Problem with OpenFire 4.6.4 and Smack in full localhost setup

hnbeck · October 3, 2021, 12:04pm

Hi,

I’ve installed OpenFire on a Win10 box in localhost installation (meaning domain/host is localhost), and I created two accounts. The other default settings I’ve not changed.

Then I use the simple sample code for smack as is:

XMPPTCPConnectionConfiguration config = XMPPTCPConnectionConfiguration.builder()
                    .setUsernameAndPassword("aAccount","XXXX")
                    .setXmppDomain("localhost")
                    .setHost("localhost")
                    .setSecurityMode(ConnectionConfiguration.SecurityMode.required)
                    .build();

            AbstractXMPPConnection connection = new XMPPTCPConnection(config);
           // Connect to the server
            connection.connect();
            connection.login();

Now, the result (in IntelliJ/IDEA) is using Java SDK 16

Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

The same code works with an external XMPP server, for example jabber.de !
It works also security disabled when connect to localhost. In Openfire, a self certified certificate for localhost is there, so …?

I’m completely lost what to try next. Do I need special options in OpenFire for this localhost setting? Client certifcate verification, or what ever?

Thank you very much for any hints

Cheers

Hans

guus · October 4, 2021, 10:07am

You’re right: Smack is refusing to connect, because your server uses either an invalid or a self-signed certificate.

Try changing the security mode that you’ve configued in the fifth line of that snippet from “required” to “disabled”. If memory serves, that should do it.

hnbeck · October 4, 2021, 11:20am

Hi,

ah, thanks for the info. But to turn it other way around, there is no way to test security in localhost setup ?

Cheers

Hans

guus · October 4, 2021, 11:25am

Sure there is, but that requires manual management of the certificates that are being used. You’ll need to somehow create an environment where Smack trusts the certificates that are used by Openfire. You could install different certificates in Openfire and/or configure Smack to trust the certificates that are currently being used by Openfire.

All this feels a bit like a moot exercise if you’re using self-signed certificates on localhost. I’m not sure exactly what such a test would ‘prove’, as it’s hardly representative of a real-world test.