We are using Google's Gmail API (https://gmail.googleapis.com/gmail/v1/users/{userId}/history) in our application and the API is returning Certificate with different CNs: sometimes the CN is “google.com” and some other times its "*.googleapi.com". Are there any other CNs which it can return? Is there a standard list of CNs which we can refer to and handle it in our code?
This is important for us for security reasons. We are using below in our application code.
NetHttpTransport.Builder().trustCertificates(GoogleUtils.getCertificateTrustStore()).setProxy(proxy).setHostnameVerifier(new CustomHostNameVerifier()).build();
Here CustomHostNameVerifier checks for the Strict CN checking , if CN from certificate does not match with the one in the URL in the API then it fails in checking , so from security standpoint it is doing well and good. However, our API calls have recently started failing because of these different CNs recently.
1.Below is the WORKING Scenario where google is returning the Certificate with CN as *.googleapi.com , this API requests work fine.
2.Below is the NON WORKING One , where Google is sending the CN as “google.com” , this request fails , because the API URL has googleapis.com but Google is returning the cert with CN as “google.com” , this API request is failing one.
