[sword-devel] SSL mystery @ crosswire.org
Tuomas Airaksinen
tuomas.airaksinen at gmail.com
Thu Sep 17 09:19:25 EDT 2020
When I type
host crosswire.org it gives me ip 209.250.6.226.
When I fetch ssl cert for that ip (openssl s_client -connect
209.250.6.226:443), it gives cert with CN www.ancc-gan.de.
This confuses And Bible on Android 5 (lollipop), as host name checking will
fail to
javax.net.ssl.SSLPeerUnverifiedException: Certificate for <crosswire.org>
doesn't match any of the subject alternative names: [www.ancc-gan.de]
In more recent Android versions it works properly.
Now for Android 5 I have made exception such that host name verification is
bypassed, but that's not neat nor secure.
--
T: Tuomas
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://crosswire.org/pipermail/sword-devel/attachments/20200917/90206420/attachment.html>
More information about the sword-devel
mailing list