XMPPFramework与Openfire的TLS/SSL连接 [英] XMPPFramework TLS/SSL connection with Openfire

问题描述

我正在尝试在客户端应用程序和OPENFIRE服务器之间建立安全连接TLS/SSL.我正在使用适用于iOS的XMPPFramework，该怎么做?我已经尝试过将openfire安全设置更改为需要安全连接，但是通过这种方式，我的应用将无法连接到服务器.我认为我必须在xmppframework中设置一些内容，但找不到任何指令.我的连接代码:

I'm trying to set up a secure connection TLS/SSL beetween my client apps and an OPENFIRE server. I'm using the XMPPFramework for iOS, how can i do that? I have already tried to change the openfire security settings to made required a secured connection, but in this way, my app won't connect to server. I think that i have to set something in the xmppframework but i can't find any instruction. My connection code :

- (void)setupStream
{
NSAssert(xmppStream == nil, @"Method setupStream invoked multiple times");

// Setup xmpp stream
//
// The XMPPStream is the base class for all activity.
// Everything else plugs into the xmppStream, such as modules/extensions and delegates.

xmppStream = [[XMPPStream alloc] init];

#if !TARGET_IPHONE_SIMULATOR
{
    // Want xmpp to run in the background?
    //
    // P.S. - The simulator doesn't support backgrounding yet.
    //        When you try to set the associated property on the simulator, it simply fails.
    //        And when you background an app on the simulator,
    //        it just queues network traffic til the app is foregrounded again.
    //        We are patiently waiting for a fix from Apple.
    //        If you do enableBackgroundingOnSocket on the simulator,
    //        you will simply see an error message from the xmpp stack when it fails to set the property.

    xmppStream.enableBackgroundingOnSocket = YES;
}
#endif

// Setup reconnect
//
// The XMPPReconnect module monitors for "accidental disconnections" and
// automatically reconnects the stream for you.
// There's a bunch more information in the XMPPReconnect header file.

xmppReconnect = [[XMPPReconnect alloc] init];

// Setup roster
//
// The XMPPRoster handles the xmpp protocol stuff related to the roster.
// The storage for the roster is abstracted.
// So you can use any storage mechanism you want.
// You can store it all in memory, or use core data and store it on disk, or use core data with an in-memory store,
// or setup your own using raw SQLite, or create your own storage mechanism.
// You can do it however you like! It's your application.
// But you do need to provide the roster with some storage facility.

xmppRosterStorage = [[XMPPRosterCoreDataStorage alloc] init];
//  xmppRosterStorage = [[XMPPRosterCoreDataStorage alloc] initWithInMemoryStore];

xmppRoster = [[XMPPRoster alloc] initWithRosterStorage:xmppRosterStorage];

xmppRoster.autoFetchRoster = YES;
xmppRoster.autoAcceptKnownPresenceSubscriptionRequests = YES;

// Setup vCard support
//
// The vCard Avatar module works in conjuction with the standard vCard Temp module to download user avatars.
// The XMPPRoster will automatically integrate with XMPPvCardAvatarModule to cache roster photos in the roster.

xmppvCardStorage = [XMPPvCardCoreDataStorage sharedInstance];
xmppvCardTempModule = [[XMPPvCardTempModule alloc] initWithvCardStorage:xmppvCardStorage];

xmppvCardAvatarModule = [[XMPPvCardAvatarModule alloc] initWithvCardTempModule:xmppvCardTempModule];

// Setup capabilities
//
// The XMPPCapabilities module handles all the complex hashing of the caps protocol (XEP-0115).
// Basically, when other clients broadcast their presence on the network
// they include information about what capabilities their client supports (audio, video, file transfer, etc).
// But as you can imagine, this list starts to get pretty big.
// This is where the hashing stuff comes into play.
// Most people running the same version of the same client are going to have the same list of capabilities.
// So the protocol defines a standardized way to hash the list of capabilities.
// Clients then broadcast the tiny hash instead of the big list.
// The XMPPCapabilities protocol automatically handles figuring out what these hashes mean,
// and also persistently storing the hashes so lookups aren't needed in the future.
//
// Similarly to the roster, the storage of the module is abstracted.
// You are strongly encouraged to persist caps information across sessions.
//
// The XMPPCapabilitiesCoreDataStorage is an ideal solution.
// It can also be shared amongst multiple streams to further reduce hash lookups.

xmppCapabilitiesStorage = [XMPPCapabilitiesCoreDataStorage sharedInstance];
xmppCapabilities = [[XMPPCapabilities alloc] initWithCapabilitiesStorage:xmppCapabilitiesStorage];

xmppCapabilities.autoFetchHashedCapabilities = YES;
xmppCapabilities.autoFetchNonHashedCapabilities = NO;

// Activate xmpp modules

[xmppReconnect         activate:xmppStream];
[xmppRoster            activate:xmppStream];
[xmppvCardTempModule   activate:xmppStream];
[xmppvCardAvatarModule activate:xmppStream];
[xmppCapabilities      activate:xmppStream];

// Add ourself as a delegate to anything we may be interested in

[xmppStream addDelegate:self delegateQueue:dispatch_get_main_queue()];
[xmppRoster addDelegate:self delegateQueue:dispatch_get_main_queue()];

// Optional:
//
// Replace me with the proper domain and port.
// The example below is setup for a typical google talk account.
//
// If you don't supply a hostName, then it will be automatically resolved using the JID (below).
// For example, if you supply a JID like 'user@quack.com/rsrc'
// then the xmpp framework will follow the xmpp specification, and do a SRV lookup for quack.com.
//
// If you don't specify a hostPort, then the default (5222) will be used.

[xmppStream setHostName:@"serverIp"];
[xmppStream setHostPort:5222];


// You may need to alter these settings depending on the server you're connecting to
allowSelfSignedCertificates = NO;
allowSSLHostNameMismatch = NO;
 }

我也尝试设置:

   allowSelfSignedCertificates = YES;
   allowSSLHostNameMismatch = YES;

推荐答案

找到了解决方案.在OpenFire服务器上，我已将安全设置设置为必需"，然后在xmppFramework中进行了设置:

Found a solution. On OpenFire server i have set security setting to "Required", then i have set in xmppFramework :

allowSelfSignedCertificates = YES; allowSSLHostNameMismatch = NO;

allowSelfSignedCertificates = YES; allowSSLHostNameMismatch = NO;

现在我可以安全连接了.

now i can connect with a secure connection.

这篇关于XMPPFramework与Openfire的TLS/SSL连接的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！