Sunil, While it is a bad idea to turn off certificate verification in production code (allows MITM attacks); if you absolutely have you, you can look at org.apache.http.conn.ssl.AllowAllHostnameVerifier (or org.apache.http.conn.ssl.NoopHostnameVerifier for newer versions of Http Client).
Bindul On Fri, Apr 22, 2016 at 3:27 AM, Sunil Chandrasekharan <sunil.kai...@gmail.com> wrote: > How can i disable certifcate verification at client side. > I dont need to verify the certificate at client side. > > Can you help me achieve HTTPS connection without verifying certifcate at > client side. > > > > On Wed, Apr 20, 2016 at 3:34 PM, <e...@zusammenkunft.net> wrote: > >> Hello, >> >> If you specify a URL with an IP literal, then the target host must have a >> SSL/TLS certificate mentioning this name as commonName or >> subjectAlternateName. This prevents person-in-the-middle attacks and is, as >> you noticed enforced by the Hostname Verifier. >> >> Not sure about android, but on a pc i would add a hostname alias to the >> /etc/hosts file and specify the name in the URL for testing purposes >> (production servers should obviously use DNS). >> >> If you absolutely must use an IP you could think about a specific verifier >> which binds the certificate to the IP with no additional checking. >> >> As for your "other error", you need to tell us which one. >> >> Does not look like an issue with Android or your code so far. >> >> Gruss >> Bernd >> >> -- >> http://bernd.eckenfels.net >> >> -----Original Message----- >> From: Sunil Chandrasekharan <sunil.kai...@gmail.com> >> To: httpclient-users@hc.apache.org >> Sent: Mi., 20 Apr. 2016 8:02 >> Subject: issue with https connection using Apache http client 4.3.5 with >> android >> >> Hi , >> >> I am trying to implement https connection support using Apache http client >> 4.3.5 on my Android devices >> >> HttpClientBuilder builder = HttpClientBuilder.create();KeyStore >> trustStore = KeyStore.getInstance(KeyStore.getDefaultType()); >> trustStore.load(null, null); >> SSLContext sslContext = >> SSLContexts.custom().loadTrustMaterial(trustStore, new >> TrustSelfSignedStrategy()).build(); >> SSLConnectionSocketFactory sslConnectionFactory = new >> SSLConnectionSocketFactory(sslContext, new String[] { "TLSv1" >> },null,SSLConnectionSocketFactory.BROWSER_COMPATIBLE_HOSTNAME_VERIFIER); >> >> builder.setSSLSocketFactory(sslConnectionFactory); >> Registry<ConnectionSocketFactory> registry = >> RegistryBuilder.<ConnectionSocketFactory>create() >> .register("https", sslConnectionFactory) >> .register("http", PlainConnectionSocketFactory.getSocketFactory()) >> .build(); >> HttpClientConnectionManager connectionManager = new >> BasicHttpClientConnectionManager(registry); >> builder.setConnectionManager(connectionManager); >> >> builder.setDefaultCredentialsProvider(credsProvider); >> builder.setRedirectStrategy(new MyRedirectStrategy()); >> >> builder.setHostnameVerifier(SSLConnectionSocketFactory.BROWSER_COMPATIBLE_HOSTNAME_VERIFIER);CloseableHttpClient >> client = builder.build(); >> >> I did this example by referring many posts on SSL confirguration with >> Apache HttpClient 4.3.5 >> >> But when i try to run, my execute method fails with this error >> >> javax.net.ssl.SSLException: hostname in certificate didn't match: >> <12.17.7.0> != <suniltv.com.in> >> at >> org.apache.http.conn.ssl.AbstractVerifierHC4.verify(AbstractVerifierHC4.java:234) >> >> I tried lot of samples given on web related to ApacheHTTPclient >> library 4.3.5 . But i am just not able to come out of this situation. >> I dont know what is happening . >> >> I even tried changing to Allow-All-HostNameVerifier. but it gives >> another exception. >> >> Kindly help me to achieve HTTPS connection >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: httpclient-users-unsubscr...@hc.apache.org >> For additional commands, e-mail: httpclient-users-h...@hc.apache.org >> >> --------------------------------------------------------------------- To unsubscribe, e-mail: httpclient-users-unsubscr...@hc.apache.org For additional commands, e-mail: httpclient-users-h...@hc.apache.org
