ChatSecure / ChatSecure-iOS

ChatSecure is a free and open source encrypted chat client for iOS that supports OTR and OMEMO encryption over XMPP.
https://chatsecure.org
Other
3.13k stars 1.03k forks source link

login Problems #78

Closed xnormanx closed 9 years ago

xnormanx commented 11 years ago

I have my problems on my XMPP account with Secure Chat. My credentials will always be wrong. But what can not be, because it works in Adium.

Foto

chrisballinger commented 11 years ago

The latest version of XMPPFramework has issues connecting to XMPP servers that aren't properly configured. Try entering your full JID for the username field (e.g. username@jabber.org) and entering the domain into the Domain field (e.g. jabber.org). We'll see if we can issue a patch to fix this upstream in the future.

r1de commented 11 years ago

hate to bring this up again, but could anyone elaborate on exactly how the server is not properly configured? I can connect to a self hosted jabberd on a non-standard port with every other client I have tried but this one.

chrisballinger commented 11 years ago

There is an issue with the XMPP library we use and until it is fixed upstream in XMPPFramework we will continue to have connection problems, unless we are able to figure it out and use a fork of the framework. Some people have done some investigation into the problem, but no one has figured out a fix as of yet. :(

On Wed, May 8, 2013 at 12:49 PM, r1de notifications@github.com wrote:

hate to bring this up again, but could anyone elaborate on exactly how the server is not properly configured? I can connect to a self hosted jabberd on a non-standard port with every other client I have tried but this one.

— Reply to this email directly or view it on GitHubhttps://github.com/chrisballinger/Off-the-Record-iOS/issues/78#issuecomment-17629436 .

r1de commented 11 years ago

Thanks for the info, sorry to hear that. I hope someone can figure something out. Until then, I guess I will wait along with everyone else. :)

tholu commented 11 years ago

Duplicate of https://github.com/chrisballinger/Off-the-Record-iOS/issues/53 ?

r1de commented 11 years ago

I am not certain it is a dupe of #53 but it does sound similar. I have jabberd-2.2.17 running on a non-standard port. I have an SRV record that points to this port.

When I try to use ChatSecure to connect to it, I get a "connect" in the servers logs, which is immediately followed by "disconnect jid=unbound, packets:0"

Out of curiosity, last week I cloned the XMPPFramework project into my Xcode and built the iPhoneXMPP example app that is included, I changed the values at the top of iPhoneXMPPAppDelegate.m file where it has "setHostName:", "setHostPort:", changed both allowSelfSignedCertificates and allowSSLHostNameMismatch to YES, and that sucker connected up just fine.

I have not had time to fiddle with the ChatSecure code and unfortunately I will be away until Monday. I really doubt I'd be able to do anything with the code, as I am just a tinkerer, but I really hope this additional information helps in some way. :)

CornMaster commented 11 years ago

I see a number of issues in this list that are related to login problems. To not post in all of them, I'll post here and you can move if you see fit. We have an OpenFire 3.7.1 server which ChatSecure 1.5.2 connects to fine. We are implementing a new server, which is running OpenFire 3.8.1 and we cannot connect regardless of the combination of settings we use. I assume it has to do with the underlying bug you discuss, but I thought some specific version numbers might help you sort things out.

chrisballinger commented 11 years ago

Oh thanks for the insight!

On May 21, 2013, at 8:52 AM, CornMaster notifications@github.com wrote:

I see a number of issues in this list that are related to login problems. To not post in all of them, I'll post here and you can move if you see fit. We have an OpenFire 3.7.1 server which ChatSecure 1.5.2 connects to fine. We are implementing a new server, which is running OpenFire 3.8.1 and we cannot connect regardless of the combination of settings we use. I assume it has to do with the underlying bug you discuss, but I thought some specific version numbers might help you sort things out.

— Reply to this email directly or view it on GitHubhttps://github.com/chrisballinger/Off-the-Record-iOS/issues/78#issuecomment-18217926 .

PartisanEntity commented 11 years ago

Hi there, first off thanks so much for putting in all the effort and time to develop a truly secure xmpp client for iOS. Very appreciated.

I am having this same issue with ChatSecure 2.0. I have a self hosted xmpp server based on OpenFire 3.8.2 and Ubuntu 12.04 LTS.

I am able to connect using many clients such as Spark or Adium on the Mac. But I get this same error when trying to connect using Chat Secure on the iPhone 4.

