android - Android SSL hostname validation: DefaultHostnameVerifier vs BrowserCompatHostnameVerifier

Question

I've noticed that Android provides two very similar classes as default hostname verifiers.

The default one used by HttpsURLConnection is javax.net.ssl.DefaultHostnameVerifier.

There's another one though, org.apache.http.conn.ssl.BrowserCompatHostnameVerifier, which is supposedly the same.

Why are these two provided and which one should be used for default verification?

Answer 1

一个区别是 BrowserCompatHostnameVerifier 可以验证 IP 地址形式的主机名（如浏览器），而 DefaultHostnameVerifier 将始终尝试通过 DNS 查找 IP 地址。

http://lexaux.blogspot.com/2013/01/android-httpsurlconnection-self-signed.html