java.io.IOException: Hostname was not verified
In case you are running with certificates that doesn't mean anything and you want to bypass them you also need to add a null host name verifier to make this code work
HttpsURLConnection.setDefaultHostnameVerifier(new NullHostNameVerifier());
SSLContext context = SSLContext.getInstance("TLS");
context.init(null, new X509TrustManager[]{new NullX509TrustManager()}, new SecureRandom());
HttpsURLConnection.setDefaultSSLSocketFactory(context.getSocketFactory());
And the code for the host:
import javax.net.ssl.HostnameVerifier ;
import javax.net.ssl.SSLSession;
public class NullHostNameVerifier implements HostnameVerifier {
@Override
public boolean verify(String hostname, SSLSession session) {
Log.i("RestUtilImpl", "Approving certificate for " + hostname);
return true;
}
}
This needs to run once, but if you are making changes to your connection object you might need to run it again.
Android : java.io.IOException: Hostname was not verified
You're making an HTTPS connection with an IP address. Now, SSL certificates are bound to DNS hostnames and since you're not using a DNS hostname to connect, the certificate cannot be verified.
Use an actual DNS name to connect, or in some rare cases, write your own hostname verifier that accepts your host (careful: it's very easy to introduce vulnerabilities there).
Got 'IOException: hostname was not verified', although given hostname (IP address) matches common name
Hostname xxx.xxx.xxx.xxx not verified
It looks like you are connecting to an IP address.
The matching behavior for IP differs between implementation, but the check as defined for RFC2818 (https) requires the IP address to be in the subject alternative name section (RFC2818, page 4):
In some cases, the URI is specified as an IP address rather than a
hostname. In this case, the iPAddress subjectAltName must be present
in the certificate and must exactly match the IP in the URI.
The actual behavior differs between implementations. Some accept the IP as CN, others not. Some implement the correct behavior to require the IP as type iPAddress while others expect it as type dNSName. So your better put it as CN and additionally in the subject alternative names section as iPAdress and dNSName :(
Volley SSL - Hostname was not verified
Let's assume your server app is hosting inside a server machine which has a server certificate in which "Issued to"
is "localhost"
, for example. Then, inside verify method you can verify "localhost"
.
HostnameVerifier hostnameVerifier = new HostnameVerifier() {
@Override
public boolean verify(String hostname, SSLSession session) {
HostnameVerifier hv =
HttpsURLConnection.getDefaultHostnameVerifier();
return hv.verify("localhost", session);
}
};
You can read more at the following links:
HostnameVerifier
It is to be used during a handshake if the URL's hostname does not match the peer's identification hostname.
Common Problems with Hostname Verification
One reason this can happen is due to a server configuration error. The
server is configured with a certificate that does not have a subject
or subject alternative name fields that match the server you are
trying to reach...
Then, in your Volley app, you can create a HurlStack
, overriding createConnection
in which setHostnameVerifier
for the httpsURLConnection
.
Hope this helps!
Android Hostname was not be verified. How to allow all hosts?
This error occurs when the TLS certificate is either self-signed or the domain on the certificate doesn't match the server's host name.
This answer provides a complete solution:
/**
* Disables the SSL certificate checking for new instances of {@link HttpsURLConnection} This has been created to
* aid testing on a local box, not for use on production.
*/
private static void disableSSLCertificateChecking() {
TrustManager[] trustAllCerts = new TrustManager[] {
new X509TrustManager() {
@Override
public void checkClientTrusted(java.security.cert.X509Certificate[] x509Certificates, String s) throws java.security.cert.CertificateException {
// not implemented
}
@Override
public void checkServerTrusted(java.security.cert.X509Certificate[] x509Certificates, String s) throws java.security.cert.CertificateException {
// not implemented
}
@Override
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
return null;
}
}
};
try {
HttpsURLConnection.setDefaultHostnameVerifier(new HostnameVerifier() {
@Override
public boolean verify(String s, SSLSession sslSession) {
return true;
}
});
SSLContext sc = SSLContext.getInstance("TLS");
sc.init(null, trustAllCerts, new java.security.SecureRandom());
HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
} catch (KeyManagementException e) {
e.printStackTrace();
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
}
}
Simply run that once at any time before making your first HTTPS connection. If you control the server, though, it is strongly preferred to try and obtain a valid certificate instead.
Related Topics
How to Change Separator Color in Navigationview
Android:How to Update the Selector(Statelistdrawable) Programmatically
Android Development: Using Image from Assets in a Webview's HTML
How to Get Bitmap from a Url in Android
Get the Last Picture Taken by User
Java.Lang.Illegalargumentexception: Can Only Use Lower 16 Bits for Requestcode
Write_Secure_Settings Permission Error Even When Added in Manifest
How to Shutdown an Android Mobile Programmatically
Android Spannablestring Set Background Behind Part of Text
Accessing Files from Genymotion Sd Card
Android: How to Get a List of All Available Intent Filters
How to Programmatically Launch a Specific Application
Save State of Activity When Orientation Changes Android
Failed to Connect to Camera Service
Android: Backspace in Webview/Baseinputconnection
Adt Doesn't Create Default Hello World But Command Line Does