{ "id": "126168", "key": "TIMOB-16468", "fields": { "issuetype": { "id": "1", "description": "A problem which impairs or prevents the functions of the product.", "name": "Bug", "subtask": false }, "project": { "id": "10153", "key": "TIMOB", "name": "Titanium SDK/CLI", "projectCategory": { "id": "10100", "description": "Titanium and related SDKs used in application development", "name": "Client" } }, "fixVersions": [], "resolution": null, "resolutiondate": null, "created": "2014-02-10T18:37:19.000+0000", "priority": { "name": "Low", "id": "4" }, "labels": [], "versions": [ { "id": "15856", "description": "Release 3.2.1", "name": "Release 3.2.1", "archived": false, "released": true, "releaseDate": "2014-02-10" } ], "issuelinks": [], "assignee": null, "updated": "2018-02-28T20:04:25.000+0000", "status": { "description": "The issue is open and ready for the assignee to start work on it.", "name": "Open", "id": "1", "statusCategory": { "id": 2, "key": "new", "colorName": "blue-gray", "name": "To Do" } }, "components": [ { "id": "10202", "name": "Android", "description": "Android Platform" } ], "description": "The HTTPClient fails to verify the SSL Certificate and I think I know the reason why.\r\n\r\nLog:\r\n\r\n{code}\r\n02-10 15:17:01.349: E/TiHttpClient(23844): (TiHttpClient-3) [2096,32252] HTTP Error (javax.net.ssl.SSLException): hostname in certificate didn't match: != OR OR \r\n02-10 15:17:01.349: E/TiHttpClient(23844): javax.net.ssl.SSLException: hostname in certificate didn't match: != OR OR \r\n02-10 15:17:01.349: E/TiHttpClient(23844): \tat org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:185)\r\n02-10 15:17:01.349: E/TiHttpClient(23844): \tat org.apache.http.conn.ssl.BrowserCompatHostnameVerifier.verify(BrowserCompatHostnameVerifier.java:54)\r\n02-10 15:17:01.349: E/TiHttpClient(23844): \tat org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:114)\r\n02-10 15:17:01.349: E/TiHttpClient(23844): \tat org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:95)\r\n02-10 15:17:01.349: E/TiHttpClient(23844): \tat org.apache.http.conn.ssl.SSLSocketFactory.createSocket(SSLSocketFactory.java:381)\r\n02-10 15:17:01.349: E/TiHttpClient(23844): \tat org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:165)\r\n02-10 15:17:01.349: E/TiHttpClient(23844): \tat org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:164)\r\n02-10 15:17:01.349: E/TiHttpClient(23844): \tat org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:119)\r\n02-10 15:17:01.349: E/TiHttpClient(23844): \tat org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:360)\r\n02-10 15:17:01.349: E/TiHttpClient(23844): \tat org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:555)\r\n02-10 15:17:01.349: E/TiHttpClient(23844): \tat org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:653)\r\n02-10 15:17:01.349: E/TiHttpClient(23844): \tat org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:637)\r\n02-10 15:17:01.349: E/TiHttpClient(23844): \tat ti.modules.titanium.network.TiHTTPClient$ClientRunnable.run(TiHTTPClient.java:1287)\r\n02-10 15:17:01.349: E/TiHttpClient(23844): \tat java.lang.Thread.run(Thread.java:856)\r\n{code}\r\n\r\nWhat is happening here is that I have 2 virtual hosts running on the same server, so when the HTTPClient is going to check the certificate, he is resolving host1.com to get the ip address and then connects and ask for the certificate without specifing the host. So by default the server return the certificate for host2.com. I have checked this and the HTTPClient correctly validates the SSL Certificate for host2.com because it is the default. This bug is on Android only.