> On Fri, Nov 18, 2011 at 2:05 PM, Mathias Lin <ma...@mathiaslin.com> wrote:
> > In an Android app, I fetch content from a https url; in order to avoid
> SSL
> > cert verification errors, I add the SSL public key to my keystore, which
> > then resides in my res/raw folder of the app. Following the instructions
> as
> > on
> http://blog.crazybob.org/2010/02/android-trusting-ssl-certificates.html,
> > which all works fine so far.

> > ..until I activate Proguard and obfuscation. With Proguard activated, I
> am
> > getting the following error,

> > ERROR/Login(4401): Could not login.
> >     javax.net.ssl.SSLException: hostname in certificate didn't match:
> > <store.mydomain.com/185.165.192.15> != <store.mydomain.com> OR
> > <store.mydomain.com>
> >     at xyz.fd.a(Unknown Source)

> > which I don't quite understand. Why would the identification of the url
> > change in a way that it's also fetching the /<ipAddress> together with
> the
> > domain name, whereas it works fine without Proguard obfuscation.

> Try dropping the more aggressive options like -repackageclasses and
> -allowaccessmodification options and see if that changes anything.

> On Fri, Nov 18, 2011 at 3:05 AM, Mathias Lin <ma...@mathiaslin.com> wrote:
> > In an Android app, I fetch content from a https url; in order to avoid
> SSL
> > cert verification errors, I add the SSL public key to my keystore, which
> > then resides in my res/raw folder of the app. Following the instructions
> as
> > on
> http://blog.crazybob.org/2010/02/android-trusting-ssl-certificates.html,
> > which all works fine so far.

> > ..until I activate Proguard and obfuscation. With Proguard activated, I
> am
> > getting the following error,

> > ERROR/Login(4401): Could not login.
> >     javax.net.ssl.SSLException: hostname in certificate didn't match:
> > <store.mydomain.com/185.165.192.15> != <store.mydomain.com> OR
> > <store.mydomain.com>
> >     at xyz.fd.a(Unknown Source)

> > which I don't quite understand. Why would the identification of the url
> > change in a way that it's also fetching the /<ipAddress> together with
> the
> > domain name, whereas it works fine without Proguard obfuscation.

> It is not fetching the IP address. The
> "store.mydomain.com/185.165.192.15" you see is just the result of
> InetAddress.toString(). Please post the entire stack trace contained
> in the exception. Also, tell proguard to keep line numbers and file
> names:

> -keepattributes SourceFile,LineNumberTable

> > As the httpClient for fetching the https content, I use sources as in
> > MyHttpClient
> > at:
> http://blog.crazybob.org/2010/02/android-trusting-ssl-certificates.html

> > proguard.cfg:

> > -optimizationpasses 5
> > -dontusemixedcaseclassnames
> > -dontskipnonpubliclibraryclasses
> > -dontpreverify
> > -verbose
> > -optimizations !code/simplification/arithmetic,!field/*,!class/merging/*

> > -keep public class * extends android.app.Activity
> > -keep public class * extends android.app.Application
> > -keep public class * extends android.app.Service
> > -keep public class * extends android.content.BroadcastReceiver
> > -keep public class * extends android.content.ContentProvider
> > -keep public class * extends android.app.backup.BackupAgentHelper
> > -keep public class * extends android.preference.Preference

> > -keep class * extends DefaultHttpClient

> > -ignorewarnings
> > -repackageclasses 'xyz'
> > -allowaccessmodification

> > -keepclasseswithmembernames class * {
> >     native <methods>;
> > }

> > -keepclasseswithmembers class * {
> >     public <init>(android.content.Context, android.util.AttributeSet);
> > }

> > -keepclasseswithmembers class * {
> >     public <init>(android.content.Context, android.util.AttributeSet,
> int);
> > }

> > -keepclassmembers class * extends android.app.Activity {
> >    public void *(android.view.View);
> > }

> > -keepclassmembers enum * {
> >     public static **[] values();
> >     public static ** valueOf(java.lang.String);
> > }

> > -keep class * implements android.os.Parcelable {
> >   public static final android.os.Parcelable$Creator *;
> > }

> > --
> > You received this message because you are subscribed to the Google
> > Groups "Android Developers" group.
> > To post to this group, send email to android-d...@googlegroups.com
> > To unsubscribe from this group, send email to
> > android-develop...@googlegroups.com
> > For more options, visit this group at
> > http://groups.google.com/group/android-developers?hl=en

> --
> "The flames are all long gone, but the pain lingers on"

> This is the complete stacktrace:

