Ssl

Smack Smack Dev
1

Hi Matt,

In trying to test connecting via SSL it fails at:

org.jivesoftware.smack.XMPPException: Connection failed. No response from server.

at org.jivesoftware.smack.PacketReader.startup(PacketReader.java:191)

at org.jivesoftware.smack.XMPPConnection.init(XMPPConnection.java:523)

at org.jivesoftware.smack.SSLXMPPConnection.(SSLXMPPConnection.java:94)

at us.insurgent.javeren.comm.JavComm.openChannel(JavComm.java:90)

at us.insurgent.javeren.comm.TestComm.testCommUsingSSL(TestComm.java:122)

which is accomanied by a whole boatload of stuff similar to:

Caused by: java.security.cert.CertificateException: Untrusted Server Certificate Chain

at com.sun.net.ssl.X509TrustManagerJavaxWrapper.checkServerTrusted(DashoA6275)

at com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkServerTrusted(DashoA6275 )

… 16 more

I see in the code you are setting up a trust manager to accept any cert so long as the date is OK but I don’‘t see “Dummy…” in the stack traces (perhaps it’‘s hidden in the “… 16 more” part). I haven’‘t set up SSL on my local jabber server so I was testing the SSL using jabber.org’‘s server. I don’‘t know if their cert date is the problem or if it’'s something else. I can connect with two other clients (Exodus and JAJC) but have no idea if they check anything about the cert.

Any ideas on this?

Take care,

John

2

John,

You may want to try testing SSL against the jivesoftware.com server. It’‘s always worked before in my testing. Basically, the only check that Smack does at all is to make sure the date on the certificate is valid. So, it’'s likely that the cert at jabber.org is using an expired cert?

Regards,

Matt

3

Matt,

This is indeed the case. It connected to jivesoftware.com fine. None of the jabber clients let you view the cert info so I pointed a browser at port 5223 and shows the cert as basically being a bogus one probably just to facilitate an SSL connection without paying the extortionary rates

Perhaps if the SSLXMPPConnection constructor was changed to accept any flag to either accept invalid cert or not, or accept all cert and add a method isValidCert() and let the program decide if it want to continue or not? I know I’'ve used expired certs before and have used “invalid” certs on a different domain to allow users to access webmail using SSL without shelling out more $$$.

Take care,

John