SNI regression on Android 5 introduced in 4.7.0

[marcbaldwin]

Your changelog states that in version 4.3.1 you fixed an issue introduced in 4.3.0 relating to SNI on Android 5.

Fix: Explicitly specify the remote server name when making HTTPS connections on Android 5. In 4.3.0 we introduced a regression where server name indication (SNI) was broken on Android 5.

This issue appears to have regressed in version 4.7.0, also in 4.7.1, 4.6.0 works as expected.

javax.net.ssl.SSLPeerUnverifiedException: Hostname REDACTED not verified:
certificate: REDACTED
DN: CN=REDACTED
subjectAltNames: [REDACTED]

Some info can be found here relating to this issue: https://developer.android.com/training/articles/security-ssl#CommonHostnameProbs

Thanks for your contribution to the Android community, please let me know if I can be of any help in fixing this issue.

[yschimke]

We have a test that is meant to cover this case against a known picky host. I don't think MockWebServer is as particular. I'll debug a bit.

testRequestWithSniRequirement

[yschimke]

@marcbaldwin Are you using anything else interesting like the Play Provider, or Conscrypt?

Which phones? Which specific Android versions? Anything else to go on?

Can you grab the full set of System Properties from the devices?

[yschimke]

Possibly falling back to Platform because of the same bug as #6073

[swankjesse]

Released in 4.7.2
https://square.github.io/okhttp/changelog/#version-472