棒棒糖和Pie需要不同的HostnameVerifier变量

时间:2019-05-15 14:49:20

标签: android sockets ssl sslhandshakeexception httpsurlconnection

我有共享的虚拟主机。我们称之为 “ hostingPlatform.com” 。我拥有我的域名,我们将其称为 “ myDomain.com”

在我的Android应用中,我正在使用HostnameVerifier验证主机。对于Lollipop,我可以连接到我的域,并在托管平台上对其进行验证。

SocketFactory sf = SSLSocketFactory.getDefault();
SSLSocket socket = (SSLSocket) sf.createSocket("myDomain.com", 443);
HostnameVerifier hv = HttpsURLConnection.getDefaultHostnameVerifier();
SSLSession s = socket.getSession();

    if (!hv.verify("hostingPlatform.com", s)) {
        throw new SSLHandshakeException("found " + s.getPeerPrincipal() + " " +s.getProtocol() +" "+s.getPeerHost());
    }

现在此示例可在Android Lollipop中使用,但不适用于Pie之类的较新版本。如果我在Pie中运行它,则会出现以下错误。 

javax.net.ssl.SSLHandshakeException: ERROR found CN=myDomain.com, OU=PositiveSSL, OU=Domain Control Validated TLSv1.2 myDomain.com

对于Pie,我必须获得一个到我的域的套接字,并使用我的域对其进行验证,如下所示。

SocketFactory sf = SSLSocketFactory.getDefault();
SSLSocket socket = (SSLSocket) sf.createSocket("myDomain.com", 443);
HostnameVerifier hv = HttpsURLConnection.getDefaultHostnameVerifier();
SSLSession s = socket.getSession();

    if (!hv.verify("myDomain.com", s)) {
        throw new SSLHandshakeException("found " + s.getPeerPrincipal() + " " +s.getProtocol() +" "+s.getPeerHost());
    }

这对Pie效果很好,但不适用于Lollipop。当我在棒棒糖中运行它时,我得到以下信息。

javax.net.ssl.SSLPeerUnverifiedException: No peer certificate
    at com.android.org.conscrypt.SSLNullSession.getPeerCertificates(SSLNullSession.java:104
    at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:93)
    at org.apache.http.conn.ssl.SSLSocketFactory.createSocket(SSLSocketFactory.java:389)

javax.net.ssl.SSLHandshakeException: ERROR found CN=*.hostingPlatform.com, OU=PositiveSSL Wildcard, OU=Domain Control Validated TLSv1.2 myDomain.com

我对此的解决方案是将它们都放在嵌套的if语句中,以同时满足两者,但我认为情况并非如此。

SocketFactory sf = SSLSocketFactory.getDefault();
SSLSocket socket = (SSLSocket) sf.createSocket("myDomain.com", 443);
HostnameVerifier hv = HttpsURLConnection.getDefaultHostnameVerifier();
SSLSession s = socket.getSession();

    if (!hv.verify("hostingPlatform.com", s))
    {
        if (!hv.verify("myDomain.com", s)) {
            throw new SSLHandshakeException("ERROR found " + s.getPeerPrincipal() + " " +s.getProtocol() +" "+s.getPeerHost());
        }
    }

任何人都知道为什么会这样吗?任何帮助深表感谢!

0 个答案:

没有答案
相关问题
最新问题