All-HostNameVerifier. but it gives another exception. Kindly help me to achieve HTTPS connection --------------------------------------------------------------------- To unsubscribe, e-mail: httpclient-users-unsubscr...@hc.apache.org For additional commands, e-mail: httpclient-users-h...@hc.apache.org
