Closed xnormanx closed 9 years ago
The latest version of XMPPFramework has issues connecting to XMPP servers that aren't properly configured. Try entering your full JID for the username field (e.g. username@jabber.org) and entering the domain into the Domain field (e.g. jabber.org). We'll see if we can issue a patch to fix this upstream in the future.
hate to bring this up again, but could anyone elaborate on exactly how the server is not properly configured? I can connect to a self hosted jabberd on a non-standard port with every other client I have tried but this one.
There is an issue with the XMPP library we use and until it is fixed upstream in XMPPFramework we will continue to have connection problems, unless we are able to figure it out and use a fork of the framework. Some people have done some investigation into the problem, but no one has figured out a fix as of yet. :(
On Wed, May 8, 2013 at 12:49 PM, r1de notifications@github.com wrote:
hate to bring this up again, but could anyone elaborate on exactly how the server is not properly configured? I can connect to a self hosted jabberd on a non-standard port with every other client I have tried but this one.
— Reply to this email directly or view it on GitHubhttps://github.com/chrisballinger/Off-the-Record-iOS/issues/78#issuecomment-17629436 .
Thanks for the info, sorry to hear that. I hope someone can figure something out. Until then, I guess I will wait along with everyone else. :)
I am not certain it is a dupe of #53 but it does sound similar. I have jabberd-2.2.17 running on a non-standard port. I have an SRV record that points to this port.
When I try to use ChatSecure to connect to it, I get a "connect" in the servers logs, which is immediately followed by "disconnect jid=unbound, packets:0"
Out of curiosity, last week I cloned the XMPPFramework project into my Xcode and built the iPhoneXMPP example app that is included, I changed the values at the top of iPhoneXMPPAppDelegate.m file where it has "setHostName:", "setHostPort:", changed both allowSelfSignedCertificates and allowSSLHostNameMismatch to YES, and that sucker connected up just fine.
I have not had time to fiddle with the ChatSecure code and unfortunately I will be away until Monday. I really doubt I'd be able to do anything with the code, as I am just a tinkerer, but I really hope this additional information helps in some way. :)
I see a number of issues in this list that are related to login problems. To not post in all of them, I'll post here and you can move if you see fit. We have an OpenFire 3.7.1 server which ChatSecure 1.5.2 connects to fine. We are implementing a new server, which is running OpenFire 3.8.1 and we cannot connect regardless of the combination of settings we use. I assume it has to do with the underlying bug you discuss, but I thought some specific version numbers might help you sort things out.
Oh thanks for the insight!
On May 21, 2013, at 8:52 AM, CornMaster notifications@github.com wrote:
I see a number of issues in this list that are related to login problems. To not post in all of them, I'll post here and you can move if you see fit. We have an OpenFire 3.7.1 server which ChatSecure 1.5.2 connects to fine. We are implementing a new server, which is running OpenFire 3.8.1 and we cannot connect regardless of the combination of settings we use. I assume it has to do with the underlying bug you discuss, but I thought some specific version numbers might help you sort things out.
— Reply to this email directly or view it on GitHubhttps://github.com/chrisballinger/Off-the-Record-iOS/issues/78#issuecomment-18217926 .
Hi there, first off thanks so much for putting in all the effort and time to develop a truly secure xmpp client for iOS. Very appreciated.
I am having this same issue with ChatSecure 2.0. I have a self hosted xmpp server based on OpenFire 3.8.2 and Ubuntu 12.04 LTS.
I am able to connect using many clients such as Spark or Adium on the Mac. But I get this same error when trying to connect using Chat Secure on the iPhone 4.
Thank you.
Same problem with Chatsecure and Openfire. Tried the idea from above with 3.7.1 but didn't help. All other clients connect good (IM+, Pdgin, Monal,...) I'm using selfsigned certs.
Same Problem here, ChatSecure 2.0 and ejabberd 2.1.12.
