[sword-devel] SSL mystery @ crosswire.org
Tuomas Airaksinen
tuomas.airaksinen at gmail.com
Thu Sep 17 09:33:34 EDT 2020
Related issue: https://github.com/AndBible/and-bible/issues/823
Could there be an explanation for this in (mis?)configuration of
crosswire.org?
On Thu, Sep 17, 2020 at 4:19 PM Tuomas Airaksinen <
tuomas.airaksinen at gmail.com> wrote:
> When I type
>
> host crosswire.org it gives me ip 209.250.6.226.
>
> When I fetch ssl cert for that ip (openssl s_client -connect
> 209.250.6.226:443), it gives cert with CN www.ancc-gan.de.
>
> This confuses And Bible on Android 5 (lollipop), as host name checking
> will fail to
>
> javax.net.ssl.SSLPeerUnverifiedException: Certificate for <crosswire.org>
> doesn't match any of the subject alternative names: [www.ancc-gan.de]
>
> In more recent Android versions it works properly.
>
> Now for Android 5 I have made exception such that host name verification
> is bypassed, but that's not neat nor secure.
>
> --
> T: Tuomas
>
--
T: Tuomas
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://crosswire.org/pipermail/sword-devel/attachments/20200917/af7914d2/attachment.html>
More information about the sword-devel
mailing list