我試圖建立一個使用org.apache.http。*中的類的https連接。由於我設置的一部分,我用它規定了BrowserCompatHostnameVerifier()類:SSLException當服務器證書使用SAN(主題備用名稱)
The hostname must match either the first CN, or any of the subject-alts. A wildcard can occur in the CN, and in any of the subject-alts.
當我打了誰的服務器的主機名不匹配,這是在CN規定,但確實條目匹配一個在主題ALTS,我得到以下異常:
javax.net.ssl.SSLException: hostname in certificate didn't match: <mtvniph1-f.akamaihd.net> != <a248.e.akamai.net>
at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:222)
at org.apache.http.conn.ssl.BrowserCompatHostnameVerifier.verify(BrowserCompatHostnameVerifier.java:54)
at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:151)
at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:132)
at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:321)
下面是相關的代碼塊是造成此錯誤:
DefaultHttpClient seed = new DefaultHttpClient();
SchemeRegistry registry = new SchemeRegistry();
SSLSocketFactory ssf = SSLSocketFactory.getSocketFactory();
// XXX: This verifier isn't working with Subject Alternative Names
ssf.setHostnameVerifier(new BrowserCompatHostnameVerifier());
registry.register(new Scheme("https", ssf, 443));
SingleClientConnManager mgr = new SingleClientConnManager(seed.getParams(), registry);
DefaultHttpClient http = new DefaultHttpClient(mgr, seed.getParams());
// Config point, change to your preference
String url = "https://mtvniph1-f.akamaihd.net/e3_ubisoft_prod0.m3u8";
HttpGet method = new HttpGet(url);
HttpResponse response = null;
try
{
response = http.execute(method);
}
catch (Exception e)
{
Log.e(TAG, "Request failed", e);
}
比較這一行爲和磨片你用「https://www.google.com」替換網址。我可以通過創建自己的X509HostnameVerifier來解決此問題,但是我想知道這是否是BrowserCompatHostnameVerifier中的有效錯誤,或者如果我做錯了什麼。
其他人有類似的問題?
更新:我直接嘗試使用Apache HttpComponents(http://hc.apache.org)v4.0.1 lib的相同代碼塊,但無法重現該行爲。這導致我相信這是這個lib的Android實現中的一個錯誤。 – 2010-08-18 21:19:36
有兩個這樣的錯誤,http://code.google.com/p/android/issues/detail?id=17680&can=1&q=reporter%3Anathan%2Cjanrain.com&colspec=ID%20Type%20Status%20Owner%20Summary%20Stars另一個我找不到鏈接,它只讀取SAN擴展中的前16個(8?)名稱。 – nmr 2012-02-29 16:08:02