powered by Jive Software

Smack 4.2.3 always uses HostName instead of DomainName when requesting TLS certificate from ejabberd server

Smack uses the HostName instead of the configured DomainName when requesting TLS certificate from xmpp server.
It is similar to issue openssl CLI with -servicename set to HostName

openssl s_client -servername atalk.sytes.net -connect atalk.sytes.net:5222 -starttls xmpp

instead of using the defined DomainName for -servicename

openssl s_client -servername atalk.org -connect atalk.sytes.net:5222 -starttls xmpp

Please refer to the following link for more information:
[https://github.com/processone/ejabberd/issues/2371#issuecomment-379487165]

Smack doesn’t explicitly use or set SNI. I could imagine that it’s an implicit action of SSLSocketFactory.createSocket(), which is invoked with host and not the XMPP service domain. I’ve created SMACK-813.

Thanks you for your quick response. I have tested your proposal and verified with wireshark TLSv1.2 “Client Hello” content. It is sending the correct domainName and everything is working now.