Using custom version of App Engine app in Android

Question

I'm trying to use non default App Engine app version in Android app. The default App Engine app version is 1 and I've uploaded a new version 2 and want to test it using Android app.

The default root path to the app instance is as follows:

xxx.appspot.com

Both instances are accessible (or should be) using:

https://1.xxx.appspot.com    // version 1
https://2.xxx.appspot.com    // version 2

The first problem is testing it through browser. In Chrome you can't test it, because of error message Your connection is not private . Looks like certificate issue for *.appspot.com :

NET::ERR_CERT_COMMON_NAME_INVALID

You can workaround this using Firefox and add given site as trusted one. So assume the second version is tested through the browser, time to test it using Android app.

I changed the endpoint root URL passing the new URL to the builder:

builder.setRootUrl(https://2.xxx.appspot.com);

That fails with:

java.io.IOException: Hostname '2.xxx.appspot.com' was not verified
     at com.android.okhttp.Connection.upgradeToTls(Connection.java:1026)
     at com.android.okhttp.Connection.connect(Connection.java:963)
     at com.android.okhttp.internal.http.HttpEngine.connect(HttpEngine.java:405)

A quick search on SO and there's a quick and dirty solution (I'd not use this in production, even not to test the app. Of course host name checking should be performed eg using default verifier then if the default returned false using my fallback verifier):

HttpsURLConnection.setDefaultHostnameVerifier(new HostnameVerifier() {
    @Override
    public boolean verify(String hostname, SSLSession session) {
        return true;
    }
});

And the final result:

com.google.api.client.googleapis.json.GoogleJsonResponseException: 404 Not Found
    at com.google.api.client.googleapis.services.json.AbstractGoogleJsonClientRequest.newExceptionOnError(ProGuard:113)
    at com.google.api.client.googleapis.services.json.AbstractGoogleJsonClientRequest.set(ProGuard:40)
    at com.google.api.client.googleapis.services.AbstractGoogleClientRequest$1.interceptResponse(ProGuard:312)

No matter which version I use, it ends up with 404. The only valid URL is https://xxx.appspot.com I'm sure the method I'm trying to call exists on the endpoint because I can call it using Firefox.

Any suggestions how to test the new App Engine app version with Android app? Is the certificate validation failure a bug, or is this the correct behavior that *.appspot.com matches only xxx.appspot.com but doesn't match x.xxx.appspot.com ?

Answer 1

Obviously the solution was in the documentation:

Please note that in April of 2013, Google stopped issuing SSL certificates for double-wildcard domains hosted at appspot.com (ie . .appspot.com). If you rely on such URLs for HTTPS access to your application, please change any application logic to use "-dot-" instead of ".". For example, to access version "1" of application "myapp" use " https://1-dot-myapp.appspot.com " instead of " https://1.myapp.appspot.com ." If you continue to use " https://1.myapp.appspot.com " the certificate will not match, which will result in an error for any User-Agent that expects the URL and certificate to match exactly.

In short I had to replace 2. with 2-dot-