search

fritzy / SleekXMPP

Python 2.6+/3.1+ XMPP Library
http://groups.google.com/group/sleekxmpp-discussion
Other
1.1k stars 299 forks source link

Cannot use sleekxmpp with latest ejabberd #449

Open fjouatte opened 7 years ago

fjouatte commented 7 years ago

Hello,

If it's not a real issue, please just close this ticket :)

Since ejabberd latest release, we cannot use sleekxmpp (tested 1.1.10 and 1.3.2) anymore.

INFO Connecting to room 'xxx' on server 'xxx' INFO Negotiating TLS INFO Using SSL version: TLS 1.0 ERROR CERT: Invalid certificate trust chain. ERROR Error reading from XML stream.

aminyuddin commented 7 years ago

You need to change to the correct cert.

Otherwise for workaround, you can ignore the certificate error as following.

At this is __init__ function

# Discard SSL Error
self.add_event_handler("ssl_invalid_cert", self.discard)

And create this function 

def discard(self, event):
    return
fjouatte commented 7 years ago

Hello, @mohdaminyuddin thank you for answering me but the certificate is correct and i'm not looking for a workaround which consists in bypassing certificate validation.

For information, the certificate i'm using is self signed. It worked for a long time but the latest ejabberd release breaks it.

ghost commented 7 years ago

Hi @fjouatte . Unfortunately a self-signed cert in not a valid cert by definition, the fact it worked before was a work-around itself of sorts. Now-a-days there are free certs you can get (lets encrypt) so there is less need for such work-arounds (or you can set up you own CA, though that is a lot more complicated.)

lxnx0 commented 7 years ago

You can generate your own root certificate, use that to generate your ejabberd certificate. Ensure the common name is correct as your XMPP domain.

Then, define the ca cert as following :

xmpp.ca_certs = "path/to/ca/cert"
apollo13 commented 7 years ago

@fjouatte To the best of my understanding your issue is caused by the fact that ejabberd might require TLSv1.1+. See https://github.com/fritzy/SleekXMPP/issues/452#issuecomment-312509055 for a workaround. The error message here seems to be missleading (thank you openssl)!

shred commented 6 years ago

I found this issue because I had the same problem with ejabberd. Setting xmpp.ssl_version = ssl.PROTOCOL_SSLv23 fixed it for me. Thank you.

RameshJangama commented 6 years ago

yes, temporarily I have managed to avoid this error with below code: import ssl xmpp.ssl_version = ssl.PROTOCOL_SSLv23

Neustradamus commented 5 years ago

It works with TLS 1.2 without problem now?

Neustradamus commented 5 years ago

@fjouatte @mohdaminyuddin @hlwsmith @lxnx0 @apollo13 @shred @myluckyapps: Any news?

Have you tested with "master"?

It works?