After update from Openfire 3.9.3 to 4.3.2 device cannot communicate with the server (Openfire).
In the 3.9.3 version Certificate Request has an empty Distinguished Names in the server hello message.
In the 4.3.2 version Certificate Request has Distinguished Names filed with all client certificates from client store.
Device has overflow and answer with an error in 4.3.2.
Openfire 4.3.2 was modified.
This is not the best solution, but i had to get a solution.
The modification was made in the Class OpenfireX509TrustManager function getAcceptedIssuers() in Openfire 4.3.2
@Override
public X509Certificate[] getAcceptedIssuers()
{
// Modification start
if (JiveGlobals.getBooleanProperty("xmpp.client.certificate.sendtrustedissuerlist", false)) {
// Answer an empty list
return new X509Certificate[0];
}
// Modification end
// original code
...
}
I have 3 Openfire version for test:
- Openfire 3.9.3
- Openfire 4.3.2
- Openfire 4.3.2 customized
TEST 01 Openfire 3.9.3
Java version
jdk1.8.0_31
jre1.8.0_73
CLIENT HELLO
SERVER HELLO
Communication
Device can create XMPP-Session.
TEST 02 Openfire 4.3.2
Java version
jdk1.8.0_221
jre1.8.0_221
CLIENT HELLO the same
Communication
Client Error Alert; Internal Error (because of Distinguished Names)
TEST 03 Openfire 4.3.2 customized
Java version
jdk1.8.0_221
jre1.8.0_221
CLIENT HELLO the same
SERVER HELLO with empty Distinguished Names
Communication
Client Error Alert Handshake Failure (40)
Any ideas, how can I get it running?