I am trying to develop recipes for using SNI with basic HTTP stacks in modern versions of Android. This includes Apache's separate HttpClient library (and not the version baked into Android itself, which is dead and gone).
It seems that the latest versions of HttpClient do not support SNI out of the box. When I use the artifact 'cz.msebera.android:httpclient:4.4.1.1' , I get:
javax.net.ssl.SSLPeerUnverifiedException: Host name '...' does not match the certificate subject provided by the peer (CN=...) at cz.msebera.android.httpclient.conn.ssl.SSLConnectionSocketFactory.verifyHostname(SSLConnectionSocketFactory.java:466) at cz.msebera.android.httpclient.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:395)
(host names edited with ... )
This Problem HttpClient contains code that is designed to solve this problem. However, it is unclear how to use it. This answer helps to implement a little. However, this in turn leads to failures with an equivalent exception:
javax.net.ssl.SSLPeerUnverifiedException: Host name '' does not match the certificate subject provided by the peer (CN=...) at cz.msebera.android.httpclient.conn.ssl.SSLConnectionSocketFactory.verifyHostname(SSLConnectionSocketFactory.java:466) at cz.msebera.android.httpclient.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:395)
This does not surprise me. The proposed workaround (replacing the real hostname with an empty string) seemed to me rather strange.
This question and the stack overflow question mostly say "use Java 1.7", which is not a viable option for Android.
So, did anyone develop a recipe for enabling SNI with the Android-compatible HttpClient 4.4+ environment?
source share