Closed TitusSun closed 4 years ago
jubalh
commented
4 years ago That tells you that you don't have the necessary development files. It is looking for the gnutls header which you obviously haven't installed.
Does have nothing to do with support.
It means it can't build the example. You need to install libgnutls-devel or whatever the name is for your distro.
pasis
commented
4 years ago Hi @TitusSun. libstrophe supports TLS. I assume you try to build library for Android with ndk-build, right? In this case jni/Android.mk indeed builds tls_dummy.c without TLS support. This was done, because including openssl for Android native projects is non-trivial. You will need to build openssl (or any of its fork) manually and update jni/Android.mk to include proper path for openssl headers and replace tls_dummy.c with tls_openssl.c. Notice, you have to include exactly one tls_*.c file.
Alternatively, you can try Termux project, which includes libstrophe with openssl support.
TitusSun
commented
4 years ago @pasis Thanks for your response. Yes, you are right. I replace tls_dummy.c with tls_openssl.c and intergrate the openssl1.1.1g open source as a libry. The problem is when I connect to xmpp server which enable TLS, it appear below error:
xmpp DEBUG Connecting via altdomain.
xmpp DEBUG found != XMPP_DOMAIN_NOT_FOUND
xmpp DEBUG _conn_connect
xmpp DEBUG sock_connect() to xmpp.prepro.cvattv.com.ar:5222 returned 3
xmpp DEBUG Attempting to connect to xmpp.prepro.cvattv.com.ar
xmpp DEBUG xmpp_free
xmpp DEBUG connection successful
xmpp DEBUG conn_established
xmpp DEBUG conn_open_stream
conn DEBUG SENT: <?xml version="1.0"?>
I want to add the certficatiion file, but I found the inferface named tls_set_credentials in the Tls_openssl.c is empty. so we implement it by oursefves, right?
pasis
commented
4 years ago Regarding tls_set_credentials() check #164.
Regarding error in the logs. I don't see incoming <stream>. Have you removed it from the logs?
TitusSun
commented
4 years ago @pasis here is the full log, pls check.
HP40A2:/ # xmpp_jid_domain
xmpp DEBUG Connecting via altdomain.
xmpp DEBUG found != XMPP_DOMAIN_NOT_FOUND
xmpp DEBUG _conn_connect
xmpp DEBUG sock_connect() to xmpp.prepro.cvattv.com.ar:5222 returned 3
xmpp DEBUG Attempting to connect to xmpp.prepro.cvattv.com.ar
xmpp DEBUG xmpp_free
xmpp DEBUG connection successful
xmpp DEBUG conn_established
xmpp DEBUG conn_open_stream
conn DEBUG SENT: <?xml version="1.0"?>
pasis
commented
4 years ago Btw, is it enough just to trust this certificate? Or you want to supply your own certificate with your application and trust only it?
There is flag XMPP_CONN_FLAG_TRUST_TLS which would allow you to connect without error (however, it simply ignores certificate verification process and can be harmful in case of MitM attacks).
TitusSun
commented
4 years ago @pasis yes, I need to apply my private certification. so what api should I use?
pasis
commented
4 years ago So, to connect and trust self-signed certificate:
xmpp_conn_t *conn = xmpp_conn_new(ctx);
xmpp_conn_set_flags(conn, XMPP_CONN_FLAG_TRUST_TLS); // <- this is how to trust certificate
xmpp_connect_client(conn, host, 0, conn_handler, ctx);Note that you need to set flags before connecting. For more info, refer to example: https://github.com/strophe/libstrophe/blob/master/examples/basic.c
pasis
commented
4 years ago Closing this ticket as we have #164 to track the private certificates.
Hi the default use the tls_dummy file. but it's just abstract interface without implementation. when I change the other for example tls_openssl, it eppears: libs/libstrophe-master/jni/../src/tls_gnutls.c:16:10: fatal error: 'gnutls/gnutls.h' file not found
it doesn't support the TLS, right?