2

I am trying to send data using httpsurlconnection. I imported .pem certificate into android keystore and created ssl context. Now everything is working fine except when I send some data over server from Android it is saying hostname is not verified.

 HostnameVerifier hostnameVerifier = org.apache.http.conn.ssl.SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER;
AssetManager assetManager = MainActivity.ctx.getAssets();
InputStream requestXML = assetManager.open("requestdump");         
String requestString = convertStreamToString(requestXML);
java.net.URL url = new URL("https://nn.nnn.nnn.nnn:xxxx");
HttpsURLConnection urlConnection = (HttpsURLConnection)url.openConnection();
urlConnection.setSSLSocketFactory(getSSLSocketFactory());
urlConnection.setReadTimeout(10000);
urlConnection.setConnectTimeout(15000);
urlConnection.setRequestMethod("POST");
urlConnection.setHostnameVerifier(hostnameVerifier );
urlConnection.setDoInput(true);
urlConnection.setDoOutput(true);
byte[] outputInBytes = requestString.getBytes("UTF-8");       
OutputStream os = urlConnection.getOutputStream();
os.write( outputInBytes );
os.close();             
InputStream in = urlConnection.getInputStream();

This code is working and sending data on ssl enable server. I tried this code: 

HostnameVerifier hostnameVerifier = org.apache.http.conn.ssl.SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER;
urlConnection.setHostnameVerifier(hostnameVerifier );

But I don't want to use this approach.

Without this approach I am getting Hostname not verified. Can anybody suggest please how to send data over server using self signed certificate without using ALLOW_ALL_HOSTNAME_VERIFIE.

Any help would be appreciated.

Shivv
  • 65
  • 2
  • 11

2 Answers2

0

Fix the certificate so its hostname is correct. That means starting again with a new keypair.

user207421
  • 305,947
  • 44
  • 307
  • 483
  • I was thinking of the same, but the issue is the same Certificate if I import into IE, it works. The server team is insisting that this certificate should work and is correct as IE (or any other browser) is able to hit the server. – Shivv Mar 27 '15 at 05:03
  • one more funny thing happening is, now if I run my application from an Android Device (instead of Studio), I don't get Host Verification failed, but get the following error: SSL23_GET_SERVER_HELLO:tlsv1 alert inappropriate fallback Not sure, why this is happening now. – Shivv Mar 27 '15 at 05:26
0

You are probably getting a different certificate on android and Windows, because your Android application does not support SNI (Server Name Indication). And the certificate you get on Android is for a different host. Check Android SSL - SNI support for more details.

Community
  • 1
  • 1
Steffen Ullrich
  • 114,247
  • 10
  • 131
  • 172