xmpp.js icon indicating copy to clipboard operation
xmpp.js copied to clipboard

Published 20 hours ago verified publisher icon xmppjs

Manual handling SSL Errors (eg. On self signed certificates)

Open pc-magas opened this issue 6 years ago • 7 comments

Sometime during there is a use of self-signed certificates for example:

  • Hosting an internal org xmpp server
  • Having a development environent.

Therefore I want somehow when my node.js app using the @xmpp/client library to be able to handle these situations manually eg. via asking the user whether to accept the certificate or not or logging that the specific situation resulted on a self-signed certificate TLS connection.

So In my case I did the following small node.js dummy client:

const {client, xml, jid} = require('@xmpp/client')

const initXmpp=function(xmpp){

  xmpp.on('error', err => {
    console.error("Error occured",err.toString())
    // dialog.showErrorBox('Internal Error',err.toString())
  })

  xmpp.on('offline', () => {
    console.log('🛈', 'offline')
  })

  xmpp.on('online', async address => {
    dialog.showMessageBox({'type':'info','message':"Online as:"+address.toString()})
  })

  xmpp.on('stanza', stanza => {
    console.log('⮈', stanza.toString())
    xmpp.stop()
  })

  process.on('unhandledRejection', function (reason, p) {
    console.error('Possibly Unhandled Rejection at: Promise ', p, ' reason: ', reason)
  })

  try{
    xmpp.start()
  } catch(e) {
    console.error(e.message)
  }
}

try{
  clientInstance=new client({
    'service':"xmpp://0.0.0.0:5222",
    'domain': "example.com",
    'username':"admin",
    'password':"admin",
  });

  initXmpp(clientInstance);
} catch(e) {
  console.error(e);
}

And using docker I setup an openfire 3.10.3 xmpp server:

version: '3'
services:
  openfire:
    image: sameersbn/openfire
    ports:
      - "9090:9090"
      - "5222:5222"
      - "7777:7777"
      - "7070:7070"
      - "7443:7443"
    volumes:
      - "./volumes/openfire:/var/lib/openfire"

Even though my openfire version is an outdated one the issue is that somehow I need manually to handle TLS and error generally that happen during connection from client to the server. For now in TLS Self signed certificate case there's no way to manually handle the connection.

pc-magas avatar Nov 22 '18 11:11 pc-magas

If you are use Node JS, try this image

tbto avatar Nov 23 '18 01:11 tbto

What about electron? Also I want somehow the end user to select whether to accept self-signed certificates or not. Therefore I need some sort of more manual approach (eg.via providing your own connection implementation).

pc-magas avatar Nov 23 '18 13:11 pc-magas

There are ways to do that now but requires writing custom code.

I'm open to having such feature built-in.

There are multiple paths where TLS can be used:

Of course this feature can only be supported on Node.js.

All of them use tls underneath so it should be fairly easy to implement that feature simply and for all.

Not sure what the best approach is but maybe for example passing TLS options and events to any TLS socket created by the xmpp instance.

@pc-magas wanna give it a try?

sonnyp avatar Oct 04 '19 12:10 sonnyp

If you are use Node JS, try this image

worked for me

bapunii avatar Aug 06 '23 10:08 bapunii

I get a SASLError: invalid-mechanism when setting process.env.NODE_TLS_REJECT_UNAUTHORIZED='0'; in code. Any thoughts on how I can fix this? image

The only error I got before getting this error was that there was a self signed certificate in the chain. Thanks in advance.

NickHeathCode avatar Oct 13 '23 01:10 NickHeathCode