0

I've got a Heroku app on the Cedar stack, which has a URL like this:

https://my-app.herokuapp.com/

I'm using piggyback SSL, I don't have my own certificate. But this works fine and I'm not seeing any errors/warnings in the browser.

Now I want to let my Android app securely connect to this Heroku app. The code I tried was the following:

BasicHttpParams httpParameters = new BasicHttpParams();
HttpConnectionParams.setConnectionTimeout(httpParameters, 4000);
HttpConnectionParams.setSoTimeout(httpParameters, 4000);
DefaultHttpClient client = new DefaultHttpClient(httpParameters);
HttpRequestBase httpRequest = new HttpGet("https://my-app.herokuapp.com/api/player");
client.execute(httpRequest);

But this does not work. I'm not seeing any warnings, errors or exceptions, but it just doesn't connect over HTTPS but HTTP.

What am I doing wrong?

Are there any other subclasses that I have to use? I thought that just providing the HTTPS URL would be enough, and some posts I found on the internet seem to verify this.

I've found answers regarding HttpClient with SSL/TLS here, here and here, but they don't really help me. Apart from the fact that I don't exactly know what to do, I'm not sure if these answers affect me at all, because I'm not seeing any exceptions that hint to problems with the certificate.

Community
  • 1
  • 1
caw
  • 30,999
  • 61
  • 181
  • 291
  • This has not been a duplicate. I had explicitly cited three similar questions here from Stack Overflow, which don't cover the same problem because I'm not using an invalid certificate and want to suppress the warnings, as the other questions discuss. – caw Feb 12 '14 at 22:05
  • The problem was that I used base64-encoded data in the HTTP headers with `Base64.DEFAULT`. It turned out I had to use `Base64.NO_WRAP` in order not to destroy the request. Heroku stopped returning the `X-Forwarded-Proto` header with value `https` for that reason. – caw Feb 13 '14 at 07:39

1 Answers1

0

You can try this:

 HostnameVerifier hostnameVerifier = org.apache.http.conn.ssl.SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER;
    DefaultHttpClient defaultclient = new DefaultHttpClient();

    SchemeRegistry registry = new SchemeRegistry();
    SSLSocketFactory socketFactory = SSLSocketFactory.getSocketFactory();
    socketFactory.setHostnameVerifier((X509HostnameVerifier) hostnameVerifier);
    registry.register(new Scheme("https", socketFactory, 443));

    cm = new ThreadSafeClientConnManager(defaultclient.getParams(), registry);
    client = new DefaultHttpClient(cm, defaultclient.getParams());

    // Set verifier     
    HttpsURLConnection.setDefaultHostnameVerifier(hostnameVerifier);             
    post = new HttpPost("https://my-app.herokuapp.com/api/player");
Ungureanu Liviu
  • 4,034
  • 4
  • 37
  • 42