powered by Jive Software

Problems with SSL/TLS and Smack 4.0.0

Hey,

I’ve been playing around with the Smack (4.0.0) library but am getting problems connecting my client to an OpenFire server securely. I’ve tried http://stackoverflow.com/questions/10850300/using-the-android-truststore-for-asm ack-in-android-4-ics but it appears that the calls to setTrustStore…() are have been removed from the V4 library. I believe this is related to a bug in the TrustManager accepting all certificates.

I’m struggling a bit to find examples / explanations about how to use smack to securely connect to an Openfire server. Could anyone point me towards some resources?

I’m developing for android using aSmack, but understand that the APIs are the same.

Cheers,

Rich

You need to provide a SSLContext that suits your needs. An example is given here: https://github.com/Flowdalic/asmack/wiki/Truststore

For anyone else who’s having trouble with this, read this first…

This implementation works well but it didn’t work on older API levels. My initial development was done on an early Gingerbread device (2.3.5 - API level 10). I know that the way certificates were handled by Android was changed after Gingerbread. I still can’t seem to get this device to connect securely to OpenFire regardless of what I do. This code works fine on newer devices (I tested on 4.4).

This implementation works well but it didn’t work on older API levels.

While Android added improved keystore support in KitKat (4.0) IIRC, it’s not really an issue of the Android API level, but, as said before, you need to provide an SSLContext that suits your needs. If you don’t, then aSmack will use the System default SSLContext (which may be different between Android API levels).