When behind proxy - error certificate of the peer does not match the expected hostname(ws.kite.trade

RajR
When behind a proxy, I am getting error
"com.neovisionaries.ws.client.HostnameUnverifiedException: The certificate of the peer does not match the expected hostname (ws.kite.trade)".
I am setting the right proxy and port using below code. Please note: In my system Windows 7 Enterprise 64 bit, the proxy setting is through a PAC file and it resolves to "dummyproxy.net" and that is what I am setting in the code.
        InetSocketAddress proxyAddress = new InetSocketAddress("dummyproxy.net", 8080);
Proxy systemProxy = new Proxy(Proxy.Type.HTTP, proxyAddress);
kiteConnect.setProxy(systemProxy);
Logs
com.neovisionaries.ws.client.HostnameUnverifiedException: The certificate of the peer does not match the expected hostname (ws.kite.trade)
at com.neovisionaries.ws.client.SocketConnector.verifyHostname(SocketConnector.java:171)
at com.neovisionaries.ws.client.SocketConnector.doConnect(SocketConnector.java:126)
at com.neovisionaries.ws.client.SocketConnector.connect(SocketConnector.java:83)
at com.neovisionaries.ws.client.WebSocket.connect(WebSocket.java:2152)
at com.zerodhatech.ticker.KiteTicker.connect(KiteTicker.java:214)
at Main.main(Main.java:112)
  • sujith
    Is (dummyproxy.net)this a real domain or just an example?

    The dummyproxy.net hostname doesn't seem to exist.
  • RajR
    That is just an example @sujith
  • RajR
    I will investigate further from my end. Thanks
  • RajR
    @sujith . I found some details about this. I don't know much about host name verification. But have a look at this.

    The certificate of the peer...does not match he expected hostname

    This seems to be the same library that Kite uses for Web Socket connection. The author has added a new method setVerifyHostname by which the verification can be controlled.
  • sujith
    That is not related to your scenario, a proxy setup needs to accept a request and forward it. But the domain you are using is not alive to do the same.
  • RajR
    @sujith . I rechecked this. From behind the proxy. I am able to connect to the Kite instrument end point and download the list and the User profile details / Margins etc. It is only the Web Socket that is causing the issue. Below is the log from kite connect. Except the Web socket, the connection is working fine behind the proxy.