Thank you.

mchgbh commented 11 years ago

Same problem with Chatsecure and Openfire. Tried the idea from above with 3.7.1 but didn't help. All other clients connect good (IM+, Pdgin, Monal,...) I'm using selfsigned certs.

tnull commented 11 years ago

Same Problem here, ChatSecure 2.0 and ejabberd 2.1.12.

son1c commented 11 years ago

Same with ChatSecure 2.0.1 and ejabberd 2.1.12, but only on IPhone. On the IPad it works fine

davidchiles commented 11 years ago

@son1c that's really confusing because they use the exact connecting procedure. Are the networks different wifi v. 3g/4g/LTE for the iPhone and iPad?

vrillusions commented 11 years ago

I'm running into issues as well. This with the ipad running ios 7, chatsecure 2.0.1, and connecting to OpenFire 3.8.2. The server requires ssl and it's using a self-signed certificate. I've messed with all the options and can't get it to login and it always shows the same error in openfire (ips changed)

2013.09.24 14:07:34 org.jivesoftware.openfire.nio.ConnectionHandler - ConnectionHandler reports IOException for session: (SOCKET, R: /11.11.11.11:34020, L: /22.22.22.22:5222, S: 0.0.0.0/0.0.0.0:5222)
javax.net.ssl.SSLHandshakeException: SSL handshake failed.
    at org.apache.mina.filter.SSLFilter.messageReceived(SSLFilter.java:416)
    at org.apache.mina.common.support.AbstractIoFilterChain.callNextMessageReceived(AbstractIoFilterChain.java:299)
    at org.apache.mina.common.support.AbstractIoFilterChain.access$1100(AbstractIoFilterChain.java:53)
    at org.apache.mina.common.support.AbstractIoFilterChain$EntryImpl$1.messageReceived(AbstractIoFilterChain.java:648)
    at org.apache.mina.common.support.AbstractIoFilterChain$HeadFilter.messageReceived(AbstractIoFilterChain.java:499)
    at org.apache.mina.common.support.AbstractIoFilterChain.callNextMessageReceived(AbstractIoFilterChain.java:299)
    at org.apache.mina.common.support.AbstractIoFilterChain.fireMessageReceived(AbstractIoFilterChain.java:293)
    at org.apache.mina.transport.socket.nio.SocketIoProcessor.read(SocketIoProcessor.java:228)
    at org.apache.mina.transport.socket.nio.SocketIoProcessor.process(SocketIoProcessor.java:198)
    at org.apache.mina.transport.socket.nio.SocketIoProcessor.access$400(SocketIoProcessor.java:45)
    at org.apache.mina.transport.socket.nio.SocketIoProcessor$Worker.run(SocketIoProcessor.java:485)
    at org.apache.mina.util.NamePreservingRunnable.run(NamePreservingRunnable.java:51)
    at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
    at java.lang.Thread.run(Thread.java:662)
Caused by: javax.net.ssl.SSLException: Received fatal alert: certificate_unknown
    at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:190)
    at com.sun.net.ssl.internal.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1429)
    at com.sun.net.ssl.internal.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1397)
    at com.sun.net.ssl.internal.ssl.SSLEngineImpl.recvAlert(SSLEngineImpl.java:1563)
    at com.sun.net.ssl.internal.ssl.SSLEngineImpl.readRecord(SSLEngineImpl.java:1023)
    at com.sun.net.ssl.internal.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:837)
    at com.sun.net.ssl.internal.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:713)
    at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:607)
    at org.apache.mina.filter.support.SSLHandler.unwrap0(SSLHandler.java:658)
    at org.apache.mina.filter.support.SSLHandler.unwrapHandshake(SSLHandler.java:614)
    at org.apache.mina.filter.support.SSLHandler.handshake(SSLHandler.java:493)
    at org.apache.mina.filter.support.SSLHandler.messageReceived(SSLHandler.java:306)
    at org.apache.mina.filter.SSLFilter.messageReceived(SSLFilter.java:392)
    ... 14 more

Which as far as I can tell is the client telling the server it doesn't like the certificate. What's weird is no matter what options I choose, including turning off self-signed certificate, it still throws an ssl error. Don't have anything on ios6 any more to see if it's an issue that cropped up from ios7.

