Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Manual handling SSL Errors (eg. On self signed certificates) #598

Open
pc-magas opened this issue Nov 22, 2018 · 7 comments
Open

Manual handling SSL Errors (eg. On self signed certificates) #598

pc-magas opened this issue Nov 22, 2018 · 7 comments

Comments

@pc-magas
Copy link

pc-magas commented Nov 22, 2018

Sometime during there is a use of self-signed certificates for example:

  • Hosting an internal org xmpp server
  • Having a development environent.

Therefore I want somehow when my node.js app using the @xmpp/client library to be able to handle these situations manually eg. via asking the user whether to accept the certificate or not or logging that the specific situation resulted on a self-signed certificate TLS connection.

So In my case I did the following small node.js dummy client:

const {client, xml, jid} = require('@xmpp/client')

const initXmpp=function(xmpp){

  xmpp.on('error', err => {
    console.error("Error occured",err.toString())
    // dialog.showErrorBox('Internal Error',err.toString())
  })

  xmpp.on('offline', () => {
    console.log('🛈', 'offline')
  })

  xmpp.on('online', async address => {
    dialog.showMessageBox({'type':'info','message':"Online as:"+address.toString()})
  })

  xmpp.on('stanza', stanza => {
    console.log('⮈', stanza.toString())
    xmpp.stop()
  })

  process.on('unhandledRejection', function (reason, p) {
    console.error('Possibly Unhandled Rejection at: Promise ', p, ' reason: ', reason)
  })

  try{
    xmpp.start()
  } catch(e) {
    console.error(e.message)
  }
}

try{
  clientInstance=new client({
    'service':"xmpp://0.0.0.0:5222",
    'domain': "example.com",
    'username':"admin",
    'password':"admin",
  });

  initXmpp(clientInstance);
} catch(e) {
  console.error(e);
}

And using docker I setup an openfire 3.10.3 xmpp server:

version: '3'
services:
  openfire:
    image: sameersbn/openfire
    ports:
      - "9090:9090"
      - "5222:5222"
      - "7777:7777"
      - "7070:7070"
      - "7443:7443"
    volumes:
      - "./volumes/openfire:/var/lib/openfire"

Even though my openfire version is an outdated one the issue is that somehow I need manually to handle TLS and error generally that happen during connection from client to the server. For now in TLS Self signed certificate case there's no way to manually handle the connection.

@tbto
Copy link

tbto commented Nov 23, 2018

If you are use Node JS, try this
image

@pc-magas
Copy link
Author

pc-magas commented Nov 23, 2018

What about electron? Also I want somehow the end user to select whether to accept self-signed certificates or not. Therefore I need some sort of more manual approach (eg.via providing your own connection implementation).

@sonnyp
Copy link
Member

sonnyp commented Oct 4, 2019

There are ways to do that now but requires writing custom code.

I'm open to having such feature built-in.

There are multiple paths where TLS can be used:

Of course this feature can only be supported on Node.js.

All of them use tls underneath so it should be fairly easy to implement that feature simply and for all.

Not sure what the best approach is but maybe for example passing TLS options and events to any TLS socket created by the xmpp instance.

@pc-magas wanna give it a try?

@bapunii
Copy link

bapunii commented Aug 6, 2023

If you are use Node JS, try this image

worked for me

@NickHeathCode
Copy link

I get a SASLError: invalid-mechanism when setting process.env.NODE_TLS_REJECT_UNAUTHORIZED='0'; in code. Any thoughts on how I can fix this?
image

The only error I got before getting this error was that there was a self signed certificate in the chain. Thanks in advance.

@bg1avd
Copy link

bg1avd commented Sep 23, 2024

process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0';

I get a SASLError: invalid-mechanism when setting process.env.NODE_TLS_REJECT_UNAUTHORIZED='0'; in code. Any thoughts on how I can fix this? image

The only error I got before getting this error was that there was a self signed certificate in the chain. Thanks in advance.

add below line in your code:

process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0';

@bapunii
Copy link

bapunii commented Sep 23, 2024 via email

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Development

No branches or pull requests

6 participants