Re: issue with https connection using Apache http client 4.3.5 with android

2016-04-22 Thread Bhowmik, Bindul 
Sunil,

While it is a bad idea to turn off certificate verification in
production code (allows MITM attacks); if you absolutely have you, you
can look at org.apache.http.conn.ssl.AllowAllHostnameVerifier (or
org.apache.http.conn.ssl.NoopHostnameVerifier for newer versions of
Http Client).

Bindul

On Fri, Apr 22, 2016 at 3:27 AM, Sunil Chandrasekharan
 wrote:
> How can i disable certifcate verification at client side.
> I dont need to verify the certificate at client side.
>
> Can you help me achieve HTTPS connection without verifying certifcate at
> client side.
>
>
>
> On Wed, Apr 20, 2016 at 3:34 PM,  wrote:
>
>> Hello,
>>
>> If you specify a URL with an IP literal, then the target host must have a
>> SSL/TLS certificate mentioning this name as commonName or
>> subjectAlternateName. This prevents person-in-the-middle attacks and is, as
>> you noticed enforced by the Hostname Verifier.
>>
>> Not sure about android, but on a pc i would add a hostname alias to the
>> /etc/hosts file and specify the name in the URL for testing purposes
>> (production servers should obviously use DNS).
>>
>> If you absolutely must use an IP you could think about a specific verifier
>> which binds the certificate to the IP with no additional checking.
>>
>> As for your "other error", you need to tell us which one.
>>
>> Does not look like an issue with Android or your code so far.
>>
>> Gruss
>> Bernd
>>
>> --
>> http://bernd.eckenfels.net
>>
>> -Original Message-
>> From: Sunil Chandrasekharan 
>> To: httpclient-users@hc.apache.org
>> Sent: Mi., 20 Apr. 2016 8:02
>> Subject: issue with https connection using Apache http client 4.3.5 with
>> android
>>
>> Hi ,
>>
>> I am trying to implement https connection support using Apache http client
>> 4.3.5 on my Android devices
>>
>> HttpClientBuilder builder = HttpClientBuilder.create();KeyStore
>> trustStore = KeyStore.getInstance(KeyStore.getDefaultType());
>> trustStore.load(null, null);
>> SSLContext sslContext =
>> SSLContexts.custom().loadTrustMaterial(trustStore, new
>> TrustSelfSignedStrategy()).build();
>> SSLConnectionSocketFactory sslConnectionFactory = new
>> SSLConnectionSocketFactory(sslContext, new String[] { "TLSv1"
>> },null,SSLConnectionSocketFactory.BROWSER_COMPATIBLE_HOSTNAME_VERIFIER);
>>
>> builder.setSSLSocketFactory(sslConnectionFactory);
>>  Registry registry =
>> RegistryBuilder.create()
>>   .register("https", sslConnectionFactory)
>>   .register("http", PlainConnectionSocketFactory.getSocketFactory())
>>   .build();
>> HttpClientConnectionManager connectionManager = new
>> BasicHttpClientConnectionManager(registry);
>> builder.setConnectionManager(connectionManager);
>>
>> builder.setDefaultCredentialsProvider(credsProvider);
>> builder.setRedirectStrategy(new MyRedirectStrategy());
>>
>> builder.setHostnameVerifier(SSLConnectionSocketFactory.BROWSER_COMPATIBLE_HOSTNAME_VERIFIER);CloseableHttpClient
>> client = builder.build();
>>
>> I did this example by referring many posts on SSL confirguration with
>> Apache HttpClient 4.3.5
>>
>> But when i try to run, my execute method fails with this error
>>
>> javax.net.ssl.SSLException: hostname in certificate didn't match:
>> <12.17.7.0> != 
>> at
>> org.apache.http.conn.ssl.AbstractVerifierHC4.verify(AbstractVerifierHC4.java:234)
>>
>> I tried lot of samples given on web related to ApacheHTTPclient
>> library 4.3.5 . But i am just not able to come out of this situation.
>> I dont know what is happening .
>>
>> I even tried changing to Allow-All-HostNameVerifier. but it gives
>> another exception.
>>
>> Kindly help me to achieve HTTPS connection
>>
>> -
>> To unsubscribe, e-mail: httpclient-users-unsubscr...@hc.apache.org
>> For additional commands, e-mail: httpclient-users-h...@hc.apache.org
>>
>>

