Hostname does not match in Lollipop devices but works fine in Postman and marshmallow devices

问题

Recently SSL certificates were added to the server, so I have changed the url in android from http://appname.com to https://www.appname.com , this works fine on marshmallow devices and Postman, but on Lollipop devices throws javax.net.ssl.SSLException: hostname in certificate didn't match: www.appname.com != www.companyname.com OR www.companyname.com OR companyname.com

I have tried adding the companyname.com in setHostnameVerifier but it did not help. here is the code:

 HashMap<String, String> postDataParams=new HashMap<>();
        postDataParams.put("u_phone",CN);
        postDataParams.put("u_code",st);
        postDataParams.put("device_flag",mob_device);
        postDataParams.put("app_type","PRO");
        HostnameVerifier hostnameVerifier = new HostnameVerifier() {
            @Override
            public boolean verify(String hostname, SSLSession session) {
                HostnameVerifier hv =
                        HttpsURLConnection.getDefaultHostnameVerifier();
                return hv.verify("companyname.com", session);
            }
        };


        try{

            URL url = new URL("https://www.appname.com/sync/validatecheck.php");
            HttpsURLConnection urlConnection =
                    (HttpsURLConnection)url.openConnection();
            //urlConnection.setHostnameVerifier(hostnameVerifier);
            urlConnection.setReadTimeout(10000);
            urlConnection.setConnectTimeout(15000);
            urlConnection.setRequestMethod("POST");
            urlConnection.setDoInput(true);
            urlConnection.setDoOutput(true);

            OutputStream os = urlConnection.getOutputStream();
            BufferedWriter writer = new BufferedWriter(
                    new OutputStreamWriter(os, "UTF-8"));
            writer.write(getPostDataString(postDataParams));

            writer.flush();
            writer.close();
            os.close();
            int responseCode=urlConnection.getResponseCode();

            if (responseCode == HttpsURLConnection.HTTP_OK) {
                String line;
                BufferedReader br=new BufferedReader(new InputStreamReader(urlConnection.getInputStream()));
                while ((line=br.readLine()) != null) {
                    result+=line;
                }
            }
            else {
                result="";

            }
        } catch (Exception e) {
            Log.e("log_tag", "Error in http connection "+e.toString());
        }

What might be the issue here? and how to solve this?

回答1:

The error means that the hostname to which the certificate has been issued (CN field in subject) does not match with the server name.

If you are using the URL https://www.appname.com then the certificate should be issued to www.appname.com or *.appname.com. It hostname of the certificate is appname.com then error is correct and you can use https://appname.com but not https://www.appname.com.

Deploy your server in https://appname.com, issue a new certificate for www.appname.com or set a HostnameVerifier to allow www.appname.com

来源：https://stackoverflow.com/questions/43090874/hostname-does-not-match-in-lollipop-devices-but-works-fine-in-postman-and-marshm