How to connect XMPP client using secure Ejabbered server in IOS?

Question

I am working on chat apps where my Ejabbered server is secure using SSL and TLSv1.1/1.2 and i am trying to connect client to server getting the following error code.

Error Domain=GCDAsyncSocketErrorDomain Code=7 "Socket closed by remote peer" UserInfo={NSLocalizedDescription=Socket closed by remote peer.

Required settings in Appdelegate (Setupstream)

 _xmppStream.hostName=@"";   // hostname
 _xmppStream.hostPort=5223;  // 5223 for secure SSL connection
 _xmppStream.startTLSPolicy = XMPPStreamStartTLSPolicyRequired;
  customCertEvaluation = YES;

After that manually trust the custom certificate validation

- (void)xmppStream:(XMPPStream *)sender willSecureWithSettings:
   (NSMutableDictionary *)settings{
    NSString *expectedCertName = [_xmppStream.myJID domain];

  if (expectedCertName){
   [settings setObject:expectedCertName forKey:(NSString *)kCFStreamSSLPeerName];
  }
  if (customCertEvaluation){
   [settings setObject:@(YES)forKey:GCDAsyncSocketManuallyEvaluateTrust];
  }

After that to match client server certificate in completionHandler.

  -(void)xmppStream:(XMPPStream *)sender didReceiveTrust:(SecTrustRef)trust 
      completionHandler:(void (^)(BOOL shouldTrustPeer))completionHandler{

    SecCertificateRef certificate=SecTrustGetCertificateAtIndex(trust, 0);
     NSLog(@"serverCertificate :%@",certificate);
     NSData *certData1=(__bridge NSData *)SecCertificateCopyData(certificate);

    //  Get our certificate
     NSString *cer = [NSString stringWithFormat:@"%@", [[NSBundle mainBundle] pathForResource:@"ca" ofType:@"crt"]];
     NSData *certData2 = [[NSData alloc] initWithContentsOfFile:cer];

     OSStatus status = -1;
     SecTrustResultType result = kSecTrustResultDeny;

   if(certData1 && certData2){
     SecCertificateRef   cert1;
     cert1 = SecCertificateCreateWithData(NULL, (__bridge CFDataRef) certData1);

     SecCertificateRef   cert2;
     cert2 = SecCertificateCreateWithData(NULL, (__bridge CFDataRef) certData2);

     const void *ref[] = {cert1, cert2};
     CFArrayRef ary = CFArrayCreate(NULL, ref, 2, NULL);

     SecTrustSetAnchorCertificates(trust, ary);
     status = SecTrustEvaluate(trust, &result);
    }
  else{
       NSLog(@"local certificates could not be loaded");
       completionHandler(NO);
      }

 if ((status == noErr && (result == kSecTrustResultProceed || result == kSecTrustResultUnspecified))){
      completionHandler(YES);
      NSLog(@"Certificate match");
    }
 else{
     arrayRefTrust = SecTrustCopyProperties(trust);
     NSLog(@"error in connection occured\n%@", arrayRefTrust);
     completionHandler(NO);
     NSLog(@"Certificate not match");
     }
  }

Is there any customisation required in GCDAsyncSocket.m/XMPPStream.m class for secure connection.

Answer 1

Try using this deprecated method:

[self.xmppStream oldSchoolSecureConnectWithTimeout:60.f error:&connectionError]

Also ensure that your are setting the hostname correctly:

[self.xmppStream setHostName:@"yourhostname.com"] without use https as prefix.

For now we are working with this workaround while we find a way to work without the deprecated connection method.