> 11-18 17:17:39.403: ERROR/Login(7025): Could not login.
>         javax.net.ssl.SSLException: hostname in certificate didn't match: <
> store.mydomain.com/185.165.192.15> != <store.mydomain.com> OR <
> store.mydomain.com>
>         at a.a.a.c.d.a.a(AbstractVerifier.java:228)
>         at a.a.a.c.d.c.a(BrowserCompatHostnameVerifier.java:54)
>         at a.a.a.c.d.a.a(AbstractVerifier.java:149)
>         at a.a.a.c.d.a.a(AbstractVerifier.java:130)
>         at a.a.a.c.d.d.a(SSLSocketFactory.java:397)
>         at a.a.a.c.d.d.a(SSLSocketFactory.java:495)
>         at a.a.a.c.c.i.a(SchemeSocketFactoryAdaptor.java:62)
>         at a.a.a.f.c.f.a(DefaultClientConnectionOperator.java:148)
>         at a.a.a.f.c.b.a(AbstractPoolEntry.java:149)
>         at a.a.a.f.c.c.a(AbstractPooledConnAdapter.java:121)
>         at a.a.a.f.b.l.a(DefaultRequestDirector.java:573)
>         at a.a.a.f.b.l.a(DefaultRequestDirector.java:425)
>         at a.a.a.f.b.b.a(AbstractHttpClient.java:820)
>         at a.a.a.f.b.b.a(AbstractHttpClient.java:754)
>         at com.mydomain.android.activity.f.doInBackground(Login.java:122)
>         at android.os.AsyncTask$2.call(AsyncTask.java:185)
>         at
> java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:306)
>         at java.util.concurrent.FutureTask.run(FutureTask.java:138)
>         at
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1 088)
>         at
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java: 581)
>         at java.lang.Thread.run(Thread.java:1019)

> On Friday, 18 November 2011 17:08:45 UTC+8, casantos wrote:

>> On Fri, Nov 18, 2011 at 3:05 AM, Mathias Lin <ma...@mathiaslin.com>
>> wrote:
>> > In an Android app, I fetch content from a https url; in order to avoid
>> SSL
>> > cert verification errors, I add the SSL public key to my keystore, which
>> > then resides in my res/raw folder of the app. Following the
>> instructions as
>> > on
>> http://blog.crazybob.org/2010/02/android-trusting-ssl-certificates.html,
>> > which all works fine so far.

>> > ..until I activate Proguard and obfuscation. With Proguard activated, I
>> am
>> > getting the following error,

>> > ERROR/Login(4401): Could not login.
>> >     javax.net.ssl.SSLException: hostname in certificate didn't match:
>> > <store.mydomain.com/185.165.192.15> != <store.mydomain.com> OR
>> > <store.mydomain.com>
>> >     at xyz.fd.a(Unknown Source)

>> > which I don't quite understand. Why would the identification of the url
>> > change in a way that it's also fetching the /<ipAddress> together with
>> the
>> > domain name, whereas it works fine without Proguard obfuscation.

>> It is not fetching the IP address. The
>> "store.mydomain.com/185.165.192.15" you see is just the result of
>> InetAddress.toString(). Please post the entire stack trace contained
>> in the exception. Also, tell proguard to keep line numbers and file
>> names:

>> -keepattributes SourceFile,LineNumberTable

>> > As the httpClient for fetching the https content, I use sources as in
>> > MyHttpClient
>> > at:
>> http://blog.crazybob.org/2010/02/android-trusting-ssl-certificates.html

>> > proguard.cfg:

>> > -optimizationpasses 5
>> > -dontusemixedcaseclassnames
>> > -dontskipnonpubliclibraryclasses
>> > -dontpreverify
>> > -verbose
>> > -optimizations !code/simplification/arithmetic,!field/*,!class/merging/*

>> > -keep public class * extends android.app.Activity
>> > -keep public class * extends android.app.Application
>> > -keep public class * extends android.app.Service
>> > -keep public class * extends android.content.BroadcastReceiver
>> > -keep public class * extends android.content.ContentProvider
>> > -keep public class * extends android.app.backup.BackupAgentHelper
>> > -keep public class * extends android.preference.Preference

>> > -keep class * extends DefaultHttpClient

>> > -ignorewarnings
>> > -repackageclasses 'xyz'
>> > -allowaccessmodification

>> > -keepclasseswithmembernames class * {
>> >     native <methods>;
>> > }

>> > -keepclasseswithmembers class * {
>> >     public <init>(android.content.Context, android.util.AttributeSet);
>> > }

>> > -keepclasseswithmembers class * {
>> >     public <init>(android.content.Context, android.util.AttributeSet,
>> int);
>> > }

>> > -keepclassmembers class * extends android.app.Activity {
>> >    public void *(android.view.View);
>> > }

>> > -keepclassmembers enum * {
>> >     public static **[] values();
>> >     public static ** valueOf(java.lang.String);
>> > }

>> > -keep class * implements android.os.Parcelable {
>> >   public static final android.os.Parcelable$Creator *;
>> > }

>> > --
>> > You received this message because you are subscribed to the Google
>> > Groups "Android Developers" group.
>> > To post to this group, send email to androi...@googlegroups.com
>> > To unsubscribe from this group, send email to
>> > android-develop...@googlegroups.com
>> > For more options, visit this group at
>> > http://groups.google.com/group/android-developers?hl=en

>> --
>> "The flames are all long gone, but the pain lingers on"