Same with ChatSecure 2.0.1 and ejabberd 2.1.12, but only on IPhone. On the IPad it works fine
@son1c that's really confusing because they use the exact connecting procedure. Are the networks different wifi v. 3g/4g/LTE for the iPhone and iPad?
I'm running into issues as well. This with the ipad running ios 7, chatsecure 2.0.1, and connecting to OpenFire 3.8.2. The server requires ssl and it's using a self-signed certificate. I've messed with all the options and can't get it to login and it always shows the same error in openfire (ips changed)
2013.09.24 14:07:34 org.jivesoftware.openfire.nio.ConnectionHandler - ConnectionHandler reports IOException for session: (SOCKET, R: /11.11.11.11:34020, L: /22.22.22.22:5222, S: 0.0.0.0/0.0.0.0:5222)
javax.net.ssl.SSLHandshakeException: SSL handshake failed.
at org.apache.mina.filter.SSLFilter.messageReceived(SSLFilter.java:416)
at org.apache.mina.common.support.AbstractIoFilterChain.callNextMessageReceived(AbstractIoFilterChain.java:299)
at org.apache.mina.common.support.AbstractIoFilterChain.access$1100(AbstractIoFilterChain.java:53)
at org.apache.mina.common.support.AbstractIoFilterChain$EntryImpl$1.messageReceived(AbstractIoFilterChain.java:648)
at org.apache.mina.common.support.AbstractIoFilterChain$HeadFilter.messageReceived(AbstractIoFilterChain.java:499)
at org.apache.mina.common.support.AbstractIoFilterChain.callNextMessageReceived(AbstractIoFilterChain.java:299)
at org.apache.mina.common.support.AbstractIoFilterChain.fireMessageReceived(AbstractIoFilterChain.java:293)
at org.apache.mina.transport.socket.nio.SocketIoProcessor.read(SocketIoProcessor.java:228)
at org.apache.mina.transport.socket.nio.SocketIoProcessor.process(SocketIoProcessor.java:198)
at org.apache.mina.transport.socket.nio.SocketIoProcessor.access$400(SocketIoProcessor.java:45)
at org.apache.mina.transport.socket.nio.SocketIoProcessor$Worker.run(SocketIoProcessor.java:485)
at org.apache.mina.util.NamePreservingRunnable.run(NamePreservingRunnable.java:51)
at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
at java.lang.Thread.run(Thread.java:662)
Caused by: javax.net.ssl.SSLException: Received fatal alert: certificate_unknown
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:190)
at com.sun.net.ssl.internal.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1429)
at com.sun.net.ssl.internal.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1397)
at com.sun.net.ssl.internal.ssl.SSLEngineImpl.recvAlert(SSLEngineImpl.java:1563)
at com.sun.net.ssl.internal.ssl.SSLEngineImpl.readRecord(SSLEngineImpl.java:1023)
at com.sun.net.ssl.internal.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:837)
at com.sun.net.ssl.internal.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:713)
at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:607)
at org.apache.mina.filter.support.SSLHandler.unwrap0(SSLHandler.java:658)
at org.apache.mina.filter.support.SSLHandler.unwrapHandshake(SSLHandler.java:614)
at org.apache.mina.filter.support.SSLHandler.handshake(SSLHandler.java:493)
at org.apache.mina.filter.support.SSLHandler.messageReceived(SSLHandler.java:306)
at org.apache.mina.filter.SSLFilter.messageReceived(SSLFilter.java:392)
... 14 more
Which as far as I can tell is the client telling the server it doesn't like the certificate. What's weird is no matter what options I choose, including turning off self-signed certificate, it still throws an ssl error. Don't have anything on ios6 any more to see if it's an issue that cropped up from ios7.
I've got the same problem too. I'm using Prosody 0.9.1 with a self-signed certificate and ChatSecure 2.0.1 on iOS 6.1.4. I also tried various combinations of the settings below the login credentials (SSL Hostname Mismatch, Self Signed SSL,..) without success
The Prosody logfile says: Oct 01 18:51:31 c2s11be980 info Client connected Oct 01 18:51:32 c2s11be980 info Client disconnected: ssl handshake failed
Same problem with Openfire 3.8.x. Never been able to login to an XMPP account with any settings.
