powered by Jive Software

Smack 4.2.3 always uses HostName instead of DomainName when requesting TLS certificate from ejabberd server

android

#1

Smack uses the HostName instead of the configured DomainName when requesting TLS certificate from xmpp server.
It is similar to issue openssl CLI with -servicename set to HostName

openssl s_client -servername atalk.sytes.net -connect atalk.sytes.net:5222 -starttls xmpp

instead of using the defined DomainName for -servicename

openssl s_client -servername atalk.org -connect atalk.sytes.net:5222 -starttls xmpp

Please refer to the following link for more information:
[https://github.com/processone/ejabberd/issues/2371#issuecomment-379487165]


#2

Smack doesn’t explicitly use or set SNI. I could imagine that it’s an implicit action of SSLSocketFactory.createSocket(), which is invoked with host and not the XMPP service domain. I’ve created SMACK-813.


#3

Thanks you for your quick response. I have tested your proposal and verified with wireshark TLSv1.2 “Client Hello” content. It is sending the correct domainName and everything is working now.