Crash on Android due to missing method setEndpointIdentificationAlgorithm on 1.5.0.

[or-else]

Websocket library 1.5.0
The same code was not crashing on 1.4.1

This is the entire stack trace. I got it through Crashlytics so I cannot describe steps that led to it.

Fatal Exception: java.lang.NoSuchMethodError: No virtual method setEndpointIdentificationAlgorithm(Ljava/lang/String;)V in class Ljavax/net/ssl/SSLParameters; or its super classes (declaration of 'javax.net.ssl.SSLParameters' appears in /system/framework/core-libart.jar)
       at org.java_websocket.client.WebSocketClient.run(WebSocketClient.java:476)
       at java.lang.Thread.run(Thread.java:831)

Android 5.0.1 (API 21).
Brand: HUAWEI
Model: P8 Lite

[marci4]

The library requires Java API Level 1.7.

I don't know what that means for supported android versions.

Could you check this for me?

Best regards,
Marcel

[marci4]

@PhilipRoman
If we move this inside of OnSetSSLParameters Android developers would be able to override the method, preventing the exception but disabling hostname verification.

We could document this exception and the workaround and include how do to hostname verficiation then.

What do you think?

Best regards,
Marcel

[or-else]

I'm not sure what Java 1.7 means:
https://en.m.wikipedia.org/wiki/Java_version_history

Please clarify. Thanks.

[marci4]

Java SE 7

[or-else]

Yes, Android API 21 is Java 7.

[marci4]

Looks like the added setEndpointIdentificationAlgorithm in API Version 24 -.-
https://developer.android.com/reference/javax/net/ssl/SSLParameters#setEndpointIdentificationAlgorithm(java.lang.String)

[or-else]

@marci4 Thanks!

[PhilipRoman]

@marci4
I guess we will have to move it inside of onSetSSLParameters.

The only other way would be to check for the existence of setEndpointIdentificationAlgorithm using reflection and set a static field, for example "private static final boolean CAN_SET_ENDPOINT_IDENTIFICATION_ALGORITHM = ...".

Not sure if it is worth the extra complexity (although it would make it easier for Android users)

[marci4]

@PhilipRoman the reflection would result in a silent fail.

Then there is no indication if hostname validation is active or not.

[marci4]

@or-else what do you think about the following idea:

I will move the method call setEndpointIdentificationAlgorithm inside of OnSetSSLParameters.
You would be able to override the implementation and not call setEndpointIdentificationAlgorithm, but then you have to do your own hostname validation.
The default would still be the same and our android users would be able to work around the missing API.

It is not ideal but you would be able to use this library without being forced to require a never Android API version.

Best regards,
Marcel

[marci4]

@or-else and @PhilipRoman if you are both fine with the proposed changes, I would do a hotfix release for 1.5.1.

Best regards,
Marcel

[or-else]

@marci4 Yes, setting SNI parameter in protected void onSetSSLParameters(SSLParameters sslParameters) makes total sense to me.

[marci4]

Snapshot looks good, pushing release.

Workaround is documented here https://github.com/TooTallNate/Java-WebSocket/wiki/No-such-method-error-setEndpointIdentificationAlgorithm

Best regards,
Marcel

[wuyinlei]

Websocket library 1.5.1
The same code was not crashing on 1.4.1

java.lang.NoSuchMethodError

No virtual method setEndpointIdentificationAlgorithm(Ljava/lang/String;)V in class Ljavax/net/ssl/SSLParameters; or its super classes (declaration of 'javax.net.ssl.SSLParameters' appears in /system/framework/core-libart.jar)

1 e.a.f.b.a(WebSocketClient.java:5)

2 e.a.f.b.run(WebSocketClient.java:19)
3 java.lang.Thread.run(Thread.java:818)

[MohamedMedhat1998]

I think I can now understand why most of the websocket libraries I found require minSdkVersion 24.