Details
-
Improvement
-
Status: Resolved
-
Minor
-
Resolution: Fixed
-
4.5.5
-
None
-
None
Description
I'm using HttpClient on Android, repackaged to avoid conficting with the platform's org.apache old packages.
It works fine, except that making any https request will crash using the defaults.
The reason is that DefaultHostnameVerifier uses javax.naming.* classes, which are not present on Android.
So to be able to make https request, the default hostname verifier must be replaced. For example:
httpClient = HttpClients.custom()
.setSSLHostnameVerifier(NoopHostnameVerifier.INSTANCE)
.build();
Using NoopHostnameVerifier is rarely a good idea, so for the time being I have replaced it with and older version of BrowserCompatHostnameVerifier that doesn't internally call DefaultHostnameVerifier.
Ideally, I'd like DefaultHostnameVerifier to detect dynamically if javax.naming.* classes are available, and switch to an alternate method not using them if they are not. That way, HttpClient would work out of the box for Android users.