stonie08 commented 11 years ago

I've got the same problem too. I'm using Prosody 0.9.1 with a self-signed certificate and ChatSecure 2.0.1 on iOS 6.1.4. I also tried various combinations of the settings below the login credentials (SSL Hostname Mismatch, Self Signed SSL,..) without success

The Prosody logfile says: Oct 01 18:51:31 c2s11be980 info Client connected Oct 01 18:51:32 c2s11be980 info Client disconnected: ssl handshake failed

mkdev commented 11 years ago

Same problem with Openfire 3.8.x. Never been able to login to an XMPP account with any settings.

vrillusions commented 11 years ago

FWIW I had to rebuild our openfire server as the old server finally kicked it (may it rest in the big cloud in the sky... as I type that I realize there's so many definitions for 'cloud' now...) and on the new one I can login. Problem is a lot of things changed:

Old server

New server

Unfortunately so many things changed it probably isn't much help. And the old server is completely down now so can't double check any of the things I'm guessing on.

chrisballinger commented 11 years ago

Oh that's great to know! So it might not actually be OpenFire itself but an issue with allowing self-signed certs.

Thank you!

On Tue, Oct 8, 2013 at 12:45 PM, Todd Eddy notifications@github.com wrote:

FWIW I had to rebuild our openfire server as the old server finally kicked it (may it rest in the big cloud in the sky... as I type that I realize there's so many definitions for 'cloud' now...) and on the new one I can login. Problem is a lot of things changed:

Old server

  • Ubuntu 10.04 (don't remember if 64bit or not)
  • Openfire 3.8.2
  • Self signed ssl cert (it may have also been expired... don't remember)

New server

  • CentOS 6.4 64bit
  • Openfire 3.8.2 (with having to install a 386 library because apparently you can only get openfire on redhat based os in 32 bit)
  • Using our actual wildcard cert from godaddy.

Unfortunately so many things changed it probably isn't much help. And the old server is completely down now so can't double check any of the things I'm guessing on.

— Reply to this email directly or view it on GitHubhttps://github.com/chrisballinger/Off-the-Record-iOS/issues/78#issuecomment-25921238 .

mkdev commented 11 years ago

I'm also using CentOS 6.4 but having a heck of a time installing a (non-wildcard) cert from a CA. After following the recommended steps, the server says it still needs a cert, and everything breaks when deleting Openfire's auto-generated ones.

Also, I'm using the Jitsi client for OTR support but both Jitsi and SecureChat refuse to connect over port 5223. Interestingly, I do see certificates and ephemeral key exchange with these commands from the client computer:

$ openssl s_client -port 9091 -host example.org $ openssl s_client -port 5223 -host example.org ... Server certificate -----BEGIN CERTIFICATE----- ... -----END CERTIFICATE----- subject=/CN=example.org issuer=/CN=example.org ––– No client certificate CA names sent Peer signing digest: SHA512 Server Temp Key: ECDH, B-571, 570 bits ––– SSL handshake has read 1352 bytes and written 631 bytes ––– New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-SHA384 Server public key is 2048 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session: Protocol : TLSv1.2 Cipher : ECDHE-RSA-AES256-SHA384 Session-ID: 5354724EE21D1E92735B681D6C13B819EDA1F2C461834999EF82A91328BACD96 Session-ID-ctx: Master-Key: B3151A15AE6B77CEE7BC47356DAB5FFBBDD64B369D7B3E83C36C6D6E9B1F18BBDB83D0BFF7D27B2898D3740A4C92898D Key-Arg : None PSK identity: None PSK identity hint: None SRP username: None Start Time: 1381265999 Timeout : 300 (sec) Verify return code: 20 (unable to get local issuer certificate)

Besides the radio buttons for SSL (in client-connections-settings.jsp and ssl-settings.jsp), what is the best way to force encryption, and also to verify that there is an ephemeral key exchange happening between the actual client and server?

FFCodingMonkey commented 11 years ago

I have removed chatsecure - I think there is no hope that this bug will be fixed for IOS. I'm looking now for other solutions.

I chat app that is not able to log in, does not make any sense (latetest version I used before removal was 2.0.1)

chrisballinger commented 11 years ago

@FFCodingMonkey We are indeed going to fix this bug but it may indicate deeper issues in your XMPP server or SSL configuration.

stonie08 commented 11 years ago

@FFCodingMonkey It works for me with my self-signed certificate and prosody as a XMPP Server since yesterdays Off-the-Record iOS update (version 2.1), so maybe you should give it another try.