javax.net.ssl.SSLPeerUnverifiedException: Host name 'sni.velox.ch' does not match the certificate subject provided by the peer (CN=alice.sni.velox.ch, O=Kaspar Brand, L=Zuerich, ST=Zuerich, C=CH)

GitHub | batkinson | 2 months ago
  1. 0

    GitHub comment 199#248654670

    GitHub | 2 months ago | batkinson
    javax.net.ssl.SSLPeerUnverifiedException: Host name 'sni.velox.ch' does not match the certificate subject provided by the peer (CN=alice.sni.velox.ch, O=Kaspar Brand, L=Zuerich, ST=Zuerich, C=CH)
  2. 0

    HttpClient-User - I get SSLPeerUnverifiedException after upgrading from 4.3.6 to 4.4

    nabble.com | 1 year ago
    javax.net.ssl.SSLPeerUnverifiedException: Host name 'raw.githubusercontent.com' does not match the certificate subject provided by the peer (CN=www.github.com, O="Fastly, Inc.", L=San Francisco, ST=California, C=US)
  3. 0

    I tried to use HttpClient to download this file: https://github.com/activescott/lessmsi/releases/download/v1.2.0/lessmsi-v1.2.0.zip My browser and other tools have no problem with it. HttpClient 4.3.6 is also fine, but 4.4 fails with this exception: {code} javax.net.ssl.SSLPeerUnverifiedException: Host name 's3.amazonaws.com' does not match the certificate subject provided by the peer (CN=s3.amazonaws.com, O=Amazon.com Inc., L=Seattle, ST=Washington, C=US) at org.apache.http.conn.ssl.SSLConnectionSocketFactory.verifyHostname(SSLConnectionSocketFactory.java:466) at org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:396) at org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:354) at org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:134) at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:353) at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:380) at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:236) at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:184) at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:88) at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:110) at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:184) at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82) at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:107) at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:55) at org.apache.http.client.fluent.Request.execute(Request.java:151) at com.sg.maven.relpkg.UnpackUtil.unpackJDK(UnpackUtil.java:55) at com.sg.maven.relpkg.ReleasePackageBuilder.build(ReleasePackageBuilder.java:151) at com.sg.maven.relpkg.Main.main(Main.java:84) {code}

    Apache's JIRA Issue Tracker | 2 years ago | Richard DiCroce
    javax.net.ssl.SSLPeerUnverifiedException: Host name 's3.amazonaws.com' does not match the certificate subject provided by the peer (CN=s3.amazonaws.com, O=Amazon.com Inc., L=Seattle, ST=Washington, C=US)
  4. Speed up your debug routine!

    Automated exception search integrated into your IDE

  5. 0

    Hi, Just downloaded And patched client to replace the HttpGet variable : {code} HttpGet httpget = new HttpGet("https://raw.githubusercontent.com/test"); {code} From the first example : https://hc.apache.org/httpcomponents-client-ga/httpclient/examples/org/apache/http/examples/client/ClientWithResponseHandler.java Compiled it with : {code} javac -cp .:httpcomponents-client-4.4.1/lib/httpclient-4.4.1.jar:httpcomponents-core-4.4.1/lib/httpcore-4.4.1.jar ClientWithResponseHandler.java {code} Run it and get error : {code} java -cp .:./httpcomponents-client-4.4.1/lib/httpclient-4.4.1.jar:./httpcomponents-core-4.4.1/lib/httpcore-4.4.1.jar:./httpcomponents-client-4.4.1/lib/commons-logging-1.2.jar ClientWithResponseHandler Executing request GET https://raw.githubusercontent.com/test HTTP/1.1 Exception in thread "main" javax.net.ssl.SSLPeerUnverifiedException: Host name 'raw.githubusercontent.com' does not match the certificate subject provided by the peer (CN=www.github.com, O="Fastly, Inc.", ST=California, L=San Francisco, C=US) at org.apache.http.conn.ssl.SSLConnectionSocketFactory.verifyHostname(SSLConnectionSocketFactory.java:465) at org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:395) at org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:353) at org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:134) at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:353) at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:380) at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:236) at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:184) at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:88) at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:110) at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:184) at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:71) at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:220) at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:164) at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:139) at ClientWithResponseHandler.main(ClientWithResponseHandler.java:69) {code} Of course, access to https://raw.githubusercontent.com/test works in Chrome 40 and Firefox 37. The certificate has many hosts : {code} Non critique Nom DNS: www.github.com Nom DNS: github.com Nom DNS: *.github.com Nom DNS: *.github.io Nom DNS: github.io Nom DNS: *.githubusercontent.com Nom DNS: githubusercontent.com {code} Maybe some few unit tests might be added to https://github.com/apache/httpclient/blob/a0b31445afb3da5aa91822535ab23f5713162a5e/httpclient/src/test/java/org/apache/http/conn/ssl/TestDefaultHostnameVerifier.java

