search

TooTallNate / Java-WebSocket

A barebones WebSocket client and server implementation written in 100% Java.
http://tootallnate.github.io/Java-WebSocket
MIT License
10.54k stars 2.58k forks source link

Android wss "No subjectAltNames on the certificate match" error #1189

Closed yura910721 closed 3 years ago

yura910721 commented 3 years ago

I am using library version 1.5.1 and Android OS version 7.1.2. I was trying to follow "SSLClientExample", but I keep getting "javax.net.ssl.SSLHandshakeException: No subjectAltNames on the certificate match" error. Can anyone point me in a direction what to do? I am completely stuck. I tried adding SAN to my server certificate and keep getting the same error. Here is my code.

       SSLSocketFactory factory = null;

        AssetManager assetManager = getAssets();
        KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
        ks.load(assetManager.open("keystore.bks"), KEYPASSWORD.toCharArray());

        KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
        kmf.init(ks, KEYPASSWORD.toCharArray());

        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
        keyStore.load(assetManager.open("truststore.bks"), KEYPASSWORD.toCharArray());

        TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        tmf.init(keyStore);

        SSLContext sslContext = null;
        sslContext = SSLContext.getInstance("TLS");
        sslContext.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);

        factory = sslContext.getSocketFactory();

    ArrayList<IProtocol> protocols = new ArrayList<IProtocol>();
    protocols.add(new Protocol("ocpp1.6"));
    protocols.add(new Protocol(""));
    Draft_6455 draft_ocppAndFallBack = new Draft_6455(Collections.<IExtension>emptyList(),
            protocols);
      mWebSocketClient = new WebSocketClient(uri, draft_ocppAndFallBack) { ...}

      mWebSocketClient.setSocketFactory(factory);
marci4 commented 3 years ago

Hey,

Looks like your certificate does not match the url you are connecting to.

Best regards, Marcel

yura910721 commented 3 years ago

I am using the same URL from certificate's CN, but I kept getting the same error. The only way I could solve it(probably not really a legitimate solution), was to follow guide at https://github.com/TooTallNate/Java-WebSocket/wiki/No-such-method-error-setEndpointIdentificationAlgorithm and override hostname checker provided by Android.

It allowed me to move past this issue, but as I said I am not sure it is just a workaround or a real solution. Either way, since I am no longer dealing with this issue, I am going to close it for now.