FWIW I had to rebuild our openfire server as the old server finally kicked it (may it rest in the big cloud in the sky... as I type that I realize there's so many definitions for 'cloud' now...) and on the new one I can login. Problem is a lot of things changed:
Old server
New server
Unfortunately so many things changed it probably isn't much help. And the old server is completely down now so can't double check any of the things I'm guessing on.
Oh that's great to know! So it might not actually be OpenFire itself but an issue with allowing self-signed certs.
Thank you!
On Tue, Oct 8, 2013 at 12:45 PM, Todd Eddy notifications@github.com wrote:
FWIW I had to rebuild our openfire server as the old server finally kicked it (may it rest in the big cloud in the sky... as I type that I realize there's so many definitions for 'cloud' now...) and on the new one I can login. Problem is a lot of things changed:
Old server
- Ubuntu 10.04 (don't remember if 64bit or not)
- Openfire 3.8.2
- Self signed ssl cert (it may have also been expired... don't remember)
New server
- CentOS 6.4 64bit
- Openfire 3.8.2 (with having to install a 386 library because apparently you can only get openfire on redhat based os in 32 bit)
- Using our actual wildcard cert from godaddy.
Unfortunately so many things changed it probably isn't much help. And the old server is completely down now so can't double check any of the things I'm guessing on.
— Reply to this email directly or view it on GitHubhttps://github.com/chrisballinger/Off-the-Record-iOS/issues/78#issuecomment-25921238 .
I'm also using CentOS 6.4 but having a heck of a time installing a (non-wildcard) cert from a CA. After following the recommended steps, the server says it still needs a cert, and everything breaks when deleting Openfire's auto-generated ones.
Also, I'm using the Jitsi client for OTR support but both Jitsi and SecureChat refuse to connect over port 5223. Interestingly, I do see certificates and ephemeral key exchange with these commands from the client computer:
$ openssl s_client -port 9091 -host example.org $ openssl s_client -port 5223 -host example.org ... Server certificate -----BEGIN CERTIFICATE----- ... -----END CERTIFICATE----- subject=/CN=example.org issuer=/CN=example.org ––– No client certificate CA names sent Peer signing digest: SHA512 Server Temp Key: ECDH, B-571, 570 bits ––– SSL handshake has read 1352 bytes and written 631 bytes ––– New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-SHA384 Server public key is 2048 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session: Protocol : TLSv1.2 Cipher : ECDHE-RSA-AES256-SHA384 Session-ID: 5354724EE21D1E92735B681D6C13B819EDA1F2C461834999EF82A91328BACD96 Session-ID-ctx: Master-Key: B3151A15AE6B77CEE7BC47356DAB5FFBBDD64B369D7B3E83C36C6D6E9B1F18BBDB83D0BFF7D27B2898D3740A4C92898D Key-Arg : None PSK identity: None PSK identity hint: None SRP username: None Start Time: 1381265999 Timeout : 300 (sec) Verify return code: 20 (unable to get local issuer certificate)
Besides the radio buttons for SSL (in client-connections-settings.jsp and ssl-settings.jsp), what is the best way to force encryption, and also to verify that there is an ephemeral key exchange happening between the actual client and server?
I have removed chatsecure - I think there is no hope that this bug will be fixed for IOS. I'm looking now for other solutions.
I chat app that is not able to log in, does not make any sense (latetest version I used before removal was 2.0.1)
@FFCodingMonkey We are indeed going to fix this bug but it may indicate deeper issues in your XMPP server or SSL configuration.
@FFCodingMonkey It works for me with my self-signed certificate and prosody as a XMPP Server since yesterdays Off-the-Record iOS update (version 2.1), so maybe you should give it another try.
I have my problems on my XMPP account with Secure Chat. My credentials will always be wrong. But what can not be, because it works in Adium.