\r\n\r\nEnviorment:\r\nTitanium Studio 3.2.0.201312191547\r\nTitanium SDK 3.2.0\r\nWindows 7\r\nAndroid device Samsung Galaxy S2 Android v4.2.2", "attachment": [], "flagged": false, "summary": "Android: SSLException with certificate validation with HTTPClient with multiple virtual hosts", "creator": { "name": "davidbenko", "key": "davidbenko", "displayName": "David Benko", "active": true, "timeZone": "America/Los_Angeles" }, "subtasks": [], "reporter": { "name": "davidbenko", "key": "davidbenko", "displayName": "David Benko", "active": true, "timeZone": "America/Los_Angeles" }, "environment": "Titanium Studio 3.2.0.201312191547\r\nTitanium SDK 3.2.0\r\nWindows 7\r\nAndroid device Samsung Galaxy S2 Android v4.2.2", "comment": { "comments": [ { "id": "293043", "author": { "name": "stoda", "key": "stoda", "displayName": "Seth Toda", "active": true, "timeZone": "America/Los_Angeles" }, "body": "Hello David, could you post some sample code that we can test to recreate the issue? Also, can you verify that your errors are still occurring on 3.2.1GA? \n\nThanks,\nSeth", "updateAuthor": { "name": "stoda", "key": "stoda", "displayName": "Seth Toda", "active": true, "timeZone": "America/Los_Angeles" }, "created": "2014-02-14T01:05:04.000+0000", "updated": "2014-02-14T01:05:04.000+0000" }, { "id": "293347", "author": { "name": "davidbenko", "key": "davidbenko", "displayName": "David Benko", "active": true, "timeZone": "America/Los_Angeles" }, "body": "Yes, it still occurring on 3.2.1.", "updateAuthor": { "name": "davidbenko", "key": "davidbenko", "displayName": "David Benko", "active": true, "timeZone": "America/Los_Angeles" }, "created": "2014-02-15T23:43:40.000+0000", "updated": "2014-12-07T22:39:30.000+0000" }, { "id": "293348", "author": { "name": "davidbenko", "key": "davidbenko", "displayName": "David Benko", "active": true, "timeZone": "America/Los_Angeles" }, "body": "nginx version: nginx/1.4.3", "updateAuthor": { "name": "davidbenko", "key": "davidbenko", "displayName": "David Benko", "active": true, "timeZone": "America/Los_Angeles" }, "created": "2014-02-15T23:44:53.000+0000", "updated": "2014-02-15T23:44:53.000+0000" }, { "id": "293477", "author": { "name": "ragrawal", "key": "ragrawal", "displayName": "Ritu Agrawal", "active": true, "timeZone": "America/Los_Angeles" }, "body": "Moving this ticket to engineering as I can reproduce this issue with the provided URL on Android platform. Same URL works fine on iOS platform.", "updateAuthor": { "name": "ragrawal", "key": "ragrawal", "displayName": "Ritu Agrawal", "active": true, "timeZone": "America/Los_Angeles" }, "created": "2014-02-18T02:52:24.000+0000", "updated": "2014-02-18T02:52:24.000+0000" }, { "id": "310659", "author": { "name": "wayne", "key": "wayne", "displayName": "Wayne Bloore", "active": true, "timeZone": "Europe/London" }, "body": "I'm having this same problem on 3.2.3. Web server is running Nginx 1.7. iOS works fine, but Android gets SSL certificate for default virtual host.", "updateAuthor": { "name": "wayne", "key": "wayne", "displayName": "Wayne Bloore", "active": true, "timeZone": "Europe/London" }, "created": "2014-06-24T16:30:44.000+0000", "updated": "2014-06-24T16:30:44.000+0000" }, { "id": "333075", "author": { "name": "achimhoth", "key": "achimhoth", "displayName": "Achim Hoth", "active": true, "timeZone": "America/Los_Angeles" }, "body": "Having the same problem in 3.4GA. Has someone found a workaround?", "updateAuthor": { "name": "achimhoth", "key": "achimhoth", "displayName": "Achim Hoth", "active": true, "timeZone": "America/Los_Angeles" }, "created": "2014-11-20T16:26:59.000+0000", "updated": "2014-11-20T16:26:59.000+0000" } ], "maxResults": 6, "total": 6, "startAt": 0 } } }