Open fjouatte opened 7 years ago
You need to change to the correct cert.
Otherwise for workaround, you can ignore the certificate error as following.
At this is __init__
function
# Discard SSL Error
self.add_event_handler("ssl_invalid_cert", self.discard)
And create this function
def discard(self, event):
return
Hello, @mohdaminyuddin thank you for answering me but the certificate is correct and i'm not looking for a workaround which consists in bypassing certificate validation.
For information, the certificate i'm using is self signed. It worked for a long time but the latest ejabberd release breaks it.
Hi @fjouatte . Unfortunately a self-signed cert in not a valid cert by definition, the fact it worked before was a work-around itself of sorts. Now-a-days there are free certs you can get (lets encrypt) so there is less need for such work-arounds (or you can set up you own CA, though that is a lot more complicated.)
You can generate your own root certificate, use that to generate your ejabberd certificate. Ensure the common name is correct as your XMPP domain.
Then, define the ca cert as following :
xmpp.ca_certs = "path/to/ca/cert"
@fjouatte To the best of my understanding your issue is caused by the fact that ejabberd might require TLSv1.1+. See https://github.com/fritzy/SleekXMPP/issues/452#issuecomment-312509055 for a workaround. The error message here seems to be missleading (thank you openssl)!
I found this issue because I had the same problem with ejabberd. Setting xmpp.ssl_version = ssl.PROTOCOL_SSLv23
fixed it for me. Thank you.
yes, temporarily I have managed to avoid this error with below code: import ssl xmpp.ssl_version = ssl.PROTOCOL_SSLv23
It works with TLS 1.2 without problem now?
@fjouatte @mohdaminyuddin @hlwsmith @lxnx0 @apollo13 @shred @myluckyapps: Any news?
Have you tested with "master"?
It works?
Hello,
If it's not a real issue, please just close this ticket :)
Since ejabberd latest release, we cannot use sleekxmpp (tested 1.1.10 and 1.3.2) anymore.
INFO Connecting to room 'xxx' on server 'xxx' INFO Negotiating TLS INFO Using SSL version: TLS 1.0 ERROR CERT: Invalid certificate trust chain. ERROR Error reading from XML stream.