powered by Jive Software

XIFF, TLS, Google Talk, SecureSocket - PLEASE support the developers

dear staff and developers,

it is frustrating to read through all the (outdated) threads, collect the various patches, apply them correctly, mess around with as3crypto and still not be able to connect to Google Talk or other servers requiring TLS.

please, start to merge the patches into svn head. then we will be able to test things properly and support not-so-hardcore as3 developers in this forum. let us work together to make your release of XIFF 3.0.0 a success - including proper support for TLS on all major xmpp server implementations including Google Talk.

in addition, i’m working on an extension of XMPPConnection that utilizes SecureSocket (http://help.adobe.com/en_US/FlashPlatform/beta/reference/actionscript/3/flash/ne t/SecureSocket.html) of AIR 2.0 which is going to be released soon as a part of Adobe CS5. i’m willing to contribute this class but it still needs lots of testing.

my suggestion of next steps to take:

  • contact authors of the patches, agree on contribution

  • merge patches into svn head

  • write a tutorial on how to get XIFF running with TLS/Google Talk (including a how-to patch and compile as3crypto)

  • release another beta of XIFF

  • start testing, include feedback

  • progress and continue

thank you very much - i’m looking forward to your comments!

Are you working off of the SVN trunk or the last beta release? It kind of seems like you’re still on the beta.

We try to commit patches as they are submitted and tested and as3crypto is included as a compiled swc in the trunk.

If you are referring to the code I posted on the forum which i have not submitted, it is because I do not have the resources to test it on every server and I am developing on an older codebase, which means I am not really in a position to submit it.

If you are testing it and having trouble on other platforms I would be happy to help. If the kinks have been worked out and it works on the latest version we could then submit it.


i’m working off the svn trunk. i would be very helpful to know which patches are included in both xiff and the bundled as3crypto.

thanks, i’m going to try a vanilla svn trunk again and diff that to your patches as soon as possible.

please see http://www.igniterealtime.org/community/message/202513#202513

i’ve spent some days to fix a whole bunch of issues and submit patches accordingly - please have a look at my recent posts. due to the lack of any replies from staff i’m starting to wonder if it makes sense to feed my work back to this community.


Why not just become a SVN committer yourself? I can get you setup with Jira permissions to start creating tickets and attaching patches there. What is your Jira username?


of course, why not. username is gretel.

Great, thanks! I added you to xiff-developers on Jira. I don’t have the power to get you SVN committer rights yet, but will ping the necessary folks on that.


ok, i’m standing by.


Sorry for the delays, I have not been able to get a hold of the guy who can get you access. Still trying.



Are you all set now?


yes, i’ve been busy but just commited my changes to XMPPTLSConnection.as - regards

Hi Gretel,

Is the XIFF library working with GTalk with your modification ?

I try to connect to GTalk using XIFF and the XMPPTLSConnection class. Is it the right class to use (I have downloaded the latest version of the source code yesterday) ?

What parameters must I use concerning the domain, the tlsconfig ?

Thanks in advance for your help.



Regarding the trace I received from the GTalk server, I have :


This mechanism seems to be not taken into account in the XIFF library.

yes it does work with Google Talk, XMPPTLSConnection is the way to go.

you have to check out the source from the subversion respository instead of downloading the release.

the TLS configuration needs to be adjusted to accept commonCertificateMismatchs.

set the domain property according to your account, i.e. ‘googlemail.com’.

Google Talk offers SASL PLAIN which is supported by the XIFF library. google’s token based authentication is announced, but just skipped.

1 Like

Thanks for your response Gretel!

I have downloaded the last version from SVN with your modification (11692).

I have created a little application (AIR) with 2 libraries in reference:

  • xiff

  • as3crypto

I use the FB4 framework to build my application.

When trying to connect to Google, I have the following error:

[IM&PR] :: - Sent:<?xml version="1.0" encoding="UTF-8"?><stream:stream xmlns=“jabber:client” xmlns:stream=“http://etherx.jabber.org/streams” to=“googlemail.com” xml:lang=“en” version=“1.0”>
[IM&PR] :: - Connected to Presence and IM Server
[IM&PR] :: - Received:<stream:stream from=“googlemail.com” id=“C05F97AE99882553” version=“1.0” xmlns:stream=“http://etherx.jabber.org/streams” xmlns=“jabber:client”>stream:featuresX-GOOGLE-TOKEN< /mechanisms></stream:features>
[IM&PR] :: - Sent:
[IM&PR] :: - Code:-1 The server is not configured to support any available SASL mechanisms
[IM&PR] :: - Received:
[IM&PR] :: - Sent:<?xml version="1.0" encoding="UTF-8"?><stream:stream xmlns=“jabber:client” xmlns:stream=“http://etherx.jabber.org/streams” to=“googlemail.com” xml:lang=“en” version=“1.0”>

Error: pure virtual function call: fromDERContent

Here is how I have configured my connection:

tlsConnection = new XMPPTLSConnection();
tlsConnection.port = 5222;
tlsConnection.password = “…”;

tlsConnection.username = “…”;
tlsConnection.domain = “googlemail.com”;
tlsConnection.resource = “xiff”;
tlsConnection.server = “talk.google.com”;
tlsConnection.useAnonymousLogin = false;

I don’t know how to configure the tlsConnection.config object and what is the option to accept “commonCertificateMismatchs”.

Thanks in advance for your help,



everything seems fine, except your version of as3crypto fails. you don’t need to change the TLS configuration - XIFF sets the property i’ve mentioned by itself (which is not a good idea. though).

as3crypto release 1.3, svn (google code) and the one included with XIFF are all flawed.

try using my patched one available at github: