Subject: How can I do the work "complete TLS negotiation"
Hi, Alex
when I use the miniclient connect to wildfire is ok,but connect to the test server is can't complete.the debug message like this:
connecting end.//how can that be?
when I use pandion connect to the test server the result is
EVNT: Connecting to chinull
I checked the RFC3920,what can I do in the test server to complete the step 6 ?
In RFC 3920
5.2. Narrative
...
5. The receiving entity MUST reply with either a <proceed/> element
or a <failure/> element qualified by the
'urn:ietf:params:xml:ns:xmpp-tls' namespace. If the failure case
occurs, the receiving entity MUST terminate both the XML stream
and the underlying TCP connection. If the proceed case occurs,
the entities MUST attempt to complete the TLS negotiation over
the TCP connection and MUST NOT send any further XML data until
the TLS negotiation is complete.
6. The initiating entity and receiving entity attempt to complete a
TLS negotiation in accordance with [TLS].
I do the work like "5.3. Client-to-Server Example" describled
but the "setp 6" should did anything?
Step 6: Client and server attempt to complete TLS negotiation over
the existing TCP connection.
when I use the miniclient connect to wildfire is ok,but connect to the test server is can't complete.the debug message like this:
- SEND: <stream:stream to='chinull' xmlns='jabber:client' xmlns:stream='http://etherx.jabber.org/streams' version='1.0' xml:lang='zh-CN'>
- RECV: <stream:stream xmlns:stream="http://etherx.jabber.org/streams" from="localhost" version="1.0" xml:lang="zh-cn" id="16df60b0" >
- RECV: <stream:features xmlns:stream="http://etherx.jabber.org/streams"><register xmlns="http://jabber.org/features/iq-register" /><auth xmlns="http://jabber.org/features/iq-auth" /><mechanisms xmlns="urn:ietf:params:xml:ns:xmpp-sasl"><mechanism>PLAIN</mechanism><mechanism>DIGEST-MD5</mechanism></mechanisms><starttls xmlns="urn:ietf:params:xml:ns:xmpp-tls" /></stream:features>
- SEND: <starttls xmlns="urn:ietf:params:xml:ns:xmpp-tls" />
- RECV: <proceed xmlns="urn:ietf:params:xml:ns:xmpp-tls" />
connecting end.//how can that be?
when I use pandion connect to the test server the result is
EVNT: Connecting to chinull
- SENT: <?xml version="1.0"?>
- SENT: <stream:stream to="chinull" xml:lang="zh-cn" xmlns="jabber:client" xmlns:stream="http://etherx.jabber.org/streams" version="1.0">
- RECV: <stream:stream from="localhost" version="1.0" xml:lang="zh-cn" xmlns="jabber:client" xmlns:stream="http://etherx.jabber.org/streams" id="6bf31f61">
- RECV: <stream:features xmlns:stream="http://etherx.jabber.org/streams"><register xmlns="http://jabber.org/features/iq-register"></register><auth xmlns="http://jabber.org/features/iq-auth"></auth><mechanisms xmlns="urn:ietf:params:xml:ns:xmpp-sasl"><mechanism>PLAIN</mechanism><mechanism>DIGEST-MD5</mechanism></mechanisms><starttls xmlns="urn:ietf:params:xml:ns:xmpp-tls"></starttls></stream:features>
- SENT: <starttls xmlns="urn:ietf:params:xml:ns:xmpp-tls"/>
- RECV: <proceed xmlns="urn:ietf:params:xml:ns:xmpp-tls"></proceed>
I checked the RFC3920,what can I do in the test server to complete the step 6 ?
In RFC 3920
5.2. Narrative
...
5. The receiving entity MUST reply with either a <proceed/> element
or a <failure/> element qualified by the
'urn:ietf:params:xml:ns:xmpp-tls' namespace. If the failure case
occurs, the receiving entity MUST terminate both the XML stream
and the underlying TCP connection. If the proceed case occurs,
the entities MUST attempt to complete the TLS negotiation over
the TCP connection and MUST NOT send any further XML data until
the TLS negotiation is complete.
6. The initiating entity and receiving entity attempt to complete a
TLS negotiation in accordance with [TLS].
I do the work like "5.3. Client-to-Server Example" describled
but the "setp 6" should did anything?
Step 6: Client and server attempt to complete TLS negotiation over
the existing TCP connection.