1

The user inputs their website details in the settings page and clicks save, then the app gets a specific file from their website and the data gets loaded into the app. However if they have a website that has https:// I get the SSLException error message javax.net.ssl.SSLException: hostname in certificate didn't match www.userswebsite.com My code I have to read the file is as follows:

HttpClient httpclient = new DefaultHttpClient();
// get url data
HttpPost httppost = new HttpPost(weburi);
HttpResponse response = httpclient.execute(httppost);
HttpEntity entity = response.getEntity();
webs = entity.getContent();    
//I then go on to read file into array and use data in a runnable...
final BufferedReader reader = new BufferedReader( new InputStreamReader(webs, "iso-8859-1"), 8);

I have no control over the users website as it will be thier website that they will be using to store the data on and I extract it from them. When I type the URL in a browser on windows I get no errors.

Dino
  • 561
  • 3
  • 10
  • 21
  • http://stackoverflow.com/a/3904473/2413303 – EpicPandaForce Mar 13 '15 at 09:36
  • Will this also work for normal websites? – Dino Mar 13 '15 at 09:41
  • I think it should. Although disabling host name verification makes phishing (and man-in-the-middle attacks) easier. – EpicPandaForce Mar 13 '15 at 09:52
  • Actually, sorry. The link I was looking for was this: http://stackoverflow.com/a/4837230/2413303 – EpicPandaForce Mar 13 '15 at 09:53
  • @EpicPandaForce From what I understand this is not a good idea to do it in production. But all the app does is get a text file that has data in it, weather data to be precise so I assume that it should be fine? What about Man-In-The-Middle attacks? – Dino Mar 13 '15 at 10:14
  • I tried and one from the first link you said, but I now get **Scheme 'http' not registered.** error. – Dino Mar 13 '15 at 10:54
  • Ugh, well that's a bummer, I guess it removed that scheme. Just add `registry.register(new Scheme("http", socketFactory, 80));` – EpicPandaForce Mar 13 '15 at 10:58
  • I got a **javax.net.ssl.SSLPeerUnverifiedException: No peer certificate** – Dino Mar 13 '15 at 11:14
  • ......wait, this is definitely a server misconfiguration error. It uses `https` but there is no certificate. – EpicPandaForce Mar 13 '15 at 11:20
  • Hmm this is the website I am trying to access, https://www.tnetweather.com/clientraw.txt – Dino Mar 13 '15 at 11:21
  • ....dammit, this IS a properly verified certificate. Try using the library from Gradle, "httpclient-for-android". Although I am starting to be at a loss here. – EpicPandaForce Mar 13 '15 at 12:16
  • I have surrounded it in an IF statement. If HTTP do above code but if HTTPS then do that code from [this page](http://stackoverflow.com/questions/2012497/accepting-a-certificate-for-https-on-android/3904473#3904473) and now I get a NetworkOnMainThreadExeption but I am running this in a thread. So now confused. It works with http but when I use https I get that error. – Dino Mar 13 '15 at 13:13
  • @EpicPandaForce are you saying I must change the thread from a runnable to asynctask? – Dino Mar 13 '15 at 14:24
  • Just try it and see what happens. None of this should be happening in the first place. – EpicPandaForce Mar 13 '15 at 14:30
  • Crap I changed it to AsynTask, which is easier to read than a few runnables and no luck same error. I will start a new Question with this as this is now something else. – Dino Mar 13 '15 at 14:42
  • That really is odd. Good luck, I hope you'll get more people to look at it than just myself. – EpicPandaForce Mar 13 '15 at 14:44

0 Answers0