Support for SNI (Server Name Indication) in SSL connections

[cpfeiffer]

It would be nice if one could use ReGalAndroid on servers with different SSL certificates for virtual hosts.

Currently one gets a certificate verification error when connecting to such a host.

See
https://en.wikipedia.org/wiki/Server_Name_Indication
https://developer.android.com/training/articles/security-ssl.html
http://blog.dev001.net/post/67082904181/android-using-sni-and-tlsv1-2-with-apache-httpclient

[gene1wood]

The error that ReGalAndroid gives due to the lack of SNI support when connecting to a Gallery deployment over https using SNI looks like this

Problem

You could not get connected to the configured gallery : https://foo.example.com/

A problem occurred during the gallery connection, the detail is :
net.dahanne.gallery3.client.business.exceptions.G3GalleryException: 
hostname in certificate didn't match:

<foo.exapmle.com> != <bar.example.com> OR <bar.example.com> OR <example.com>

[gene1wood]

This is also reported as Issue 98 in the Google Code repo

[gene1wood]

And it looks like this change would be implemented here

https://github.com/anthonydahanne/ReGalAndroid/blob/master/g3-java-client/src/main/java/net/dahanne/gallery3/client/business/G3Client.java#L233

[cpfeiffer]

See also how the same issue is fixed in DAVDroid:
https://github.com/bitfireAT/davdroid/commit/9e082d930b483ad6008f4ee973f8b5383d489c17

[anthonydahanne]

I also hit this bug no later than yesterday.
it needs to be fixed, I'll have a look - thanks for the report

[hubbeldihub]

Seems to be still a problem. Tried ReGalAndroid for a Piwigo-Gallery with SSL. The App refuses the connection with the information that the certificate didn't match.