堆栈内存溢出
  简体   繁体   English

Java SSLException:证书中的主机名在Android应用程序中不匹配

[英]Java SSLException: hostname in certificate didn't match in android application

 原文  2016-03-11 13:51:34       java/ android/ rest/ ssl/ apache-httpclient-4.x

问题描述

I am working on an android application that uses rest services and hits my website(having SSL) for data.我正在开发一个使用休息服务并访问我的网站(具有 SSL)以获取数据的 android 应用程序。 Also I have some other domains on the same server.此外,我在同一台服务器上还有一些其他域。

Now when I try to hit my website it is checking for other domains eg现在,当我尝试访问我的网站时,它正在检查其他域,例如

My website : 'abc.xyz.com'我的网站: 'abc.xyz.com'

Other domain : '*.mno.com'其他域: '*.mno.com'

REST URL eg: https://abc.xyz.com/restapiservice/data/{dataid}?restkey={rest-api-key} REST URL 例如: https : //abc.xyz.com/restapiservice/data/{dataid}?restkey={ rest-api- key}

Error:错误:

javax.net.ssl.SSLException: hostname in certificate didn't match: != < .mno.com> OR < .mno.com> OR javax.net.ssl.SSLException: 证书中的主机名不匹配:!= < .mno.com> OR < .mno.com> OR

Code:代码:

try {
            // http client
            DefaultHttpClient httpClient;
            final HttpParams httpParams = new BasicHttpParams();
            HttpConnectionParams.setConnectionTimeout(httpParams, 30000);
            httpClient = new DefaultHttpClient(httpParams);

            //DefaultHttpClient httpClient = new DefaultHttpClient();
            HttpEntity httpEntity = null;
            HttpResponse httpResponse = null;

            // Checking http request method type
            if (method == POST) {
                HttpPost httpPost = new HttpPost(url);
                // adding post params
                if (params != null) {
                    httpPost.setEntity(new UrlEncodedFormEntity(params));
                }

                httpResponse = httpClient.execute(httpPost);

            } else if (method == GET) {
                // appending params to url
                if (params != null) {
                    String paramString = URLEncodedUtils
                            .format(params, "utf-8");
                    url += String.format("?%s", paramString);
                }
                HttpGet httpGet = new HttpGet(url);

                httpResponse = httpClient.execute(httpGet);

            }
            httpEntity = httpResponse.getEntity();
            response = EntityUtils.toString(httpEntity, HTTP.UTF_8);

        } catch (UnsupportedEncodingException e) {
            e.printStackTrace();
        } catch (ClientProtocolException e) {
            e.printStackTrace();
        } catch (IOException e) {
            e.printStackTrace();
        }

I have tried solution:我试过解决办法:

        try {

        HostnameVerifier hostnameVerifier = org.apache.http.conn.ssl.SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER;

        DefaultHttpClient client = new DefaultHttpClient();

        //Added my part

        final HttpParams httpParams = new BasicHttpParams();
        HttpConnectionParams.setConnectionTimeout(httpParams, 30000);
        client = new DefaultHttpClient(httpParams);

        //End my part

        SchemeRegistry registry = new SchemeRegistry();
        SSLSocketFactory socketFactory = SSLSocketFactory.getSocketFactory();
        socketFactory.setHostnameVerifier((X509HostnameVerifier) hostnameVerifier);
        registry.register(new Scheme("https", socketFactory, 443));
        SingleClientConnManager mgr = new SingleClientConnManager(client.getParams(), registry);
        DefaultHttpClient httpClient = new DefaultHttpClient(mgr, client.getParams());

        // Set verifier
        HttpsURLConnection.setDefaultHostnameVerifier(hostnameVerifier);

        HttpEntity httpEntity = null;
        HttpResponse httpResponse = null;

        // Checking http request method type
        if (method == POST) {
            HttpPost httpPost = new HttpPost(url);
            // adding post params
            if (params != null) {
                httpPost.setEntity(new UrlEncodedFormEntity(params));
            }

            httpResponse = httpClient.execute(httpPost);

        } else if (method == GET) {
            // appending params to url
            if (params != null) {
                String paramString = URLEncodedUtils
                        .format(params, "utf-8");
                url += String.format("?%s", paramString);
            }
            HttpGet httpGet = new HttpGet(url);

            httpResponse = httpClient.execute(httpGet);

        }
        httpEntity = httpResponse.getEntity();
        response = EntityUtils.toString(httpEntity, HTTP.UTF_8);

    } catch (UnsupportedEncodingException e) {
        e.printStackTrace();
    } catch (ClientProtocolException e) {
        e.printStackTrace();
    } catch (IOException e) {
        e.printStackTrace();
    }

But I don't want to use it, as it might cause some security threats (I don't want to use "ALLOW_ALL_HOSTNAME_VERIFIER")但我不想使用它,因为它可能会导致一些安全威胁(我不想使用“ALLOW_ALL_HOSTNAME_VERIFIER”)

Please suggest me some other alternative to this.请建议我一些其他的替代方案。

1 个解决方案

解决方案1
 -1  2016-03-11 14:19:34

maybe this could help you.也许这可以帮助你。

private HttpURLConnection getHttpConnection(String param)
        throws IOException, NoSuchAlgorithmException,
        KeyManagementException {

    URL url = new URL(URL + param);
    HttpURLConnection conn = (HttpURLConnection) url.openConnection();
    if (conn instanceof HttpsURLConnection) {
        HttpsURLConnection httpsConn = (HttpsURLConnection) conn;
        SSLContext sc;
        sc = SSLContext.getInstance(TLS);
        sc.init(null, null, new java.security.SecureRandom());
        httpsConn.setSSLSocketFactory(sc.getSocketFactory());
    }

    // set Timeout and method
    conn.setReadTimeout(TIMEOUT);
    conn.setConnectTimeout(TIMEOUT);
    conn.setRequestMethod(POST);
    conn.setDoInput(true);
    conn.setDoOutput(true);
    return conn;
}

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Java SSLException:证书中的主机名不匹配 - Java SSLException: hostname in certificate didn't match SSLException:证书中的主机名不匹配:&lt;50.19.233.255&gt;!= &lt;*。heroku.com&gt; - SSLException: hostname in certificate didn't match: <50.19.233.255> != <*.heroku.com> javax.net.ssl.SSLException:证书中的主机名不匹配 - javax.net.ssl.SSLException: hostname in certificate didn't match Java SSLException:证书中的主机名与 www.googleapis.com 不匹配 - Java SSLException: hostname in certificate didn't match for www.googleapis.com 使用HTTPS Confusion的Java HTTP帖子 - javax.net.ssl.SSLException:证书中的主机名不匹配 - Java HTTP post using HTTPS Confusion - javax.net.ssl.SSLException: hostname in certificate didn't match RestEasy的客户端实现导致javax.net.ssl.SSLException:证书中的主机名不匹配 - RestEasy's Client implementation causes javax.net.ssl.SSLException: hostname in certificate didn't match javax.net.ssl.SSLException:证书中的主机名与Apache httpd虚拟主机不匹配 - javax.net.ssl.SSLException: hostname in certificate didn't match in conjunction with Apache httpd virtual hosts 间接Apache HttpClient和javax.net.ssl.SSLException:证书中的主机名不匹配 - Indirect Apache HttpClient and javax.net.ssl.SSLException: hostname in certificate didn't match 证书中的主机名不匹配 - Hostname in certificate didn't match 证书中的主机名不匹配? - Hostname in certificate didn't match?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM