hi
just to let you know that bombus (http://www.bombus-im.org) has
experimental support for tls.
http://svn.xmpp.ru/repos/bombus/branches/starttls
you will also need a patch for ejabberd servers (attached).
regards
roelof.
Index: TlsProtocolHandler.java
===================================================================
--- TlsProtocolHandler.java (revision 1262)
+++ TlsProtocolHandler.java (working copy)
@@ -157,6 +157,8 @@
private byte[] pms;
private CertificateVerifyer verifyer = null;
+
+ private boolean clientAuth = false;
public TlsProtocolHandler(InputStream is, OutputStream os)
{
@@ -420,6 +422,10 @@
}
break;
case HP_SERVER_HELLO_DONE:
+ if (clientAuth) {
+ sendClientCertificate();
+ }
+
switch (connection_state)
{
@@ -696,9 +702,12 @@
this.failWithError(AL_fatal,
AP_unexpected_message);
}
break;
+ case HP_CERTIFICATE_REQUEST:
+ clientAuth = true;
+ read = true;
+ break;
case HP_HELLO_REQUEST:
case HP_CLIENT_KEY_EXCHANGE:
- case HP_CERTIFICATE_REQUEST:
case HP_CERTIFICATE_VERIFY:
case HP_CLIENT_HELLO:
default:
@@ -714,7 +723,22 @@
while (read);
}
+
+ private void sendClientCertificate() throws IOException
+ {
+ /*
+ * just write back the "no client certificate" message
+ * see also gnutls, auth_cert.c:643 (0B 00 00 03 00 00 00)
+ */
+ ByteArrayOutputStream bos = new ByteArrayOutputStream();
+ TlsUtils.writeUint8(HP_CERTIFICATE, bos);
+ TlsUtils.writeUint24(3, bos);
+ TlsUtils.writeUint24(0, bos);
+ byte[] message = bos.toByteArray();
+ rs.writeMessage((short)RL_HANDSHAKE, message, 0, message.length);
+ }
+
private void processApplicationData()
{
/*
