Apache HttpClient resolving domain to IP address and not matching certificate

StackOverflow https://stackoverflow.com/questions/7909224

Question

When using the Apache HttpComponents HttpClient library (4.0.2) I'm having a problem where the certificate doesn't get validated properly. The certificate is valid for the domain name (let's call it example.com) however it's getting validated against the IP address instead:

hostname in certificate didn't match: <123.123.123.123> != <*.example.com>

My code for making the connection is:

    HttpParams httpParams = new BasicHttpParams();
    HttpConnectionParams.setConnectionTimeout(httpParams, 5000);
    HttpConnectionParams.setSoTimeout(httpParams, 5000);
    DefaultHttpClient httpClient = new DefaultHttpClient(httpParams);            
    String url = "https://www.example.com";
    HttpGet get = new HttpGet(url);
    HttpResponse httpResponse = httpClient.execute(get);
    String response = EntityUtils.toString(httpResponse.getEntity()).trim();

The certificate itself shows as valid when connecting through a web browser and is valid for the domain name I'm connecting to:

CN = *.example.com

The certificate is also added to the Java keystore (tested using regular HttpsURLConnection).

Any ideas why this code uses the IP address instead of the domain name?

Was it helpful?

Solution

Appears to be a known bug with HttpClient 4.0.2 - https://issues.apache.org/jira/browse/HTTPCLIENT-996 The bug suggests any of the following:

  • Upgrade to version 4.0.3 or newer
  • Downgrade to 4.0.1
  • Use the AllowAllHostnameVerifier
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top