问题
When using the Apache HttpComponents HttpClient library (4.0.2) I'm having a problem where the certificate doesn't get validated properly. The certificate is valid for the domain name (let's call it example.com) however it's getting validated against the IP address instead:
hostname in certificate didn't match: <123.123.123.123> != <*.example.com>
My code for making the connection is:
HttpParams httpParams = new BasicHttpParams();
HttpConnectionParams.setConnectionTimeout(httpParams, 5000);
HttpConnectionParams.setSoTimeout(httpParams, 5000);
DefaultHttpClient httpClient = new DefaultHttpClient(httpParams);
String url = "https://www.example.com";
HttpGet get = new HttpGet(url);
HttpResponse httpResponse = httpClient.execute(get);
String response = EntityUtils.toString(httpResponse.getEntity()).trim();
The certificate itself shows as valid when connecting through a web browser and is valid for the domain name I'm connecting to:
CN = *.example.com
The certificate is also added to the Java keystore (tested using regular HttpsURLConnection).
Any ideas why this code uses the IP address instead of the domain name?
回答1:
Appears to be a known bug with HttpClient 4.0.2 - https://issues.apache.org/jira/browse/HTTPCLIENT-996 The bug suggests any of the following:
- Upgrade to version 4.0.3 or newer
- Downgrade to 4.0.1
- Use the AllowAllHostnameVerifier
来源:https://stackoverflow.com/questions/7909224/apache-httpclient-resolving-domain-to-ip-address-and-not-matching-certificate