diff --git a/src/main/java/org/java_websocket/client/WebSocketClient.java b/src/main/java/org/java_websocket/client/WebSocketClient.java index 0bbcfe54..4d735dee 100644 --- a/src/main/java/org/java_websocket/client/WebSocketClient.java +++ b/src/main/java/org/java_websocket/client/WebSocketClient.java @@ -472,8 +472,6 @@ public void run() { if (socket instanceof SSLSocket) { SSLSocket sslSocket = (SSLSocket)socket; SSLParameters sslParameters = sslSocket.getSSLParameters(); - // Make sure we perform hostname validation - sslParameters.setEndpointIdentificationAlgorithm("HTTPS"); onSetSSLParameters(sslParameters); sslSocket.setSSLParameters(sslParameters); } @@ -520,10 +518,14 @@ public void run() { /** * Apply specific SSLParameters + * If you override this method make sure to always call super.onSetSSLParameters() to ensure the hostname validation is active * * @param sslParameters the SSLParameters which will be used for the SSLSocket */ protected void onSetSSLParameters(SSLParameters sslParameters) { + // If you run into problem on Android (NoSuchMethodException), check out the wiki https://github.com/TooTallNate/Java-WebSocket/wiki/No-such-method-error-setEndpointIdentificationAlgorithm + // Perform hostname validation + sslParameters.setEndpointIdentificationAlgorithm("HTTPS"); } /** diff --git a/src/test/java/org/java_websocket/issues/Issue997Test.java b/src/test/java/org/java_websocket/issues/Issue997Test.java index 0fc81bc2..493dd69b 100644 --- a/src/test/java/org/java_websocket/issues/Issue997Test.java +++ b/src/test/java/org/java_websocket/issues/Issue997Test.java @@ -143,6 +143,8 @@ public void onError(Exception ex) { @Override protected void onSetSSLParameters(SSLParameters sslParameters) { + // Always call super to ensure hostname validation is active by default + super.onSetSSLParameters(sslParameters); if (endpointIdentificationAlgorithm != null) { sslParameters.setEndpointIdentificationAlgorithm(endpointIdentificationAlgorithm); }