Class BrowserCompatHostnameVerifier

  • All Implemented Interfaces:
    HostnameVerifier, X509HostnameVerifier

    public class BrowserCompatHostnameVerifier
    extends AbstractVerifier
    The HostnameVerifier that works the same way as Curl and Firefox.

    The hostname must match either the first CN, or any of the subject-alts. A wildcard can occur in the CN, and in any of the subject-alts.

    The only difference between BROWSER_COMPATIBLE and STRICT is that a wildcard (such as "*") with BROWSER_COMPATIBLE matches all subdomains, including "".

    • Constructor Detail

      • BrowserCompatHostnameVerifier

        public BrowserCompatHostnameVerifier()
    • Method Detail

      • verify

        public final void verify​(String host,
                                 String[] cns,
                                 String[] subjectAlts)
                          throws SSLException
        Description copied from interface: X509HostnameVerifier
        Checks to see if the supplied hostname matches any of the supplied CNs or "DNS" Subject-Alts. Most implementations only look at the first CN, and ignore any additional CNs. Most implementations do look at all of the "DNS" Subject-Alts. The CNs or Subject-Alts may contain wildcards according to RFC 2818.
        host - The hostname to verify.
        cns - CN fields, in order, as extracted from the X.509 certificate.
        subjectAlts - Subject-Alt fields of type 2 ("DNS"), as extracted from the X.509 certificate.
        SSLException - if the verification process fails.