Open gerroon opened 6 years ago
gerroon
commented
6 years ago I also see this in the log
@ejabberd_s2s_in:handle_auth_failure:205 (tls|<0.520.0>) Failed inbound s2s EXTERNAL authentication pubsub.chatsecure.org -> MYDOMAIN (45.55.5.246): unable to get local issuer certificate
gerroon
commented
6 years ago Ok here is the exact chain of events when a message sent from Conversations to Chatsecure(IOS)
2018-05-27 14:37:40.519 [info] <0.529.0>@ejabberd_s2s_out:init:281 Outbound s2s connection started: MYDOMAIN.com -> pubsub.chatsecure.org
2018-05-27 14:37:42.696 [info] <0.529.0>@ejabberd_s2s_out:handle_auth_success:217 (tls|<0.529.0>) Accepted outbound s2s EXTERNAL authentication MYDOMAIN.com -> pubsub.chatsecure.org (45.55.5.246)
2018-05-27 14:37:43.623 [info] <0.376.0>@ejabberd_listener:accept:302 (<0.530.0>) Accepted connection 45.55.5.246:53652 -> xx.xx.xx.xx:5269
2018-05-27 14:37:44.639 [info] <0.530.0>@ejabberd_s2s_in:handle_auth_failure:205 (tls|<0.530.0>) Failed inbound s2s EXTERNAL authentication pubsub.chatsecure.org -> MYDOMAIN.com (45.55.5.246): unable to get local issuer certificate
jnaeff
commented
6 years ago I have the same problem here.
laszlovl
commented
6 years ago You're probably hitting this issue in Ejabberd: https://github.com/processone/ejabberd/issues/2186
Try adding to your ejabberd config: s2s_cafile: "/etc/ssl/certs/ca-certificates.crt"
gerroon
commented
6 years ago @laszlovl
I already have s2s_certfile installedin my config. Not enough?
Please bear in mind that I do not seem to have this issue with conversations.im
I will try your solution though
zuglufttier
commented
6 years ago It's working for me with ejabberd 18.06 pretty good. Please test with a server like conversations.im to make sure, there are no problems on your server.
GigabyteProductions
commented
1 year ago It is just a little bit humorous that this ticket exists simultaneously with #1250. pubsub.chatsecure.org does not accept server chains with the DST Root CA X3 cross-signed version of ISRG Root X1 but presents its own chain with the DST Root CA X3 cross-signed version of ISRG Root X1 to other servers.
licaon-kter
commented
1 year ago @GigabyteProductions the same advice given there applies here too
GigabyteProductions
commented
1 year ago I understand
I am creating a new bug based on a conversation in #1017
I am not sure how push should work with Chatsecure on Ios. I definetely cant get messages if the app is killed but I can get messages if the app is in the background.
I have XEP-0357 (mod_push) enabled in Ejabberd.
I see this message when the app is killed or not running.
jabberd_s2s_in:handle_auth_failure:205 (tls|<0.539.0>) Failed inbound s2s EXTERNAL authentication pubsub.chatsecure.org -> MYDOMAINI see this message in Ejabberd log if the app is in the background
2018-05-27 13:13:19.316 [info] <0.542.0>@mod_push:enable:308 Enabling push notifications for USER@MYDOMAIN/USER-chatsecureLooking at this I am not sure if it is working or not, it looks like it kind of works?