SSLPeerUnverifiedException when providing self-signed Certificate on SSLSocketFactory

[GrayCygnus]

Hello there. First of all I want to congratulate you for such fine Library @vince-styling :) I have been struggling for days with alternatives and this one I tried and read and seems neat (although I don't know Chinese, the code is really self-explanatory).

Now, I am having an issue when providing my SSLSocketFactory to the HurlStack. The error I get reads (with xx on my sensible data):

javax.net.ssl.SSLPeerUnverifiedException: Hostname x.x.x.x not verified:
certificate: xxxx
DN: CN=xx.xx,O=xx,L=xx,ST=xx,C=xx
subjectAltNames: []

Before finding this great library, I successfully used my self-signed Certificate and was able to talk to my API via HTTPS, by setting it my SSLSocketFactory as done in the HurlStack. However, to be able to do that, I also had to specify a HostnameVerifier to the HttpsURLConnection. As of right now I pass my custom HostnameVerifier to the connection and it works ok.

Reading the source code, it seems to me that Netroid does not set a HostnameVerifier to the connection (as far as I understand, I could be wrong though), specifically on:

Netroid/library/src/main/java/com/vincestyling/netroid/stack/HurlStack.java

Lines 163 to 167 in 7e67a08

	if ("https".equals(url.getProtocol()) && mSslSocketFactory != null) {
	((HttpsURLConnection) connection).setSSLSocketFactory(mSslSocketFactory);
	}
	return connection;

What do you suggest I can do to overcome this situation, so I can set my own HostnameVerifier?

Thanks :)

[GrayCygnus]

I guess that the HurlStack could be added an extra parameter to the constructor where the HostnameVerifier is passed. Other option is not to add the parameter and instead add a generic HostnameVerifier if the connection is HTTPS, that just returns true, something like:

((HttpsURLConnection) connection).setHostnameVerifier(new HostnameVerifier() {
    @Override
    public boolean verify(String hostname, SSLSession session) {
        //custom verification here if desired
        return true;
    }
});

I suppose I could download the source code and add it myself, but want to hear what you think first.

[GrayCygnus]

Now that I think of it, is there a way to pass Authentication credentials to the connection?

[GrayCygnus]

Now that I think of it, is there a way to pass Authentication credentials to the connection?

I answered myself on this one. This can be achieved by providing an overrided FileDownloader, similar to this example:

Netroid/sample/src/main/java/com/vincestyling/netroid/sample/FileDownloadActivity.java

Lines 130 to 141 in 7e67a08

	Netroid.setFileDownloder(new FileDownloader(Netroid.getRequestQueue(), 1) {
	@Override
	public FileDownloadRequest buildRequest(File storeFile, String url) {
	return new FileDownloadRequest(storeFile, url) {
	@Override
	public void prepare() {
	addHeader("Accept-Encoding", "identity");
	super.prepare();
	}
	};
	}
	});

Where one would then call instead:

addHeader("Authorization", "Basic "+yourAuthCredentials)

Regarding the HostnameVerifier I still ignore how to pass it without having to reimplement the HurlStack class... will continue trying alternatives.

[vince-styling]

sorry, It's been a long time, I pay no time here.