Hi! I made a new subclass of XMPPConnection that uses SSL/TLS but allows you to pass in a X509Certificate[] for verification. I wrote it to do some server cert checking, if the cert is not signed by one of the CA certs known to Java.
As a bonus, it lets you specify the hostname (or IP) for the socket connection separately from the XMPP-level hostname.
It requires XMPPConnection’'s constructor to be public, though - unless you fold this into the class.
Can you give an example of how this could be used to make a secure connection to jabber.org (their certificate is not trusted, and gives smack problems when trying to connect) ?
I thought Smack’‘s SSLXMPPConnection ignores any certificates? Sorry, I haven’'t tested against jabber.org (or any public server).
If you do want check, you can grab jabber.org’‘s certificate using a “trusting” SSL connection, then save it. I’'ll try to post code tomorrow if you still need it.
I haven’‘t tested it yet. But I’'m sure people want to have a method to add a certificate to the SecureTrustManager. At least I like such methods. addSertificate(X509Certificate cert)
This is a cool feature, and it seems like it should be incorporated into the default SSL connection class as a standard feature. We’‘ll probably want to allow additional options like just accepting the standard root CA’‘s only (the root CA’‘s installed into the VM), etc. I’'ve scheduled work on this for the Smack 1.3 release as:
i am really optimisic at this time all doors are closed for me so reading each and every thread if some one can give me a hint how to proceed i am absolutly clue less.