Subject: Using TLS
Hi Alex
I have been looking at setting a server to TLS. I am pretty sure I have got this working before, but I am now having problems and I am unsure where to start.
I have configured an Isode server to use TLS (with self-certified certs) and using Psi and Pidgin I can connect using TLS (both of which ask me to accept the certificate, as expected).
Using Matrix, I have set the the property StartTls and have implemented the code snippet that I have seen here before for acceptance of certificates. My code is:
using the same values, the application connects correctly when StartTls is set to false, but never properly gets going when set to true. When set to "true", the diagnostic output looks like this:
This looks like the server was waiting for the client to carry on with authentication, but nothing happens. As I said earlier, I used your snippet for handling a self-signed cert, but this event never gets called.
I feel like I am missing something really obvious.
Regards
John
I have been looking at setting a server to TLS. I am pretty sure I have got this working before, but I am now having problems and I am unsure where to start.
I have configured an Isode server to use TLS (with self-certified certs) and using Psi and Pidgin I can connect using TLS (both of which ask me to accept the certificate, as expected).
Using Matrix, I have set the the property StartTls and have implemented the code snippet that I have seen here before for acceptance of certificates. My code is:
client.Port = 5222;
client.Hostname = txtServer.Text;
client.XmppDomain = txtDomain.Text;
client.Username = txtUsername.Text;
client.Password = txtPassword.Text;
client.StartTls = checkBox1.Checked;
client.Open();
client.Hostname = txtServer.Text;
client.XmppDomain = txtDomain.Text;
client.Username = txtUsername.Text;
client.Password = txtPassword.Text;
client.StartTls = checkBox1.Checked;
client.Open();
using the same values, the application connects correctly when StartTls is set to false, but never properly gets going when set to true. When set to "true", the diagnostic output looks like this:
[7036] SEND: <stream:stream xmlns:stream="http://etherx.jabber.org/streams" xmlns="jabber:client" to="acme.com" version="1.0" >
[7036] RECV: <stream:stream xmlns:stream="http://etherx.jabber.org/streams" xmlns="jabber:client" from="acme.com" id="23f30904d5624f4f" version="1.0" >
[7036] RECV: <stream:features xmlns:stream="http://etherx.jabber.org/streams">
[7036] <starttls xmlns="urn:ietf:params:xml:ns:xmpp-tls" />
[7036] <mechanisms xmlns="urn:ietf:params:xml:ns:xmpp-sasl">
[7036] <mechanism>SCRAM-SHA-1</mechanism>
[7036] <mechanism>PLAIN</mechanism>
[7036] <mechanism>NTLM</mechanism>
[7036] <mechanism>GSSAPI</mechanism>
[7036] <mechanism>GSS-SPNEGO</mechanism>
[7036] <mechanism>DIGEST-MD5</mechanism>
[7036] <mechanism>CRAM-MD5</mechanism>
[7036] </mechanisms>
[7036] <compression xmlns="http://jabber.org/features/compress">
[7036] <method>zlib</method>
[7036] </compression>
[7036] <ver xmlns="urn:xmpp:features:rosterver">
[7036] <optional />
[7036] </ver>
[7036] </stream:features> THREAD 10
[7036] client_OnStreamFeatures <stream:features xmlns:stream="http://etherx.jabber.org/streams">
[7036] <starttls xmlns="urn:ietf:params:xml:ns:xmpp-tls" />
[7036] <mechanisms xmlns="urn:ietf:params:xml:ns:xmpp-sasl">
[7036] <mechanism>SCRAM-SHA-1</mechanism>
[7036] <mechanism>PLAIN</mechanism>
[7036] <mechanism>NTLM</mechanism>
[7036] <mechanism>GSSAPI</mechanism>
[7036] <mechanism>GSS-SPNEGO</mechanism>
[7036] <mechanism>DIGEST-MD5</mechanism>
[7036] <mechanism>CRAM-MD5</mechanism>
[7036] </mechanisms>
[7036] <compression xmlns="http://jabber.org/features/compress">
[7036] <method>zlib</method>
[7036] </compression>
[7036] <ver xmlns="urn:xmpp:features:rosterver">
[7036] <optional />
[7036] </ver>
[7036] </stream:features>
[7036] SEND: <starttls xmlns="urn:ietf:params:xml:ns:xmpp-tls" />
[7036] RECV: <proceed xmlns="urn:ietf:params:xml:ns:xmpp-tls" />
[7036] client_OnClose
[7036] RECV: <stream:stream xmlns:stream="http://etherx.jabber.org/streams" xmlns="jabber:client" from="acme.com" id="23f30904d5624f4f" version="1.0" >
[7036] RECV: <stream:features xmlns:stream="http://etherx.jabber.org/streams">
[7036] <starttls xmlns="urn:ietf:params:xml:ns:xmpp-tls" />
[7036] <mechanisms xmlns="urn:ietf:params:xml:ns:xmpp-sasl">
[7036] <mechanism>SCRAM-SHA-1</mechanism>
[7036] <mechanism>PLAIN</mechanism>
[7036] <mechanism>NTLM</mechanism>
[7036] <mechanism>GSSAPI</mechanism>
[7036] <mechanism>GSS-SPNEGO</mechanism>
[7036] <mechanism>DIGEST-MD5</mechanism>
[7036] <mechanism>CRAM-MD5</mechanism>
[7036] </mechanisms>
[7036] <compression xmlns="http://jabber.org/features/compress">
[7036] <method>zlib</method>
[7036] </compression>
[7036] <ver xmlns="urn:xmpp:features:rosterver">
[7036] <optional />
[7036] </ver>
[7036] </stream:features> THREAD 10
[7036] client_OnStreamFeatures <stream:features xmlns:stream="http://etherx.jabber.org/streams">
[7036] <starttls xmlns="urn:ietf:params:xml:ns:xmpp-tls" />
[7036] <mechanisms xmlns="urn:ietf:params:xml:ns:xmpp-sasl">
[7036] <mechanism>SCRAM-SHA-1</mechanism>
[7036] <mechanism>PLAIN</mechanism>
[7036] <mechanism>NTLM</mechanism>
[7036] <mechanism>GSSAPI</mechanism>
[7036] <mechanism>GSS-SPNEGO</mechanism>
[7036] <mechanism>DIGEST-MD5</mechanism>
[7036] <mechanism>CRAM-MD5</mechanism>
[7036] </mechanisms>
[7036] <compression xmlns="http://jabber.org/features/compress">
[7036] <method>zlib</method>
[7036] </compression>
[7036] <ver xmlns="urn:xmpp:features:rosterver">
[7036] <optional />
[7036] </ver>
[7036] </stream:features>
[7036] SEND: <starttls xmlns="urn:ietf:params:xml:ns:xmpp-tls" />
[7036] RECV: <proceed xmlns="urn:ietf:params:xml:ns:xmpp-tls" />
[7036] client_OnClose
This looks like the server was waiting for the client to carry on with authentication, but nothing happens. As I said earlier, I used your snippet for handling a self-signed cert, but this event never gets called.
I feel like I am missing something really obvious.
Regards
John