Created
June 8, 2017 19:05
-
-
Save magicdude4eva/8553a1f59eb94d228cededffbc8dd917 to your computer and use it in GitHub Desktop.
How to bypass SSLProtocolException: handshake alert: unrecognized_name
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
/** Downloads a file from the specified URL to the specified local file path. | |
* It returns the number of bytes in the downloaded file, | |
* or throws an exception if there is an error. | |
* | |
* @param aURL | |
* @param aLocalFilePath | |
* @param aMilliSecondTimeout | |
* @param aSkipSNI | |
* @return | |
*/ | |
public static void downLoadFileFromURL(String aURL, String aLocalFilePath, int aMilliSecondTimeout, boolean aSkipSNI) { | |
try { | |
int responseCode; | |
HttpURLConnection httpUrlConnection; | |
String requestURL = aURL; | |
URL url; | |
int redirects = 0; | |
// handle multiple redirects | |
while(true) { | |
// open a connection to the URL and check it | |
url = new URL(requestURL); | |
URLConnection urlConnection = url.openConnection(); | |
// override hostnmae verifier if skipSNI is set | |
if (aSkipSNI && urlConnection instanceof HttpsURLConnection) { | |
HttpsURLConnection httpsUrlConnection = (HttpsURLConnection) urlConnection; | |
httpsUrlConnection.setHostnameVerifier(new SSLSkipSNIHostnameVerifier()); | |
} | |
// (GWN: 2010-05-12): We tell the server that we can support gzip/deflate | |
urlConnection.setRequestProperty("Accept-Encoding","gzip,deflate"); | |
urlConnection.setRequestProperty("User-Agent" , TRADEFEED_USER_AGENT_STRING); | |
httpUrlConnection = (HttpURLConnection) urlConnection; | |
httpUrlConnection.setInstanceFollowRedirects(true); | |
httpUrlConnection.setReadTimeout(aMilliSecondTimeout); | |
httpUrlConnection.setConnectTimeout(aMilliSecondTimeout); | |
responseCode = httpUrlConnection.getResponseCode(); | |
if (responseCode == HttpURLConnection.HTTP_MOVED_PERM || responseCode == HttpURLConnection.HTTP_MOVED_TEMP) { | |
if(++redirects == CONST_MAX_REDIRECTS) | |
throw new Exception("Too many redirects"); | |
String location = urlConnection.getHeaderField("Location"); | |
URL base = new URL(requestURL); | |
URL next = new URL(base, location); // Deal with relative URLs | |
requestURL = next.toExternalForm(); | |
continue; | |
} | |
break; | |
} | |
// if OK | |
if(responseCode == HttpsURLConnection.HTTP_OK) { | |
httpUrlConnection.setReadTimeout(aMilliSecondTimeout); | |
// (GWN: 2010-05-12): We get the encoding returned by the server and then flip the inputstream accordingly | |
// If the server does not support gzip/deflate, encoding will be NULL | |
String encoding = httpUrlConnection.getContentEncoding(); | |
InputStream receiving = null; | |
// get the file.... | |
} | |
} catch(Exception e) { | |
Trace.Log(Trace.MEDIUM, "Download of '" + aURL + "' failed with error=" + e.getMessage()); | |
} | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
/** | |
* | |
*/ | |
package com.test; | |
import javax.net.ssl.HostnameVerifier; | |
import javax.net.ssl.SSLSession; | |
/** | |
* | |
* During handshaking, if the URL's hostname and the server's identification hostname mismatch, the verification mechanism can call back to implementers | |
* of this interface to determine if this connection should be allowed. | |
* | |
* This allows us to treat some incorrectly configured HTTPS / SNI target servers as valid. | |
* | |
* @see javax.net.ssl.HttpsURLConnection#setHostnameVerifier(HostnameVerifier) | |
In the past we used to pass into the JVM runtime the option "-Djsse.enableSNIExtension=false" which would disable SNI extensions completely, bypassing any handshake checks. With the rewrite of Tradefeeds, this is now problematic, as the setting would apply to all threads executing. | |
* @author GNaschenweng | |
*/ | |
public class SSLSkipSNIHostnameVerifier implements HostnameVerifier { | |
/** | |
* | |
*/ | |
public SSLSkipSNIHostnameVerifier() { | |
} | |
/* | |
* We always treat SNI issues as valid. This should only be used in valid and verified cases and not set as the default host name-verifier for all connections | |
* (non-Javadoc) | |
* @see javax.net.ssl.HostnameVerifier#verify(java.lang.String, javax.net.ssl.SSLSession) | |
*/ | |
@Override | |
public boolean verify (String hostname, SSLSession session) { | |
// Return true so that we implicitly trust hostname mismatch | |
return true; | |
} | |
} |
This code is not working for me. After debugging deep into the apache lib, I can see that the verifyHostName method is called AFTER sslsock.startHandshake();
and therefore the HostNameVerifier is never checked.
newer versions of java won't work with that code
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Donations are always welcome
🍺 Please support me: If the above helped you in any way, then follow me on Twitter or send me some coins:
Go to Curve.com to add your Crypto.com card to ApplePay and signup to Crypto.com for a staking and free Crypto debit card.
Use Binance Exchange to trade #altcoins. Sign up with Coinbase and instantly get $10 in BTC. I also accept old-school PayPal.
If you have no crypto, follow me at least on Twitter.