Can not connect with Smack/DummySSLSocketFactory when Openfire set to TLS only

Barry_Lai · March 30, 2009, 4:09am

I have looked at the Spark source code and looked at how Spark connects to Openfire. They use a “DummySSLSocketFactory” which implements Java’s SSLSocketFactory and basically accepts all certificates as long as they aren’t expired.

Openfire client connection security settings:

“Custom”

-> Old SSL set to :NOT AVAILABLE

-> TLS set to: REQUIRED

Spark will connect via port 5222 successfully, but when mimicing in my own Smack code, I get:

javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readDataRecord(Unknown Source)
at com.sun.net.ssl.internal.ssl.AppInputStream.read(Unknown Source)
at sun.nio.cs.StreamDecoder.readBytes(Unknown Source)
at sun.nio.cs.StreamDecoder.implRead(Unknown Source)
at sun.nio.cs.StreamDecoder.read(Unknown Source)
at java.io.InputStreamReader.read(Unknown Source)
at java.io.BufferedReader.read1(Unknown Source)
at java.io.BufferedReader.read(Unknown Source)
at org.jivesoftware.smack.util.ObservableReader.read(ObservableReader.java:42)
at org.xmlpull.mxp1.MXParser.fillBuf(MXParser.java:2992)
at org.xmlpull.mxp1.MXParser.more(MXParser.java:3046)
at org.xmlpull.mxp1.MXParser.parseProlog(MXParser.java:1410)
at org.xmlpull.mxp1.MXParser.nextImpl(MXParser.java:1395)
at org.xmlpull.mxp1.MXParser.next(MXParser.java:1093)
at org.jivesoftware.smack.PacketReader.parsePackets(PacketReader.java:368)
at org.jivesoftware.smack.PacketReader.access$000(PacketReader.java:44)
at org.jivesoftware.smack.PacketReader$1.run(PacketReader.java:76)
Caused by: java.io.EOFException: SSL peer shut down incorrectly
at com.sun.net.ssl.internal.ssl.InputRecord.read(Unknown Source)
… 19 more

I am doing this to set up my connection:

this.connectionConfig = new ConnectionConfiguration(SERVER_DOMAIN_NAME, SERVER_PORT);
this.connectionConfig.setSecurityMode(ConnectionConfiguration.SecurityMode.enab led);
this.connectionConfig.setSocketFactory(new DummySSLSocketFactory());
this.xmppConnection = new XMPPConnection(this.connectionConfig);

where SERVER_PORT = 5222

This is the same routine that Spark uses seemingly successfully.

Does anyone have any experience connecting with TLS (not old SSL) with Smack??

Best,

Barry

Daniel_Kohnlein · April 15, 2009, 11:17am

Hi,

got the same problem. First I thought there is something wrong with my OpenSSL created certificates, but it didn’t seem to be the problem. In another thread i read the “null certificate chain” error, which appears sporadically, says that the client does not submit his certificate, but i didn’t find any option to do so in Smack.

Would be nice, if one of the devs would post a solution here, if the is any.

Thanks

Barry_Lai · April 15, 2009, 5:42pm

Daniel, I did find out what my issue was. Another (misleading) post said to use “DummySSLSocketFactory” for TLS. But in fact, if you look at the Spark source, they actually do not use DummySSL when configuring TLS - only when using “Old-Style SSL”! Try setting your connection port to the normal 5222 port (instead of the designated secure port that old-style SSL will try to use to connect), set your Openfire server to use TLS only, and Smack seems to autonegotiate correctly. If you still have problems, I will try to dig up some code snippets.

Best,

Barry

Daniel_Kohnlein · April 16, 2009, 7:01am

Thanks for your advice, but if I do so, I get an “javax.net.ssl.SSLHandshakeException: Handshake message sequence violation, 2” Error on Client side and “null cert chain” SSLHandshakeException on Server side. In addition there is a “ClientTrustmanager: crl file not found resources\security\crl.pem” message although there is one. Is this error of any relevance? I thought crls are not urgent needed.

In Smack debug mode the Server grants the TLS connection:

<?xml version='1.0' encoding='UTF-8'?>DIGEST-MD5PLAINCRAM-MD5

and the Client asks to start TLS:

<stream:stream to=“server” xmlns=“jabber:client” xmlns:stream=“http://etherx.jabber.org/streams” version=“1.0”>

Seems right to me. Any suggestions what to do?

Thanks in advance

ps.: I had already searched the Spark source, but I didn’t find the .java file which handles the connection.Maybe I was a bit too blind to see it . Could you tell me the name of this file?

Daniel