powered by Jive Software

Certificate Request

After update from Openfire 3.9.3 to 4.3.2 device cannot communicate with the server (Openfire).

In the 3.9.3 version Certificate Request has an empty Distinguished Names in the server hello message.
In the 4.3.2 version Certificate Request has Distinguished Names filed with all client certificates from client store.

Device has overflow and answer with an error in 4.3.2.

Openfire 4.3.2 was modified.
This is not the best solution, but i had to get a solution.
The modification was made in the Class OpenfireX509TrustManager function getAcceptedIssuers() in Openfire 4.3.2

   @Override
    public X509Certificate[] getAcceptedIssuers()
    {
       
        // Modification start
        if (JiveGlobals.getBooleanProperty("xmpp.client.certificate.sendtrustedissuerlist", false)) {
            // Answer an empty list 
            return new X509Certificate[0];
        }        
        // Modification end

       // original code
       ...
    }

I have 3 Openfire version for test:

  1. Openfire 3.9.3
  2. Openfire 4.3.2
  3. Openfire 4.3.2 customized

TEST 01 Openfire 3.9.3

Java version
jdk1.8.0_31
jre1.8.0_73

CLIENT HELLO

SERVER HELLO

Communication

Device can create XMPP-Session.

TEST 02 Openfire 4.3.2

Java version
jdk1.8.0_221
jre1.8.0_221

CLIENT HELLO the same

Communication

Client Error Alert; Internal Error (because of Distinguished Names)

TEST 03 Openfire 4.3.2 customized

Java version
jdk1.8.0_221
jre1.8.0_221

CLIENT HELLO the same

SERVER HELLO with empty Distinguished Names
grafik

Communication

Client Error Alert Handshake Failure (40)

Any ideas, how can I get it running?