XIFF, TLS, Google Talk, SecureSocket - PLEASE support the developers

dunno what’s wrong, i’m very busy at the moment. try getting the source of as3crypto (from my git) and compile it with that property set to true as default.

Hi Gretel,

Sorry if I have disturbing you…

I have successfully connected to Google Talk (good news!), but with the following strange modifications:

  • in TLSEngine (line 816), the _config.ignoreCommonNameMismatch was always to false, so, like you said, I have hard coded the ignoreCommonNameMismatch to true in the TLSConfig file.

  • I must use domain=“gmail.com” instead of “googlemail.com” perhaps because my account is linked to two address (one in gmail.com and one in free.fr) else I receive an error.

So I think, I don’t have success to configure my TLSConfig. If you have time to check this point later…

Thanks for your help and for making Google Talk accessible from Flex

Regards,

Olivier

great news! XIFF is still far from being perfect or at least easily usable with servers requiring TLS. thanks for testing and providing feeback.

Hi Gretel,

My new problem is that when I’m in my office desk, I’m behind a proxy. I have the following trace:

<?xml version="1.0" encoding="UTF-8"?>

<stream:stream from=“gmail.com” id=“011B96E2E321A9A6” version=“1.0” xmlns:stream=“http://etherx.jabber.org/streams” xmlns=“jabber:client”>
stream:featuresX-GOOGLE-TOKEN< /mechanisms></stream:features>
Code:-1 The server is not configured to support any available SASL mechanisms

I was expecting rather to not get any answer. It look like yesterday the problem with the old version of as3crypto.

Is there a way to work with proxy (only host and port, no authentication) ?

I have tried to compile the as3crypto and the xiff library using the RFC2817Socket class and adding a setProxyInfo(…) each before the connect() but without succes.

Have you an other idea to go through the proxy ?

Thanks in advance,

Olivier

no, sorry. i guess i depends on the type of proxy - never tried it with any proxy, though. you could try using BOSH instead.

I was using XMPPTLSConenction to connect to an Openfire server using TLS.

However, I kept getting the error : " Can not verify certificate"!.

Openfire generates self signed certificates, so I made config.trustselfsignedcertificates=true;

However the error persisted.

After some debugging, I found the error to be at Line 224 in XMPPTLSConnection.as, which did not send the TLSConfig object to startTLS(), which took default value as null and passed that to init() which created a new TLSConfig object, thereby ignoring my chage to config.trustSelfSignedCertificates.

The error can be resolved by simply changing line 224 to:

_tlsSocket.startTLS(socket, this.server,_config);

Cheers

You’re right Anshul… I was actually already in the process of updating this class for this reason. It’ll be up soon.

XIFF-74 was created to reference this issue and has now been resolved.

XIFF has been updated so that TLS is now successfully working to connect to Google Talk (at least in my tests) with the default classes in the trunk without any patches necessary for the end user.

Please test as well, these updates will be included in the 3.0.1 release.

Note: When connecting with Google Talk, you will need to ignore common name mismatches in the config.

Example code:

var connection:XMPPTLSConnection = new XMPPTLSConnection();
var config:TLSConfig = new TLSConfig( TLSEngine.CLIENT );
config.ignoreCommonNameMismatch = true;
connection.config = config;

Server should be: talk.google.com

Hi Mark,

I am not able to log on to Google Talk. How are we handling the X-Google-Token Mechanism?

Just to verify, you are using the latest trunk?

Google Talk also offers SASL PLAIN. X-Google-Token is skipped for PLAIN.

My connection was setup with domain = gmail.com and server = talk.google.com.

Any details you can provide?

1 Like

The trace output I am getting :

IncomingDataEvent

Error :The server is not configured to support any available SASL mechanisms

Type 2 method: 1ms

PKCS#1 unpad: i=1, expected b[i]==1, got b[i]=8f

TLSEngine shutdown triggered by Error: Decrypt error - padding function returned null!

From: Anshul Goel

Sent: Wednesday, September 01, 2010 3:44 PM

To: Anshul Goel

Subject: RE: - Re: XIFF, TLS, Google Talk, SecureSocket - PLEASE support the developers

I also added “X-GOOGLE-TOKEN” to saslMechanisms but still get the error. Which version of as3crypto are you using?

You should be using the as3crypto that is included in the trunk.

That crypto version is patched correctly to handle Google Talk.

And again, you should not need X_GOOGLE_TOKEN.

If you want to PM me a link to your code, I can verify what you have.

After syncing the latest XIFF code I am getting this error :

IncomingDataEvent

Error :Unknown Error

Not much to go on there.

Can you share some code?

_connection = new XMPPTLSConnection();

_connection.username = username;

_connection.password = password;

_connection.server = server;

_connection.port = 5222;

if(server==“talk.google.com”)_connection.domain= “gmail.com”;

if(useTLS)

{_connection.tls=true;

_connection.config=new TLSConfig(TLSEngine.CLIENT);

_connection.config.trustSelfSignedCertificates=true;

_connection.config.ignoreCommonNameMismatch=true;

}

return connection.connect(XMPPConnection.STREAMTYPE_FLASH);

Remove:

_connection.config.trustSelfSignedCertificates=true;

It works now…

Thanks.

Why was this causing a problem??

as3crypto has a known bug regarding the RSAKey class returning null in a padding function.

Unfortunately, as3crypto has not been touched in a while and I haven’t found anyone that has successfully patched this issue.

So, at least for Google Talk, you can just set trustSelfSignedCertificates to false and it works.