java.io.IOException: Hostname was not verified

Question

I am trying to connect to a URL from a my Android app in Andorid Version 4.1.1, and I get the error indicated in the Title of my question, but when I tried to connect the sa

Answer 1

I experienced this problem in 4.1.1 and 4.1.2, using HTTPSUrlConnection.

After some poking around I discovered that it was because the Apache server I am dealing with has multiple virtual hosts serving https traffic, resulting in SNI issues in Android - at least prior to JellyBean (I have unconfirmed reports that it was working in JB).

In my case there were 3 virtual hosts serving https traffic:

• mydomain.com
• api.mydomain.com (the one I was trying to deal with)
• admin.mydomain.com

Probing api.* with openssl_client like this:

openssl s_client -debug -connect api.mydomain.com:443

... always returned the root domain's certificate - buried in the output was something like:

Certificate chain
 0 s:/OU=Domain Control Validated/CN=mydomain.com
 ...

... specifying the server name in the openssl_client command-line:

openssl s_client -debug -servername api.mydomain.com -connect api.mydomain.com:443

... returned the certificate I was expecting to see:

Certificate chain
 0 s:/OU=Domain Control Validated/CN=api.mydomain.com

I was able to resolve the problem by moving the root domain virtual-host to a different physical host.

It seems that the Android HostnameVerifier can live with multiple sub-domain's side-by-side as virtual hosts, but having the root domain as a virtual-host in the same apache caused issues.

I am not a sys-admin/dev-ops and so it is possible that there are Apache config options that could have resolved the problem that I am not aware of.