-
To unsubscribe, e-mail: httpclient-users-unsubscr...@hc.apache.org
For additional commands, e-mail: httpclient-users-h...@hc.apache.org

Re: issue with https connection using Apache http client 4.3.5 with android

2016-04-22 Thread Sunil Chandrasekharan 
How can i disable certifcate verification at client side.
I dont need to verify the certificate at client side.

Can you help me achieve HTTPS connection without verifying certifcate at
client side.



On Wed, Apr 20, 2016 at 3:34 PM,  wrote:

> Hello,
>
> If you specify a URL with an IP literal, then the target host must have a
> SSL/TLS certificate mentioning this name as commonName or
> subjectAlternateName. This prevents person-in-the-middle attacks and is, as
> you noticed enforced by the Hostname Verifier.
>
> Not sure about android, but on a pc i would add a hostname alias to the
> /etc/hosts file and specify the name in the URL for testing purposes
> (production servers should obviously use DNS).
>
> If you absolutely must use an IP you could think about a specific verifier
> which binds the certificate to the IP with no additional checking.
>
> As for your "other error", you need to tell us which one.
>
> Does not look like an issue with Android or your code so far.
>
> Gruss
> Bernd
>
> --
> http://bernd.eckenfels.net
>
> -Original Message-
> From: Sunil Chandrasekharan 
> To: httpclient-users@hc.apache.org
> Sent: Mi., 20 Apr. 2016 8:02
> Subject: issue with https connection using Apache http client 4.3.5 with
> android
>
> Hi ,
>
> I am trying to implement https connection support using Apache http client
> 4.3.5 on my Android devices
>
> HttpClientBuilder builder = HttpClientBuilder.create();KeyStore
> trustStore = KeyStore.getInstance(KeyStore.getDefaultType());
> trustStore.load(null, null);
> SSLContext sslContext =
> SSLContexts.custom().loadTrustMaterial(trustStore, new
> TrustSelfSignedStrategy()).build();
> SSLConnectionSocketFactory sslConnectionFactory = new
> SSLConnectionSocketFactory(sslContext, new String[] { "TLSv1"
> },null,SSLConnectionSocketFactory.BROWSER_COMPATIBLE_HOSTNAME_VERIFIER);
>
> builder.setSSLSocketFactory(sslConnectionFactory);
>  Registry registry =
> RegistryBuilder.create()
>   .register("https", sslConnectionFactory)
>   .register("http", PlainConnectionSocketFactory.getSocketFactory())
>   .build();
> HttpClientConnectionManager connectionManager = new
> BasicHttpClientConnectionManager(registry);
> builder.setConnectionManager(connectionManager);
>
> builder.setDefaultCredentialsProvider(credsProvider);
> builder.setRedirectStrategy(new MyRedirectStrategy());
>
> builder.setHostnameVerifier(SSLConnectionSocketFactory.BROWSER_COMPATIBLE_HOSTNAME_VERIFIER);CloseableHttpClient
> client = builder.build();
>
> I did this example by referring many posts on SSL confirguration with
> Apache HttpClient 4.3.5
>
> But when i try to run, my execute method fails with this error
>
> javax.net.ssl.SSLException: hostname in certificate didn't match:
> <12.17.7.0> != 
> at
> org.apache.http.conn.ssl.AbstractVerifierHC4.verify(AbstractVerifierHC4.java:234)
>
> I tried lot of samples given on web related to ApacheHTTPclient
> library 4.3.5 . But i am just not able to come out of this situation.
> I dont know what is happening .
>
> I even tried changing to Allow-All-HostNameVerifier. but it gives
> another exception.
>
> Kindly help me to achieve HTTPS connection
>
> -
> To unsubscribe, e-mail: httpclient-users-unsubscr...@hc.apache.org
> For additional commands, e-mail: httpclient-users-h...@hc.apache.org
>
>