    Apache's JIRA Issue Tracker | 2 years ago | Richard Bergoin
    javax.net.ssl.SSLPeerUnverifiedException: Host name 'raw.githubusercontent.com' does not match the certificate subject provided by the peer (CN=www.github.com, O="Fastly, Inc.", ST=California, L=San Francisco, C=US)
  6. 0

    javax.net.ssl.SSLPeerUnverifiedException: Host name does not match the certificate subject provided by the peer

    Stack Overflow | 11 months ago
    javax.net.ssl.SSLPeerUnverifiedException: Host name 'XXXXXXXXX' does not match the certificate subject provided by the peer (CN=localhost, O=WSO2, L=Mountain View, ST=CA, C=US)

    Not finding the right solution?
    Take a tour to get the most out of Samebug.

    Tired of useless tips?

    Automated exception search integrated into your IDE

    Root Cause Analysis

    1. javax.net.ssl.SSLPeerUnverifiedException

      Host name 'sni.velox.ch' does not match the certificate subject provided by the peer (CN=alice.sni.velox.ch, O=Kaspar Brand, L=Zuerich, ST=Zuerich, C=CH)

      at org.opendatakit.httpclientandroidlib.conn.ssl.SSLConnectionSocketFactory.verifyHostname()
    2. org.opendatakit.httpclientandroidlib
      CloseableHttpClient.execute
      1. org.opendatakit.httpclientandroidlib.conn.ssl.SSLConnectionSocketFactory.verifyHostname(SSLConnectionSocketFactory.java:465)
      2. org.opendatakit.httpclientandroidlib.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:395)
      3. org.opendatakit.httpclientandroidlib.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:353)
      4. org.opendatakit.httpclientandroidlib.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:141)
      5. org.opendatakit.httpclientandroidlib.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:353)
      6. org.opendatakit.httpclientandroidlib.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:380)
      7. org.opendatakit.httpclientandroidlib.impl.execchain.MainClientExec.execute(MainClientExec.java:236)
      8. org.opendatakit.httpclientandroidlib.impl.execchain.ProtocolExec.execute(ProtocolExec.java:184)
      9. org.opendatakit.httpclientandroidlib.impl.execchain.RetryExec.execute(RetryExec.java:88)
      10. org.opendatakit.httpclientandroidlib.impl.execchain.RedirectExec.execute(RedirectExec.java:110)
      11. org.opendatakit.httpclientandroidlib.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:184)
      12. org.opendatakit.httpclientandroidlib.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82)
      13. org.opendatakit.httpclientandroidlib.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:107)
      14. org.opendatakit.httpclientandroidlib.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:1)
      14 frames
    3. org.odk.collect
      SNITest.apacheHttpClientSupportsSNI
      1. org.odk.collect.android.SNITest.apacheHttpClientSupportsSNI(SNITest.java:41)
      1 frame