    I have removed some personal details and token from the logs
    Dec 03, 2018 2:23:28 PM okhttp3.internal.platform.Platform log
    INFO: --> GET https://api.kite.trade/user/profile
    Dec 03, 2018 2:23:28 PM okhttp3.internal.platform.Platform log
    INFO: User-Agent: javakiteconnect/3.0.0
    Dec 03, 2018 2:23:28 PM okhttp3.internal.platform.Platform log
    INFO: X-Kite-Version: 3
    Dec 03, 2018 2:23:28 PM okhttp3.internal.platform.Platform log
    INFO: Authorization: token
    Dec 03, 2018 2:23:28 PM okhttp3.internal.platform.Platform log
    INFO: --> END GET
    Dec 03, 2018 2:23:30 PM okhttp3.internal.platform.Platform log
    INFO: <-- 200 https://api.kite.trade/user/profile (1554ms)
    Dec 03, 2018 2:23:30 PM okhttp3.internal.platform.Platform log
    INFO: date: Mon, 03 Dec 2018 08:53:29 GMT
    Dec 03, 2018 2:23:30 PM okhttp3.internal.platform.Platform log
    INFO: content-type: application/json
    Dec 03, 2018 2:23:30 PM okhttp3.internal.platform.Platform log
    INFO: set-cookie: __cfduid=dd1373ada16e5979248cea48fb52be0e01543827209; expires=Tue, 03-Dec-19 08:53:29 GMT; path=/; domain=.kite.trade; HttpOnly
    Dec 03, 2018 2:23:30 PM okhttp3.internal.platform.Platform log
    INFO: etag:
    Dec 03, 2018 2:23:30 PM okhttp3.internal.platform.Platform log
    INFO: strict-transport-security: max-age=15552000; includeSubDomains
    Dec 03, 2018 2:23:30 PM okhttp3.internal.platform.Platform log
    INFO: expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
    Dec 03, 2018 2:23:30 PM okhttp3.internal.platform.Platform log
    INFO: server: cloudflare
    Dec 03, 2018 2:23:30 PM okhttp3.internal.platform.Platform log
    INFO: cf-ray: 4834cd9a9e332fc3-MAA
    Dec 03, 2018 2:23:30 PM okhttp3.internal.platform.Platform log
    INFO:
    Dec 03, 2018 2:23:30 PM okhttp3.internal.platform.Platform log
    INFO: {"status":"success","data":,"broker":"ZERODHA","exchanges":["MCX","CDS","NFO","BSE","BFO","NSE"],"products":["MIS","NRML","CNC","CO","BO"],"order_types":["LIMIT","MARKET","SL","SL-M"],"avatar_url":null}}
    Dec 03, 2018 2:23:30 PM okhttp3.internal.platform.Platform log
    INFO: <-- END HTTP (312-byte body)
    Dec 03, 2018 2:23:30 PM okhttp3.internal.platform.Platform log
    INFO: --> GET https://api.kite.trade/user/margins/equity
    Dec 03, 2018 2:23:30 PM okhttp3.internal.platform.Platform log
    INFO: User-Agent: javakiteconnect/3.0.0
    Dec 03, 2018 2:23:30 PM okhttp3.internal.platform.Platform log
    INFO: X-Kite-Version: 3
    Dec 03, 2018 2:23:30 PM okhttp3.internal.platform.Platform log
    INFO: Authorization: token
    Dec 03, 2018 2:23:30 PM okhttp3.internal.platform.Platform log
    INFO: --> END GET
    User Name:
    Dec 03, 2018 2:23:31 PM okhttp3.internal.platform.Platform log
    INFO: <-- 200 https://api.kite.trade/user/margins/equity (1604ms)
    Dec 03, 2018 2:23:31 PM okhttp3.internal.platform.Platform log
    INFO: date: Mon, 03 Dec 2018 08:53:31 GMT
    Dec 03, 2018 2:23:31 PM okhttp3.internal.platform.Platform log
    INFO: content-type: application/json
    Dec 03, 2018 2:23:31 PM okhttp3.internal.platform.Platform log
    INFO: set-cookie: __cfduid=d75d0ba1ecf32882b36b0d282a11377771543827211; expires=Tue, 03-Dec-19 08:53:31 GMT; path=/; domain=.kite.trade; HttpOnly
    Dec 03, 2018 2:23:31 PM okhttp3.internal.platform.Platform log
    INFO: etag:
    Dec 03, 2018 2:23:31 PM okhttp3.internal.platform.Platform log
    INFO: strict-transport-security: max-age=15552000; includeSubDomains
    Dec 03, 2018 2:23:31 PM okhttp3.internal.platform.Platform log
    INFO: expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
    Dec 03, 2018 2:23:31 PM okhttp3.internal.platform.Platform log
    INFO: server: cloudflare
    Dec 03, 2018 2:23:31 PM okhttp3.internal.platform.Platform log
    INFO: cf-ray: 4834cda4eb952fbd-MAA
    Dec 03, 2018 2:23:31 PM okhttp3.internal.platform.Platform log
    INFO:
    Dec 03, 2018 2:23:32 PM okhttp3.internal.platform.Platform log
    INFO: {"status":"success","data":
    Dec 03, 2018 2:23:32 PM okhttp3.internal.platform.Platform log
    INFO: <-- END HTTP (283-byte body)
    When the socket connection happens
    com.neovisionaries.ws.client.HostnameUnverifiedException: The certificate of the peer does not match the expected hostname (ws.kite.trade)
    at com.neovisionaries.ws.client.SocketConnector.verifyHostname(SocketConnector.java:171)
    at com.neovisionaries.ws.client.SocketConnector.doConnect(SocketConnector.java:126)
    at com.neovisionaries.ws.client.SocketConnector.connect(SocketConnector.java:83)
    at com.neovisionaries.ws.client.WebSocket.connect(WebSocket.java:2152)
    at com.zerodhatech.ticker.KiteTicker.connect(KiteTicker.java:214)
    at Reconnect.main(Reconnect.java:237)
  • sujith
    Hi @RajR,
    I think you are looking for a solution like this.

    We have missed adding proxy settings to websocket connection. We will add it in the future release. For now, you can fork the javakiteconnect and add proxy settings here.
  • RajR
    Thanks @sujith . I will check and update.
Sign In or Register to comment.