Smack 4.2.3 always uses HostName instead of DomainName when requesting TLS certificate from ejabberd server

cmeng · April 9, 2018, 2:15am

Smack uses the HostName instead of the configured DomainName when requesting TLS certificate from xmpp server.
It is similar to issue openssl CLI with -servicename set to HostName

openssl s_client -servername atalk.sytes.net -connect atalk.sytes.net:5222 -starttls xmpp

instead of using the defined DomainName for -servicename

openssl s_client -servername atalk.org -connect atalk.sytes.net:5222 -starttls xmpp

Please refer to the following link for more information:
[https://github.com/processone/ejabberd/issues/2371#issuecomment-379487165]

Flow · April 9, 2018, 5:45am

Smack doesn’t explicitly use or set SNI. I could imagine that it’s an implicit action of SSLSocketFactory.createSocket(), which is invoked with host and not the XMPP service domain. I’ve created SMACK-813.

cmeng · April 9, 2018, 6:27am

Thanks you for your quick response. I have tested your proposal and verified with wireshark TLSv1.2 “Client Hello” content. It is sending the correct domainName and everything is working now.