Looks like it's not supported properly when using apache's httpclient5. But
when using HttpsUrlConnection, SNI is supported since android 2.3.
So it looks like I have found a solution (more GH issue). Thank you for
leading me to the right track.
https://developer.android.com/training/articles/secu
If you pull the SSL certificate for an IP address, the server typically
sends you the default, configured certificate.
I am curious about why Android 5 would request the certificate by IP
address only. Does it not support the Server Name Indication?:
http://javabreaks.blogspot.com/2015/12/java-ss
Related issue: https://github.com/AndBible/and-bible/issues/823
Could there be an explanation for this in (mis?)configuration of
crosswire.org?
On Thu, Sep 17, 2020 at 4:19 PM Tuomas Airaksinen <
tuomas.airaksi...@gmail.com> wrote:
> When I type
>
> host crosswire.org it gives me ip 209.250.6.22
When I type
host crosswire.org it gives me ip 209.250.6.226.
When I fetch ssl cert for that ip (openssl s_client -connect
209.250.6.226:443), it gives cert with CN www.ancc-gan.de.
This confuses And Bible on Android 5 (lollipop), as host name checking will
fail to
javax.net.ssl.SSLPeerUnverifi
