SSLException: hostname in certificate didn't match: <50.19.233.255> != <*.heroku.com>

Question

I'm trying to call heroku's developer api from java, but I get the following exception:

    Exception in thread "main" javax.net.ssl.SSLException: hostname in certificate didn't match: <50.19.233.255> != <*.heroku.com>

My code looks like this:

    HttpClient client = new DefaultHttpClient();
    HttpGet request = new HttpGet("https://api.heroku.com/apps");
    String token = "d6d7ea6e-6e71-4f13-b0ff-ed9ee9d56c37";
    request.addHeader("Authorization", "Bearer "+token);
    HttpResponse response = client.execute(request);

If I try it with curl it works fine:

    curl "https://api.heroku.com/apps" -H"Authorization: Bearer d6d7ea6e-6e71-4f13-b0ff-ed9ee9d56c37"

Why does the java code act differently to curl?

P.S. I'm aware that others have asked this questions, but all the answers, e.g:

https://stackoverflow.com/a/7266768

https://stackoverflow.com/a/3904473

https://stackoverflow.com/a/25356821

suggest that I should override the certificate hostname check, which surely defeats the point (and certainly isn't production-ready)?

score 2 · Accepted Answer · edited May 23 '17 at 11:44

2

This problem is described in Apache HttpClient resolving domain to IP address and not matching certificate. It appears to be a bug in the version of HTTPClient you are using, where it compares the target IP instead of the target hostname with the subject certificate. Please use a fixed version of HTTPClient instead.

edited May 23 '17 at 11:44

Community

1
1

answered Dec 28 '15 at 13:05

Steffen Ullrich

114,247
10
131
172

SSLException: hostname in certificate didn't match: <50.19.233.255> != <*.heroku.com>

1 Answers1