Move hostname verification compatibility code for Android API < 24 to 1 place

SgtSilvio · SgtSilvio · commit 3e7e3fc774a7 · 2026-06-22T18:31:41.000+02:00
diff --git a/src/main/java/com/hivemq/client/internal/mqtt/MqttClientSslConfigImpl.java b/src/main/java/com/hivemq/client/internal/mqtt/MqttClientSslConfigImpl.java
@@ -21,7 +21,9 @@
 import org.jetbrains.annotations.NotNull;
 import org.jetbrains.annotations.Nullable;
 
-import javax.net.ssl.*;
+import javax.net.ssl.HostnameVerifier;
+import javax.net.ssl.KeyManagerFactory;
+import javax.net.ssl.TrustManagerFactory;
 import java.util.List;
 import java.util.Objects;
 import java.util.Optional;
@@ -32,21 +34,8 @@
  */
 public class MqttClientSslConfigImpl implements MqttClientSslConfig {
 
-    static final @Nullable HostnameVerifier DEFAULT_HOSTNAME_VERIFIER;
-
-    static {
-        HostnameVerifier hostnameVerifier = null;
-        try {
-            new SSLParameters().setEndpointIdentificationAlgorithm("HTTPS");
-        } catch (final NoSuchMethodError e) { // Android API < 24 compatibility
-            hostnameVerifier = HttpsURLConnection.getDefaultHostnameVerifier();
-        }
-        DEFAULT_HOSTNAME_VERIFIER = hostnameVerifier;
-    }
-
     static final @NotNull MqttClientSslConfigImpl DEFAULT =
-            new MqttClientSslConfigImpl(null, null, null, null, (int) DEFAULT_HANDSHAKE_TIMEOUT_MS,
-                    DEFAULT_HOSTNAME_VERIFIER);
+            new MqttClientSslConfigImpl(null, null, null, null, (int) DEFAULT_HANDSHAKE_TIMEOUT_MS, null);
 
     private final @Nullable KeyManagerFactory keyManagerFactory;
     private final @Nullable TrustManagerFactory trustManagerFactory;
diff --git a/src/main/java/com/hivemq/client/internal/mqtt/MqttClientSslConfigImplBuilder.java b/src/main/java/com/hivemq/client/internal/mqtt/MqttClientSslConfigImplBuilder.java
@@ -39,7 +39,7 @@ public abstract class MqttClientSslConfigImplBuilder<B extends MqttClientSslConf
     private @Nullable ImmutableList<String> cipherSuites;
     private @Nullable ImmutableList<String> protocols;
     private int handshakeTimeoutMs = (int) MqttClientSslConfigImpl.DEFAULT_HANDSHAKE_TIMEOUT_MS;
-    private @Nullable HostnameVerifier hostnameVerifier = MqttClientSslConfigImpl.DEFAULT_HOSTNAME_VERIFIER;
+    private @Nullable HostnameVerifier hostnameVerifier;
 
     MqttClientSslConfigImplBuilder() {}
 
@@ -84,8 +84,7 @@ public abstract class MqttClientSslConfigImplBuilder<B extends MqttClientSslConf
     }
 
     public @NotNull B hostnameVerifier(final @Nullable HostnameVerifier hostnameVerifier) {
-        this.hostnameVerifier =
-                (hostnameVerifier == null) ? MqttClientSslConfigImpl.DEFAULT_HOSTNAME_VERIFIER : hostnameVerifier;
+        this.hostnameVerifier = hostnameVerifier;
         return self();
     }
 
diff --git a/src/main/java/com/hivemq/client/internal/mqtt/handler/ssl/MqttSslInitializer.java b/src/main/java/com/hivemq/client/internal/mqtt/handler/ssl/MqttSslInitializer.java
@@ -27,6 +27,7 @@
 import org.jetbrains.annotations.NotNull;
 
 import javax.net.ssl.HostnameVerifier;
+import javax.net.ssl.HttpsURLConnection;
 import javax.net.ssl.SSLException;
 import javax.net.ssl.SSLParameters;
 import java.net.InetSocketAddress;
@@ -71,10 +72,18 @@ public static void initChannel(
         Netty treats Android (all versions) as Java 6, so SSLParameters.setEndpointIdentificationAlgorithm is not called on Android with netty 4.1.
         So SSLParameters.setEndpointIdentificationAlgorithm still needs to be called here.
          */
-        final HostnameVerifier hostnameVerifier = sslConfig.getRawHostnameVerifier();
+        HostnameVerifier hostnameVerifier = sslConfig.getRawHostnameVerifier();
         if (hostnameVerifier == null) {
             final SSLParameters sslParameters = sslHandler.engine().getSSLParameters();
-            sslParameters.setEndpointIdentificationAlgorithm("HTTPS");
+            try {
+                sslParameters.setEndpointIdentificationAlgorithm("HTTPS");
+            } catch (final NoSuchMethodError e) {
+                /*
+                On Android API < 24 SSLParameters.setEndpointIdentificationAlgorithm is not available
+                The HttpsURLConnection.getDefaultHostnameVerifier performs HTTPS hostname verification on Android
+                 */
+                hostnameVerifier = HttpsURLConnection.getDefaultHostnameVerifier();
+            }
             sslHandler.engine().setSSLParameters(sslParameters);
         }
 

Original file line number	Diff line number	Diff line change
`@@ -39,7 +39,7 @@ public abstract class MqttClientSslConfigImplBuilder<B extends MqttClientSslConf`
`39`	`39`	`private @Nullable ImmutableList<String> cipherSuites;`
`40`	`40`	`private @Nullable ImmutableList<String> protocols;`
`41`	`41`	`private int handshakeTimeoutMs = (int) MqttClientSslConfigImpl.DEFAULT_HANDSHAKE_TIMEOUT_MS;`
`42`		`- private @Nullable HostnameVerifier hostnameVerifier = MqttClientSslConfigImpl.DEFAULT_HOSTNAME_VERIFIER;`
	`42`	`+ private @Nullable HostnameVerifier hostnameVerifier;`
`43`	`43`
`44`	`44`	`MqttClientSslConfigImplBuilder() {}`
`45`	`45`
`@@ -84,8 +84,7 @@ public abstract class MqttClientSslConfigImplBuilder<B extends MqttClientSslConf`
`84`	`84`	`}`
`85`	`85`
`86`	`86`	`public @NotNull B hostnameVerifier(final @Nullable HostnameVerifier hostnameVerifier) {`
`87`		`- this.hostnameVerifier =`
`88`		`- (hostnameVerifier == null) ? MqttClientSslConfigImpl.DEFAULT_HOSTNAME_VERIFIER : hostnameVerifier;`
	`87`	`+ this.hostnameVerifier = hostnameVerifier;`
`89`	`88`	`return self();`
`90`	`89`	`}`
`91`	`90`