Sample code for 30+ languages & platforms
Java

HTTPS Server Certificate Require Hostname Match

See more HTTP Examples

Demonstrates and explains the RequireHostnameMatch property.

Chilkat Java Downloads

Java
import com.chilkatsoft.*;

public class ChilkatExample {

  static {
    try {
        System.loadLibrary("chilkat");
    } catch (UnsatisfiedLinkError e) {
      System.err.println("Native code library failed to load.\n" + e);
      System.exit(1);
    }
  }

  public static void main(String argv[])
  {
    // The RequireHostnameMatch property was added in Chilkat v11.0.0
    // to ensure the URL's hostname matches at least one of the server certificate SAN's (Subject Alternative Names)
    // 
    // In actuality, it is the SNI hostname that must match.  If the SNI hostname is not explicitly set,
    // then Chilkat uses the hostname from the URL as the SNI hostname.

    // Here's an example using chilkatsoft.com
    // The SSL server certificate for chilkatsoft.com has 2 Subject Alternative Names:
    // 
    // 1) DNS Name: *.chilkatsoft.com
    // 2) DNS Name: chilkatsoft.com
    // 
    // See Explaining the SNI Hostname in TLS

    CkHttp http = new CkHttp();

    http.put_RequireHostnameMatch(true);

    // This should succeed because "www.chilkatsoft.com" matches the SAN entry "*.chilkatsoft.com"
    String html = http.quickGetStr("https://www.chilkatsoft.com/helloWorld.html");
    System.out.println("1) Succeeded: " + http.get_LastMethodSuccess());

    // At the time of writing this example, the IP address for chilkatsoft.com is 3.101.18.47
    // If we send the request using the IP address, it will fail because the IP address is does 
    // not match any of the SAN entries in the server certificate.
    html = http.quickGetStr("https://3.101.18.47/helloWorld.html");
    System.out.println("2) Succeeded: " + http.get_LastMethodSuccess());

    // However, it will succeed if we explicitly set the SNI hostname.
    http.put_SniHostname("www.chilkatsoft.com");
    html = http.quickGetStr("https://3.101.18.47/helloWorld.html");
    System.out.println("3) Succeeded: " + http.get_LastMethodSuccess());

    // Remove our explicit SNI hostname.
    http.put_SniHostname("");

    // Now let's try wrong.host.badssl.com
    // The SSL server certificate for badssl.com has 2 Subject Alternative Names:
    // 
    // 1) DNS Name: *.badssl.com
    // 2) DNS Name: badssl.com

    // The domain wrong.host.badssl.com will fail the RequireHostnameMatch because
    // the wildcarded domain SAN entry only extends 1 level deep.  
    html = http.quickGetStr("https://wrong.host.badssl.com/");
    System.out.println("4) Succeeded: " + http.get_LastMethodSuccess());

    // The expected output is:
    // 1) Succeeded: True
    // 2) Succeeded: False
    // 3) Succeeded: True
    // 4) Succeeded: False
  }
}