powered by Jive Software

Port problems conections Smack 4.1.3 and open Fire 3.10.2

Hello,

First of all thanks in advance for trying to help me with this problem.

I’m making a client with xmpp with Smack 4.1.3 and Openfire 3.10.2, I can connect with the client on port 5223 but I can’t on 5222.

The code is:

SSLContext ctx = null;

try {

ctx = SSLContext.getInstance(“TLS”);

} catch (NoSuchAlgorithmException e) {

e.printStackTrace();

}

try {

ctx.init(null, new TrustManager[]{new TrustAll()}, null);

} catch (KeyManagementException e) {

e.printStackTrace();

}

/////////

//Config Connection

XMPPTCPConnectionConfiguration.Builder config = XMPPTCPConnectionConfiguration.builder();

config.setSecurityMode(ConnectionConfiguration.SecurityMode.ifpossible);

config.setUsernameAndPassword(“user”, “pass”);

config.setServiceName(“raspberrypi”);

config.setHost(“192.168.0.199”);

config.setPort(5222);

config.setDebuggerEnabled(true);

config.setSocketFactory(ctx.getSocketFactory());

mConnection = new XMPPTCPConnection(config.build());

try {

//Conectamos al servidor

mConnection.connect().login();

System.out.println("It is Connected? "+ mConnection.isConnected());

} catch (SmackException | IOException | XMPPException e) {

e.printStackTrace();

}

In the server i have the next self certificates and the configuration for connection is:

Captura de pantalla 2015-08-10 a las 15.16.08.png

Captura de pantalla 2015-08-10 a las 15.17.25.png

We try to connect, but the next error shows up:

javax.net.ssl.SSLHandshakeException: javax.net.ssl.SSLProtocolException: SSL handshake aborted: ssl=0xb9cfaae0: Failure in SSL library, usually a protocol error

08-10 13:19:10.573 23246-23263/com.pere.xm W/System.err﹕ error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol (external/openssl/ssl/s23_clnt.c:766 0xaee025e1:0x00000000)

I’ve checked with openssl the port 5223 response with protocol but port 5222 not response:

pi@raspberrypi ~ $ openssl s_client -connect 192.168.0.199:5223

CONNECTED(00000003)

depth=0 CN = raspberrypi

verify error:num=18:self signed certificate

verify return:1

depth=0 CN = raspberrypi

verify return:1


Certificate chain

0 s:/CN=raspberrypi

i:/CN=raspberrypi


pi@raspberrypi ~ $ openssl s_client -connect 192.168.0.199:5222

CONNECTED(00000003)

3069367504:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:s23_clnt.c:774:


no peer certificate available


No client certificate CA names sent


SSL handshake has read 7 bytes and written 298 bytes


New, (NONE), Cipher is (NONE)

Secure Renegotiation IS NOT supported

Compression: NONE

Expansion: NONE


Please, any help to solve the problem, and succes on connect safley on port 5222-

Thanks everyone!.

Remove the setSocketFactory(ctx.getSocketFactory()); when connecting to port 5222 and use setSecurityMode(required) instead.

Thanks for the answer the doubt so fas!

Now the error is:

org.jivesoftware.smack.SmackException: javax.net.ssl.SSLHandshakeException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.

08-10 15:32:54.064 6156-6169/com.pere.xm W/System.err﹕ at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.parsePackets(XMPPTCPC onnection.java:1008)

08-10 15:32:54.064 6156-6169/com.pere.xm W/System.err﹕ at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.access$200(XMPPTCPCon nection.java:935)

08-10 15:32:54.064 6156-6169/com.pere.xm W/System.err﹕ at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader$1.run(XMPPTCPConnecti on.java:950)

08-10 15:32:54.064 6156-6169/com.pere.xm W/System.err﹕ at java.lang.Thread.run(Thread.java:856)

08-10 15:32:54.064 6156-6169/com.pere.xm W/System.err﹕ Caused by: javax.net.ssl.SSLHandshakeException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.

Moved to Smack Users forum. Please have a look at How to ask for help or report an issue · igniterealtime/Smack Wiki · GitHub

I solve the problem with: Connecting to a server that uses a self signed certificate

1-Create a bks keystore. I used KeyStore Explore 5.1.1

2- Export cert from keystore of the Openfire

3- Import certs to new bks keytore.

4- Copy keystore to android project.

5- the code:

Resources res = getApplicationContext().getResources();

String packageName = getApplicationContext().getPackageName();

int id = res.getIdentifier(“keystore”, “drawable”, packageName);

InputStream ins = res.openRawResource(id);

KeyStore ks = null;

try {

ks = KeyStore.getInstance(KeyStore.getDefaultType());

ks.load(ins,“password”.toCharArray());

} catch (KeyStoreException e) {

e.printStackTrace();

} catch (CertificateException e) {

e.printStackTrace();

} catch (NoSuchAlgorithmException e) {

e.printStackTrace();

} catch (IOException e) {

e.printStackTrace();

}

TrustManagerFactory tmf =

null;

try {

tmf = TrustManagerFactory

.getInstance(TrustManagerFactory.getDefaultAlgorithm());

tmf.init(ks);

} catch (NoSuchAlgorithmException e) {

e.printStackTrace();

} catch (KeyStoreException e) {

e.printStackTrace();

}

SSLContext sslctx = null;

try {

sslctx = SSLContext.getInstance(“TLS”);

sslctx.init(null, tmf.getTrustManagers(), new SecureRandom());

} catch (NoSuchAlgorithmException e) {

e.printStackTrace();

} catch (KeyManagementException e) {

e.printStackTrace();

}

XMPPTCPConnectionConfiguration.Builder config = XMPPTCPConnectionConfiguration.builder();

config.setSecurityMode(ConnectionConfiguration.SecurityMode.required);

config.setUsernameAndPassword(“user”, “pass”);

config.setServiceName(“raspberrypi”);

config.setHost(“192.168.0.199”);

config.setPort(5222);

config.setDebuggerEnabled(true);

config.setCustomSSLContext(sslctx);

mConnection = new XMPPTCPConnection(config.build());

try {

//Conectamos al servidor
mConnection.connect().login();

System.out.println("Esta conectat? "+ mConnection.isConnected());

} catch (SmackException | IOException | XMPPException e) {

e.printStackTrace();

}

Thanks everyone!.

Can you tell me how you exported cert from keystore of openfire?

This topic was automatically closed 62 days after the last reply. New replies are no longer allowed.