主机名在Lollipop设备中不匹配，但在邮递员和棉花糖设备中可以正常使用 [英] Hostname does not match in Lollipop devices but works fine in Postman and marshmallow devices

问题描述

最近SSL证书已添加到服务器，因此我已将Android中的网址从 http://appname.com 到 https://www.appname.com 上，这在棉花糖设备和Postman上工作正常，但在棒棒糖设备抛出javax.net.ssl.SSLException:证书中的主机名不匹配:www.appname.com！= www.companyname.com或www.companyname.com或companyname.com

Recently SSL certificates were added to the server, so I have changed the url in android from http://appname.com to https://www.appname.com , this works fine on marshmallow devices and Postman, but on Lollipop devices throws javax.net.ssl.SSLException: hostname in certificate didn't match: www.appname.com != www.companyname.com OR www.companyname.com OR companyname.com

我尝试在setHostnameVerifier中添加companyname.com，但没有帮助.这是代码:

I have tried adding the companyname.com in setHostnameVerifier but it did not help. here is the code:

 HashMap<String, String> postDataParams=new HashMap<>();
        postDataParams.put("u_phone",CN);
        postDataParams.put("u_code",st);
        postDataParams.put("device_flag",mob_device);
        postDataParams.put("app_type","PRO");
        HostnameVerifier hostnameVerifier = new HostnameVerifier() {
            @Override
            public boolean verify(String hostname, SSLSession session) {
                HostnameVerifier hv =
                        HttpsURLConnection.getDefaultHostnameVerifier();
                return hv.verify("companyname.com", session);
            }
        };


        try{

            URL url = new URL("https://www.appname.com/sync/validatecheck.php");
            HttpsURLConnection urlConnection =
                    (HttpsURLConnection)url.openConnection();
            //urlConnection.setHostnameVerifier(hostnameVerifier);
            urlConnection.setReadTimeout(10000);
            urlConnection.setConnectTimeout(15000);
            urlConnection.setRequestMethod("POST");
            urlConnection.setDoInput(true);
            urlConnection.setDoOutput(true);

            OutputStream os = urlConnection.getOutputStream();
            BufferedWriter writer = new BufferedWriter(
                    new OutputStreamWriter(os, "UTF-8"));
            writer.write(getPostDataString(postDataParams));

            writer.flush();
            writer.close();
            os.close();
            int responseCode=urlConnection.getResponseCode();

            if (responseCode == HttpsURLConnection.HTTP_OK) {
                String line;
                BufferedReader br=new BufferedReader(new InputStreamReader(urlConnection.getInputStream()));
                while ((line=br.readLine()) != null) {
                    result+=line;
                }
            }
            else {
                result="";

            }
        } catch (Exception e) {
            Log.e("log_tag", "Error in http connection "+e.toString());
        }

这里可能是什么问题?以及如何解决这个问题?

What might be the issue here? and how to solve this?

推荐答案

该错误表示已向其颁发证书的主机名(主题中的CN字段)与服务器名称不匹配.

The error means that the hostname to which the certificate has been issued (CN field in subject) does not match with the server name.

如果使用URL https://www.appname.com，则应将证书颁发给www.appname.com或*.appname.com.证书的主机名是appname.com，那么错误是正确的，您可以使用https://appname.com，但不能使用https://www.appname.com.

If you are using the URL https://www.appname.com then the certificate should be issued to www.appname.com or *.appname.com. It hostname of the certificate is appname.com then error is correct and you can use https://appname.com but not https://www.appname.com.

在https://appname.com中部署服务器，为www.appname.com颁发新证书或将HostnameVerifier设置为允许www.appname.com

Deploy your server in https://appname.com, issue a new certificate for www.appname.com or set a HostnameVerifier to allow www.appname.com

这篇关于主机名在Lollipop设备中不匹配，但在邮递员和棉花糖设备中可以正常使用的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！