Restlet Discuss

'hostname in certificate didn't match' with Apache HTTP client

Classic

List

Threaded

3 messages Options

Tal Liron

'hostname in certificate didn't match' with Apache HTTP client

I'm getting a lot of these exceptions when accessing perfectly happy
internet sites, such as Yahoo! and LiveJournal.

It seems that various people on the net have problems with similar
problems with Apache HTTP Client on Android, but in this case I'm using
Restlet 2.0 JSE. Any ideas or suggestions for workarounds?

Here is a relevant stack trace:

2011-01-30 00:54:08,358: WARN [org.restlet.Component.Client] An error
occurred during the communication with the remote HTTP server.
javax.net.ssl.SSLException: hostname in certificate didn't match:
<openid.yahoo.com> != <open.login.yahoo.com>
at
org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:220)
at
org.apache.http.conn.ssl.BrowserCompatHostnameVerifier.verify(BrowserCompatHostnameVerifier.java:54)
at
org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:149)
at
org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:130)
at
org.apache.http.conn.ssl.SSLSocketFactory.createSocket(SSLSocketFactory.java:399)
at
org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:143)
at
org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:149)
at
org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:108)
at
org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:415)
at
org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:641)
at
org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:576)
at
org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:554)
at
org.restlet.ext.httpclient.internal.HttpMethodCall.sendRequest(HttpMethodCall.java:331)
at
org.restlet.engine.http.adapter.ClientAdapter.commit(ClientAdapter.java:112)
at
org.restlet.engine.http.HttpClientHelper.handle(HttpClientHelper.java:110)
at org.restlet.Client.handle(Client.java:177)

------------------------------------------------------
http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=2701493

Romain

Re: 'hostname in certificate didn't match' with Apache HTTP client

You can look at this :

http://en.wikibooks.org/wiki/WebObjects/Web_Services/How_to_Trust_Any_SSL_Certificate

SSLUtilities.trustAllHostnames() to turn off the default hostname verification on HTTPS connection;

2011/1/30 Tal Liron <[hidden email]>

I'm getting a lot of these exceptions when accessing perfectly happy
internet sites, such as Yahoo! and LiveJournal.

It seems that various people on the net have problems with similar
problems with Apache HTTP Client on Android, but in this case I'm using
Restlet 2.0 JSE. Any ideas or suggestions for workarounds?

Here is a relevant stack trace:

2011-01-30 00:54:08,358: WARN [org.restlet.Component.Client] An error
occurred during the communication with the remote HTTP server.
javax.net.ssl.SSLException: hostname in certificate didn't match:
<openid.yahoo.com> != <open.login.yahoo.com>
at
org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:220)
at
org.apache.http.conn.ssl.BrowserCompatHostnameVerifier.verify(BrowserCompatHostnameVerifier.java:54)
at
org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:149)
at
org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:130)
at
org.apache.http.conn.ssl.SSLSocketFactory.createSocket(SSLSocketFactory.java:399)
at
org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:143)
at
org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:149)
at
org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:108)
at
org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:415)
at
org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:641)
at
org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:576)
at
org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:554)
at
org.restlet.ext.httpclient.internal.HttpMethodCall.sendRequest(HttpMethodCall.java:331)
at
org.restlet.engine.http.adapter.ClientAdapter.commit(ClientAdapter.java:112)
at
org.restlet.engine.http.HttpClientHelper.handle(HttpClientHelper.java:110)
at org.restlet.Client.handle(Client.java:177)

------------------------------------------------------
http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=2701493

Tal Liron

Re: 'hostname in certificate didn't match' with Apache HTTP client

Thank you!

It seems this SSLUtilities class uses com.sun classes, and might not be
very portable... Anyway, I think I've come to realize that in my
specific case the fault was with Yahoo, not me. The HTTP client is right
to reject Yahoo's response in this case. I was experimenting with some
things in OpenID, and think I hit a URL that Yahoo does not normally expose.

On 01/31/2011 02:34 AM, Romain wrote:

> You can look at this :
>
> http://en.wikibooks.org/wiki/WebObjects/Web_Services/How_to_Trust_Any_SSL_Certificate
>
> SSLUtilities.trustAllHostnames() to turn off the default hostname
> verification on HTTPS connection;
>
> 2011/1/30 Tal Liron <[hidden email]
> <mailto:[hidden email]>>
>
> I'm getting a lot of these exceptions when accessing perfectly happy
> internet sites, such as Yahoo! and LiveJournal.
>
> It seems that various people on the net have problems with similar
> problems with Apache HTTP Client on Android, but in this case I'm
> using
> Restlet 2.0 JSE. Any ideas or suggestions for workarounds?
>
> Here is a relevant stack trace:
>
> 2011-01-30 00:54:08,358: WARN [org.restlet.Component.Client] An error
> occurred during the communication with the remote HTTP server.
> javax.net.ssl.SSLException: hostname in certificate didn't match:
> <openid.yahoo.com <http://openid.yahoo.com>> !=
> <open.login.yahoo.com <http://open.login.yahoo.com>>
> at
> org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:220)
> at
> org.apache.http.conn.ssl.BrowserCompatHostnameVerifier.verify(BrowserCompatHostnameVerifier.java:54)
> at
> org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:149)
> at
> org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:130)
> at
> org.apache.http.conn.ssl.SSLSocketFactory.createSocket(SSLSocketFactory.java:399)
> at
> org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:143)
> at
> org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:149)
> at
> org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:108)
> at
> org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:415)
> at
> org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:641)
> at
> org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:576)
> at
> org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:554)
> at
> org.restlet.ext.httpclient.internal.HttpMethodCall.sendRequest(HttpMethodCall.java:331)
> at
> org.restlet.engine.http.adapter.ClientAdapter.commit(ClientAdapter.java:112)
> at
> org.restlet.engine.http.HttpClientHelper.handle(HttpClientHelper.java:110)
> at org.restlet.Client.handle(Client.java:177)
>
> ------------------------------------------------------
> http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=2701493
> <http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=2701493>
>
>

------------------------------------------------------
http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=2701710