Hello world
I have openfire 3.10 and smack 4.10 on Android. How to make TLS connection, somebody help me. I`m not find fully documentaion about these theme.
XMPP work via internet and not many users, but i need secure this connection fully.
How I see this situation:
1) instal openfire
-openfire generate 2 SELF-signed certificates RSA and DSA (and shows that their PENDING VERIFICATION);
I make own CA via openssl (openssl ca.pl -newca)
I sign regusets(I copy text from server_settings/server certificates in rsa.crt file and dsa.crt files) , which generated openfire, (OpenSSL> ca -days 3650 -out rsa_sign.crt -in rsa.crt)
Add own ca to truststore in OPENFIRE/resourse/security/trustore
Add data BEGIN....END from rsa_sign.crt to reply box in server_settings/server certificates
Then openfire shows "CA signed" about rsa and dsa certificates.
2) install on android
add cert from own CA(how i understand, that is public certificate, which I add to truststore in openfire)
XMPPTCPConnectionConfiguration.Builder configBuilder = XMPPTCPConnectionConfiguration.builder();
configBuilder.setHost(HOST);
configBuilder.setPort(PORT); //5222 and in openfire 5222
configBuilder.setUsernameAndPassword(USERNAME,PASSWORD);
configBuilder.setResource(RESOURCENAME);
configBuilder.setSendPresence(true);
configBuilder.setSecurityMode(ConnectionConfiguration.SecurityMode.required);
configBuilder.setDebuggerEnabled(true);
configBuilder.setServiceName(SERVICENAME);
configBuilder.setEnabledSSLProtocols(new String[]{"TLS"});
CertificateFactory cf = CertificateFactory.getInstance("X.509");
InputStream caInput = new BufferedInputStream(getResources().openRawResource(R.raw.cacert));// i copy public CA cert in res/raw
Certificate ca=cf.generateCertificate(caInput);
String keyStoreType = KeyStore.getDefaultType();
KeyStore keyStore = KeyStore.getInstance(keyStoreType);
keyStore.load(null, null);
keyStore.setCertificateEntry("ca", ca);
String tmfAlgorithm = TrustManagerFactory.getDefaultAlgorithm();
TrustManagerFactory tmf = TrustManagerFactory.getInstance(tmfAlgorithm);
tmf.init(keyStore);
SSLContext context = SSLContext.getInstance("TLS");
context.init(null, tmf.getTrustManagers(), null);
configBuilder.setSocketFactory(context.getSocketFactory());
I get error
javax.net.ssl.SSLHandshakeException: javax.net.ssl.SSLProtocolException: SSL handshake aborted: ssl=0x60a36978: Failure in SSL library, usually a protocol error
05-18 21:11:54.411 13089-13114/test.justtest W/System.err﹕ error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol (external/openssl/ssl/s23_clnt.c:766 0x5faa0d5c:0x00000000)
W/System.err﹕ at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.ja va:448)
W/System.err﹕ at com.android.org.conscrypt.OpenSSLSocketImpl$SSLInputStream.<init>(OpenSSLSocket Impl.java:661)
W/System.err﹕ at com.android.org.conscrypt.OpenSSLSocketImpl.getInputStream(OpenSSLSocketImpl.ja va:632)
W/System.err﹕ at org.jivesoftware.smack.tcp.XMPPTCPConnection.initReaderAndWriter(XMPPTCPConnect ion.java:642)
W/System.err﹕ at org.jivesoftware.smack.tcp.XMPPTCPConnection.initConnection(XMPPTCPConnection.j ava:612)
W/System.err﹕ at org.jivesoftware.smack.tcp.XMPPTCPConnection.connectInternal(XMPPTCPConnection. java:834)
W/System.err﹕ at org.jivesoftware.smack.AbstractXMPPConnection.connect(AbstractXMPPConnection.ja va:360)
So, I need still generated certificate for client and put it on raw folder? (I trying and get same error). I think, i wrong generated certificates or anything,but I don`t how make right, please help me..
(SORRY FOR MY VERY BAD ENGLISH =))
Used libs:
jxmpp-core-0.4.1.jar
jxmpp-util-cache-0.4.1.jar
smack-android-4.1.0.jar
smack-core-4.1.0.jar
smack-extensions-4.1.0.jar
smack-sasl-provided-4.1.0.jar
smack-tcp-4.1.0.jar
Certificate for Android I convert to PEM format OpenSSL> x509 -inform PEM -outform DER -in cacert.pem -out cacert.der
Сообщение отредактировано: dizel