Quantcast

'hostname in certificate didn't match' with Apache HTTP client

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

'hostname in certificate didn't match' with Apache HTTP client

Tal Liron
I'm getting a lot of these exceptions when accessing perfectly happy
internet sites, such as Yahoo! and LiveJournal.

It seems that various people on the net have problems with similar
problems with Apache HTTP Client on Android, but in this case I'm using
Restlet 2.0 JSE. Any ideas or suggestions for workarounds?

Here is a relevant stack trace:

2011-01-30 00:54:08,358: WARN  [org.restlet.Component.Client] An error
occurred during the communication with the remote HTTP server.
javax.net.ssl.SSLException: hostname in certificate didn't match:
<openid.yahoo.com> != <open.login.yahoo.com>
     at
org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:220)
     at
org.apache.http.conn.ssl.BrowserCompatHostnameVerifier.verify(BrowserCompatHostnameVerifier.java:54)
     at
org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:149)
     at
org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:130)
     at
org.apache.http.conn.ssl.SSLSocketFactory.createSocket(SSLSocketFactory.java:399)
     at
org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:143)
     at
org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:149)
     at
org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:108)
     at
org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:415)
     at
org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:641)
     at
org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:576)
     at
org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:554)
     at
org.restlet.ext.httpclient.internal.HttpMethodCall.sendRequest(HttpMethodCall.java:331)
     at
org.restlet.engine.http.adapter.ClientAdapter.commit(ClientAdapter.java:112)
     at
org.restlet.engine.http.HttpClientHelper.handle(HttpClientHelper.java:110)
     at org.restlet.Client.handle(Client.java:177)

------------------------------------------------------
http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=2701493
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: 'hostname in certificate didn't match' with Apache HTTP client

Romain
You can look at this : 


SSLUtilities.trustAllHostnames() to turn off the default hostname verification on HTTPS connection;

2011/1/30 Tal Liron <[hidden email]>
I'm getting a lot of these exceptions when accessing perfectly happy
internet sites, such as Yahoo! and LiveJournal.

It seems that various people on the net have problems with similar
problems with Apache HTTP Client on Android, but in this case I'm using
Restlet 2.0 JSE. Any ideas or suggestions for workarounds?

Here is a relevant stack trace:

2011-01-30 00:54:08,358: WARN  [org.restlet.Component.Client] An error
occurred during the communication with the remote HTTP server.
javax.net.ssl.SSLException: hostname in certificate didn't match:
<openid.yahoo.com> != <open.login.yahoo.com>
    at
org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:220)
    at
org.apache.http.conn.ssl.BrowserCompatHostnameVerifier.verify(BrowserCompatHostnameVerifier.java:54)
    at
org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:149)
    at
org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:130)
    at
org.apache.http.conn.ssl.SSLSocketFactory.createSocket(SSLSocketFactory.java:399)
    at
org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:143)
    at
org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:149)
    at
org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:108)
    at
org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:415)
    at
org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:641)
    at
org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:576)
    at
org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:554)
    at
org.restlet.ext.httpclient.internal.HttpMethodCall.sendRequest(HttpMethodCall.java:331)
    at
org.restlet.engine.http.adapter.ClientAdapter.commit(ClientAdapter.java:112)
    at
org.restlet.engine.http.HttpClientHelper.handle(HttpClientHelper.java:110)
    at org.restlet.Client.handle(Client.java:177)

------------------------------------------------------
http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=2701493

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: 'hostname in certificate didn't match' with Apache HTTP client

Tal Liron
Thank you!


It seems this SSLUtilities class uses com.sun classes, and might not be
very portable... Anyway, I think I've come to realize that in my
specific case the fault was with Yahoo, not me. The HTTP client is right
to reject Yahoo's response in this case. I was experimenting with some
things in OpenID, and think I hit a URL that Yahoo does not normally expose.


On 01/31/2011 02:34 AM, Romain wrote:

> You can look at this :
>
> http://en.wikibooks.org/wiki/WebObjects/Web_Services/How_to_Trust_Any_SSL_Certificate
>
> SSLUtilities.trustAllHostnames() to turn off the default hostname
> verification on HTTPS connection;
>
> 2011/1/30 Tal Liron <[hidden email]
> <mailto:[hidden email]>>
>
>     I'm getting a lot of these exceptions when accessing perfectly happy
>     internet sites, such as Yahoo! and LiveJournal.
>
>     It seems that various people on the net have problems with similar
>     problems with Apache HTTP Client on Android, but in this case I'm
>     using
>     Restlet 2.0 JSE. Any ideas or suggestions for workarounds?
>
>     Here is a relevant stack trace:
>
>     2011-01-30 00:54:08,358: WARN  [org.restlet.Component.Client] An error
>     occurred during the communication with the remote HTTP server.
>     javax.net.ssl.SSLException: hostname in certificate didn't match:
>     <openid.yahoo.com <http://openid.yahoo.com>> !=
>     <open.login.yahoo.com <http://open.login.yahoo.com>>
>         at
>     org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:220)
>         at
>     org.apache.http.conn.ssl.BrowserCompatHostnameVerifier.verify(BrowserCompatHostnameVerifier.java:54)
>         at
>     org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:149)
>         at
>     org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:130)
>         at
>     org.apache.http.conn.ssl.SSLSocketFactory.createSocket(SSLSocketFactory.java:399)
>         at
>     org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:143)
>         at
>     org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:149)
>         at
>     org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:108)
>         at
>     org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:415)
>         at
>     org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:641)
>         at
>     org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:576)
>         at
>     org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:554)
>         at
>     org.restlet.ext.httpclient.internal.HttpMethodCall.sendRequest(HttpMethodCall.java:331)
>         at
>     org.restlet.engine.http.adapter.ClientAdapter.commit(ClientAdapter.java:112)
>         at
>     org.restlet.engine.http.HttpClientHelper.handle(HttpClientHelper.java:110)
>         at org.restlet.Client.handle(Client.java:177)
>
>     ------------------------------------------------------
>     http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=2701493
>     <http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=2701493>
>
>

------------------------------------------------------
http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=2701710
Loading...