Using libstrophe with TLS but without STARTTLS???
326 views
Skip to first unread message
Chris Z
Aug 8, 2014, 4:59:10 AM8/8/14
to libst...@googlegroups.com
I am attempting to use libstrophe to connect to Google's CCS server via XMPP.
Unfortunately, I can not get past the initial connection.
Google's documentation says:
"You must initiate a Transport Layer Security (TLS) connection. Note that CCS doesn't currently support the STARTTLS extension."
Unfortunately, I can not find any information in the libstrophe documentation which explains how to initiate a TLS connection.
I was hoping it would "just work" but no such luck. I immediately get disconnected when trying to do conn_open_stream() after the initial connect.
Does anyone have an example of how to force libstrophe to initiate a TLS connection?
I apologize if this question has been asked previously. I did look and could not find anything. Any advice is appreciated.
Unfortunately, I can not get past the initial connection.
Google's documentation says:
"You must initiate a Transport Layer Security (TLS) connection. Note that CCS doesn't currently support the STARTTLS extension."
Unfortunately, I can not find any information in the libstrophe documentation which explains how to initiate a TLS connection.
I was hoping it would "just work" but no such luck. I immediately get disconnected when trying to do conn_open_stream() after the initial connect.
Does anyone have an example of how to force libstrophe to initiate a TLS connection?
I apologize if this question has been asked previously. I did look and could not find anything. Any advice is appreciated.
Chris Z
Aug 8, 2014, 4:25:44 PM8/8/14
to libst...@googlegroups.com
A follow up:
I could not find any way to get libstrophe to do this, so I hacked it. My solution was to remove the conn_open_stream() statement from the XMPP_STATE_CONNECTING code in event.c. I then replaced it with the following lines:
conn->tls = tls_new(conn->ctx, conn->sock);
if (!tls_start(conn->tls))
{
xmpp_debug(conn->ctx, "xmpp", "Couldn't start TLS! error %d", tls_error(conn->tls));
tls_free(conn->tls);
conn->tls = NULL;
conn->tls_failed = 1;
/* failed tls spoils the connection, so disconnect */
xmpp_disconnect(conn);
}
else
{
conn->secured = 1;
conn_prepare_reset(conn, auth_handle_open);
conn_open_stream(conn);
}
This is the code I found was used for the STARTTLS extension.
Surprisingly, this actually worked and I am now connected to Google's CCS server via libstrophe.
Can anyone think of a more elegant/portable way to solve this problem?
Thank you for any advice.
I could not find any way to get libstrophe to do this, so I hacked it. My solution was to remove the conn_open_stream() statement from the XMPP_STATE_CONNECTING code in event.c. I then replaced it with the following lines:
conn->tls = tls_new(conn->ctx, conn->sock);
if (!tls_start(conn->tls))
{
xmpp_debug(conn->ctx, "xmpp", "Couldn't start TLS! error %d", tls_error(conn->tls));
tls_free(conn->tls);
conn->tls = NULL;
conn->tls_failed = 1;
/* failed tls spoils the connection, so disconnect */
xmpp_disconnect(conn);
}
else
{
conn->secured = 1;
conn_prepare_reset(conn, auth_handle_open);
conn_open_stream(conn);
}
This is the code I found was used for the STARTTLS extension.
Surprisingly, this actually worked and I am now connected to Google's CCS server via libstrophe.
Can anyone think of a more elegant/portable way to solve this problem?
Thank you for any advice.
yl chung
Aug 12, 2014, 4:57:16 AM8/12/14
to libst...@googlegroups.com
Hi Chris,
I'm working on strophe + CCS server too, just wonder if you manage to talk to CCS server since I got no response after sent the
"conn_open_stream" string.
"conn_open_stream" string.
Regards.
Mark
Sep 15, 2014, 5:51:27 PM9/15/14
to libst...@googlegroups.com
Hi Chris,
could you share your working code used to communicate with Google CCS ?
Thanks!
Dmitry Podgorny
Oct 19, 2015, 3:07:21 PM10/19/15
to libstrophe
The feature has been recently implemented in master branch. To start TLS just after TCP connection is established you need to set approptiate flag:
ret = xmpp_conn_set_flags(conn, XMPP_CONN_FLAG_LEGACY_SSL);
/* ret is 0 on success */
ret = xmpp_connect_client(...);
If you need to re-connect the same conn object, but in normal way (with STARTTLS), just clear the flag:
ret = xmpp_conn_set_flags(conn, 0);
With the flag, xmpp_connect_client() connects to port 5223 unless altport is specified.
ret = xmpp_conn_set_flags(conn, XMPP_CONN_FLAG_LEGACY_SSL);
/* ret is 0 on success */
ret = xmpp_connect_client(...);
If you need to re-connect the same conn object, but in normal way (with STARTTLS), just clear the flag:
ret = xmpp_conn_set_flags(conn, 0);
With the flag, xmpp_connect_client() connects to port 5223 unless altport is specified.
Reply all
Reply to author
Forward
0 new messages