Have Working Xiff3 + Crypto Solution for TLS -Enjoy : )

sunil_patro · May 29, 2008, 1:46am

does this mean now we can use xiff3 client to connect to gtalk server?

thanks,

Dustin2 · May 30, 2008, 4:04pm

I haven’t tried it yet. If I find some time to I’ll give it a try.

Allan_Weir · September 4, 2008, 9:54am

Did anyone get this working with Google Talk? I’ve already started a thread on this but this seems the most likely place to find answers.

Mehmet_Ecevit · September 7, 2008, 2:32pm

i have

downloaded the latest zip package
replaced the modified classes with the original xiff classes
added the modified crypto library to the classpath
changed the connection port from 5222 to 5223
inserted the “conn.tls = true;” into my connection code block

when i run my fla, it connects to the openfire and sends just the followin line and hangs

<?xml version="1.0"?><stream:stream to=“127.0.0.1” xmlns=“jabber:client” xmlns:stream=“http://etherx.jabber.org/streams” version=“1.0” />

when i look at the debug logs of my openfire server it says:

2008.09.07 17:31:07 ConnectionHandler:
javax.net.ssl.SSLHandshakeException: SSL handshake failed.

what could be the problem?

Allan_Weir · September 8, 2008, 8:06am

You’re connecting to your localhost and maybe you don’t have an SSL certificate setup on it.

Mehmet_Ecevit · September 8, 2008, 8:15am

how can i resolve this issue? How can i setup an ssl on my local? How are your test and production environments?

Allan_Weir · September 8, 2008, 8:24am

I’m not sure, I’m using the gtalk servers to test. I use talk.google.com:5222 to connect initially, googlemail.com to login, and talk.google.com:5223 to then connect using TLS. It requires extending the xiff code on a few functions as google connects differently to most jabber servers I think. This is my first project in it so I’m still quite new.

I’ve attached a class I used to extend XMPPSocketConnection.

So my main application class now looks like this:

Code
connection = new XMPPSocketConnectionExtension();

connection.username = USER

connection.password = PASS

connection.server = “talk.google.com”;

connection.chatServer = “googlemail.com”;

connection.tls = true;

connection.port = 5222;
Extension file.zip (1292 Bytes)

Jason_Crist · December 12, 2008, 9:32am

I have applied the patch but my connection is closed after the following is sent:

Does anyone have an idea or suggestion?

Jim7 · December 29, 2008, 10:36pm

I think that what’s supposed to happen is that the connection is supposed to close after that message, and XMPPSocketConnection should respond by starting a TLS session with the server. That’s how it works when I try it with talk.google.com.

Jim7 · December 29, 2008, 10:42pm

I know this thread is likely dead, but I get as far as connecting successfully. Once I try to login, I get this message back from the server (talk.google.com):

myusernamexiffMalformed JID ‘myusername’: node contains illegal character ‘@’

Neither apostrophes nor the ' strings are in the username at the time it is sent off in an IQ object in XMPPConnection::beginAuthentication.

Any ideas about how to find out where it’s tacking on the quotes or '?

Jim7 · December 29, 2008, 11:35pm

DOH. It’s complaining about the @, not the apostrophe. OK, I apologize for not know how to read.

Dele_Olajide · December 30, 2008, 12:18am

_http://www.igniterealtime.org/community/message/183903#183903

Matt_Towers · January 16, 2009, 5:56pm

Has anyone tried to merge this TLS fix with the head of the svn tree? It looks like there have been considerable changes to the effected classes since this patch was proposed.

I gather from the thread that there was intent to merge the TLS support into the trunk but I don’t see from the logs where it ever happened. Any guidance would be greatly appreciated.

Cheers!

-Matt

jozsef · January 20, 2009, 7:53pm

I looked over the modification to XMPPSocketConnection and I do not really like the way it is done. After proceed, you close the original connection and create a new one on port 5223. This is much more like the old SSL method. The way I implemented that I added a new class XMPPSSLSocketConnection. When this class is instantiated, user knows that old SSL method is used. I would be happy to contribute these changes. I believe that it would be also possible to negotiate SSL right after proceed on the same socket.

Matt_Towers · January 21, 2009, 9:26pm

I’d be interested in having a look at your new class if you don’t mind sharing. Is it current with the trunk of the XIFF tree?

Thanks!

-Matt

Juga_Paazmaya · January 22, 2009, 6:30am

I would be happy to see at least some level of encryption integration to be included in the trunk of current XIFF.

Users could then use it or loose it. Wouldn’t mind requiring AScrypto as Open Source should be able to use Open Source.

jozsef · January 26, 2009, 2:38am

Please find attached XMPPSSLSocketConnection.as. It is to version 10944, but I think it would be trivial to update to head. You need to apply the changes in ascrypto as per original post. You do not need any change in XMPPConnection or XMPPSocketConnection, just add the attached file to core and instantiate: private var mConnection:XMPPConnection; mConnection = new XMPPSSLConnection(); mConnection.port = 5223; I have tested it with openfire and our internal jabber. Jozsef
XMPPSSLConnection.as (7799 Bytes)

Matt_Towers · January 26, 2009, 2:56am

Sweet. Thanks large! I’ve merged merged in the changes as per this thread and everything is building cleanly; no changes necessary. I’ll report back once I’ve had a chance to try it out with my local jabber server and/or gTalk.

Cheers,

-Matt

jozsef · January 27, 2009, 5:13pm

Tested with google talk and worked great. I tried presnce and im between two accounts. I used the following setting with the propsed XMPPSSLConnection class.

id: account@gmail.com

server: talk.google.com:5223

I did get a roster error, but in Roster.handlePresence, just simply break for Presence.ERROR_TYPE.

Jozsef

Karthik · November 5, 2009, 10:11pm

Did this ever make it into SVN?

Karthik