Using libstrophe with TLS but without STARTTLS???

Skip to first unread message

Chris Z

Aug 8, 2014, 4:59:10 AM8/8/14
I am attempting to use libstrophe to connect to Google's CCS server via XMPP.

Unfortunately, I can not get past the initial connection.

Google's documentation says:

"You must initiate a Transport Layer Security (TLS) connection. Note that CCS doesn't currently support the STARTTLS extension."

Unfortunately, I can not find any information in the libstrophe documentation which explains how to initiate a TLS connection.

I was hoping it would "just work" but no such luck. I immediately get disconnected when trying to do conn_open_stream() after the initial connect.

Does anyone have an example of how to force libstrophe to initiate a TLS connection?

I apologize if this question has been asked previously. I did look and could not find anything. Any advice is appreciated.

Chris Z

Aug 8, 2014, 4:25:44 PM8/8/14
A follow up:

I could not find any way to get libstrophe to do this, so I hacked it. My solution was to remove the conn_open_stream() statement from the XMPP_STATE_CONNECTING code in event.c. I then replaced it with the following lines:

        conn->tls = tls_new(conn->ctx, conn->sock);

        if (!tls_start(conn->tls))
            xmpp_debug(conn->ctx, "xmpp", "Couldn't start TLS! error %d", tls_error(conn->tls));
            conn->tls = NULL;
            conn->tls_failed = 1;
            /* failed tls spoils the connection, so disconnect */
            conn->secured = 1;
            conn_prepare_reset(conn, auth_handle_open);


This is the code I found was used for the STARTTLS extension.

Surprisingly, this actually worked and I am now connected to Google's CCS server via libstrophe.

Can anyone think of a more elegant/portable way to solve this problem?

Thank you for any advice.

yl chung

Aug 12, 2014, 4:57:16 AM8/12/14
Hi Chris,

I'm working on strophe + CCS server too, just wonder if you manage to talk to CCS server since I got no response after sent the 
"conn_open_stream" string. 



Sep 15, 2014, 5:51:27 PM9/15/14
Hi Chris,
could you share your working code used to communicate with Google CCS ?


Dmitry Podgorny

Oct 19, 2015, 3:07:21 PM10/19/15
to libstrophe
The feature has been recently implemented in master branch. To start TLS just after TCP connection is established you need to set approptiate flag:
        ret = xmpp_conn_set_flags(conn, XMPP_CONN_FLAG_LEGACY_SSL);
        /* ret is 0 on success */
        ret = xmpp_connect_client(...);

If you need to re-connect the same conn object, but in normal way (with STARTTLS), just clear the flag:
        ret = xmpp_conn_set_flags(conn, 0);

With the flag, xmpp_connect_client() connects to port 5223 unless altport is specified.
Reply all
Reply to author
0 new messages