1

I am trying to get an image from a URL which starts with HTTPS. I keep getting the Hostname was not verified exception.

I took a look at this question java.io.IOException: Hostname was not verified but didn't understood how to make it work.

Is there any way I can allow all hostnames?

Here's the code thats giving me trouble: 

public Drawable drawableFromUrl(String url) {
    Bitmap x;
    HttpURLConnection connection;
    try {
        connection = (HttpURLConnection) new URL(url).openConnection();
        connection.connect();
        InputStream input = connection.getInputStream();
        x = BitmapFactory.decodeStream(input);
        return new BitmapDrawable(x);
    } catch (MalformedURLException e) {
        e.printStackTrace();
    } catch (IOException e) {
        return null;
    }
    return null;
}

Thanks in advance for your help

Community
  • 1
  • 1
Carla Urrea Stabile
  • 869
  • 1
  • 11
  • 35

1 Answers1

0

This error occurs when the TLS certificate is either self-signed or the domain on the certificate doesn't match the server's host name.

This answer provides a complete solution:

/**
 * Disables the SSL certificate checking for new instances of {@link HttpsURLConnection} This has been created to
 * aid testing on a local box, not for use on production.
 */
private static void disableSSLCertificateChecking() {
    TrustManager[] trustAllCerts = new TrustManager[] {
        new X509TrustManager() {

            @Override
            public void checkClientTrusted(java.security.cert.X509Certificate[] x509Certificates, String s) throws java.security.cert.CertificateException {
                // not implemented
            }

            @Override
            public void checkServerTrusted(java.security.cert.X509Certificate[] x509Certificates, String s) throws java.security.cert.CertificateException {
                // not implemented
            }

            @Override
            public java.security.cert.X509Certificate[] getAcceptedIssuers() {
                return null;
            }

        }
    };

    try {

        HttpsURLConnection.setDefaultHostnameVerifier(new HostnameVerifier() {

            @Override
            public boolean verify(String s, SSLSession sslSession) {
                return true;
            }

        });
        SSLContext sc = SSLContext.getInstance("TLS");
        sc.init(null, trustAllCerts, new java.security.SecureRandom());
        HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());

    } catch (KeyManagementException e) {
        e.printStackTrace();
    } catch (NoSuchAlgorithmException e) {
        e.printStackTrace();
    }
}

Simply run that once at any time before making your first HTTPS connection. If you control the server, though, it is strongly preferred to try and obtain a valid certificate instead.

Community
  • 1
  • 1
Jeffrey Mixon
  • 12,846
  • 4
  • 32
  • 55
  • It doesn't work.I just called this when the user logs in. But I still get the same error when I try to get the image – Carla Urrea Stabile Nov 09 '14 at 17:58
  • Now I called it every time I make an HTPPS connection and my error changed to FileNotFoundException so I guess that solved the problem. Why did you say I should run this just once? – Carla Urrea Stabile Nov 09 '14 at 18:04