Not reconnecting automatically, possibly after server certificate change

[kmq]

I run a prosody sever and one of the people using chatsecure stopped being able to receive messages.

They received push notifications, but when they opened the app there were no messages.

I determined they weren't logging in to the server anymore, so I managed to get my hands on the device in question where I saw a red x next to the account in the settings and saw that it's set to automatically reconnect.

I then pressed "connect" (my translation of the localized button) and a popup showed up that displayed something that looked something like a hash-string, maybe the certificate fingerprint, and asked if I wanted to continue connecting. I chose yes, and everything was back to working.

I have been unable to re-create the problem due to not having an iOS device.

The server uses certificates by let's encrypt, so they get updated frequently. It's the only thing I can think of that changed that made the previously working client stop connecting.

[kaleemasadmughal]

that issue usually happens after app crash

[mightyBroccoli]

I also run a Prosody server and this issue keeps coming up to attention when the certs change. All iOS devices keep failing to connect until ones user manually reconnects the device and accepts the changed cert.

Even if the past and the new cert are valid and resolve around the same hostname. This is really annoying as most normal users are not willing to figure stuff out if it is not working properly. Please fix this.

[kaleemasadmughal]

i fixed this issue using a small patch i have Stored ACCOUNT_UNIQUE_ID in user Defaults and i have only one account in app. /OTRConversationViewController.m @property (nonatomic, strong) NSTimer *accountStatusCheckTimer;

//// [self addTimer]; in viewDidLoad -(void)addTimer{ self.accountStatusCheckTimer = [NSTimer scheduledTimerWithTimeInterval:1.0 target:self selector:@selector(updateValues) userInfo:nil repeats:YES]; } -(void)updateValues{ NSString accountKey = [[NSUserDefaults standardUserDefaults] objectForKey:ACCOUNT_UNIQUE_ID]; __block OTRAccount account = nil; [[OTRDatabaseManager sharedInstance].readWriteDatabaseConnection asyncReadWriteWithBlock:^(YapDatabaseReadWriteTransaction * _Nonnull transaction) { account = [OTRAccount fetchObjectWithUniqueID:accountKey transaction:transaction]; } completionBlock:^{

    if(account != nil){
        OTRXMPPManager *manager = (OTRXMPPManager*)[[OTRProtocolManager sharedInstance] protocolForAccount:account];
        if(manager.connectionStatus == OTRProtocolConnectionStatusDisconnected){
            [manager connect];
        }
        else if (manager.connectionStatus == OTRProtocolConnectionStatusDisconnecting){
        }
        else if (manager.connectionStatus == OTRProtocolConnectionStatusConnected){
            [self.accountStatusCheckTimer invalidate];
            self.accountStatusCheckTimer = nil;
        }
        else if (manager.connectionStatus == OTRProtocolConnectionStatusConnecting){
        }

    }}];

}

[lazyadmin111]

I run also my own prosody server with let's encrypt certs, and just wanted to report this "bug" too! All my users who have an android phone use "Conversations" and thus renewed let's-encrypt-certs are no problem. It also happened that the renewal of the after a few months didn't work and I had to generate them manually, and the Conversations users also reconnected successfully again after a few months. But not so the chatsecure users. They all got stuck with this cert problem even after the cert was revalidated again. Most users use this app only for me and didn't care to figure the problem out.

For those who I met again, I could fix the issue by going to the account settings, and just saving the settings again (without even changing anythig). Then chatsecure tried again to connect and asked me if I want to accept this cert and everything worked again.

In short, it would be great if chatsecure tried again to connect if once it faced some cert problem, and it wouldn't be any more necessary to "edit" the account settings and saving it without any changes.

[chrisballinger]

Sigh, sorry for the inaction on this. I've been focused on shipping MAM.

[lazyadmin111]

no one complained about any inaction :-)

[donpatrice]

no one complained about any inaction :-)

Well, I don't like to complain, because I really appreciate the great work. But I would like to put in my two cents. ;-)

I know that it is always difficult to find the right balance between security and usability. The phenomenon described here goes too much at the expense of usability, IMHO. I know some users for whom this issue makes ChatSecure unusable. It is hard to convince people to use a XMPP-client anyway. And if it stops working out of the blue it is considered as a bug, that makes the app unusable. There are enough people out there, who don't care and don't understand the background but just want a working client. If ChatSecure wants to be an XMPP-client not only for people who know how to deal with such issues, this issue should be considered as a serious bug. As far as I see https://github.com/ChatSecure/ChatSecure-iOS/commit/235ab7a659835177e0b488f0684492f222b02c3f does not provide what is seen as best solution in https://github.com/ChatSecure/ChatSecure-iOS/issues/825#issuecomment-338502631.

Thanks for the great work!