search

home-assistant / core

:house_with_garden: Open source home automation that puts local control and privacy first.
https://www.home-assistant.io
Apache License 2.0
72.71k stars 30.45k forks source link

XMPP not working (anymore) #15365

Closed Azimoth closed 6 years ago

Azimoth commented 6 years ago

Home Assistant release with the issue: 0.73

Last working Home Assistant release (if known): unknown

Operating environment (Hass.io/Docker/Windows/etc.): Debian 9.4 (Python virtual environment)

Component/platform: https://www.home-assistant.io/components/notify.xmpp/

Description of problem: Notifications cannot be sent anymore.

Problem-relevant configuration.yaml entries and (fill out even if it seems unimportant):

notify:
  - platform: xmpp
    name: recipient1
    sender: HA@my.duckdns.org
    password: !secret
    recipient: recipient1@my.duckdns.org

  - platform: xmpp
    name: recipient2
    sender: HA@my.duckdns.org
    password: !secret
    recipient: recipient2@my.duckdns.org

Traceback (if applicable):

2018-07-08 19:57:04 ERROR (read_thread) [sleekxmpp.xmlstream.resolver] All nameservers failed to answer the query _xmpp-client._tcp.my.duckdns.org. IN SRV: Server 2a02:908:2:a::1 UDP port 53 answered SERVFAIL; Server 2a02:908:2:b::1 UDP port 53 answered SERVFAIL; Server 192.168.x.x UDP port 53 answered SERVFAIL
Traceback (most recent call last):
  File "/srv/homeassistant/lib/python3.5/site-packages/sleekxmpp/xmlstream/resolver.py", line 289, in get_SRV
    dns.rdatatype.SRV)
  File "/srv/homeassistant/lib/python3.5/site-packages/dns/resolver.py", line 947, in query
    raise NoNameservers(request=request, errors=errors)
dns.resolver.NoNameservers: All nameservers failed to answer the query _xmpp-client._tcp.my.duckdns.org. IN SRV: Server 2a02:908:2:a::1 UDP port 53 answered SERVFAIL; Server 2a02:908:2:b::1 UDP port 53 answered SERVFAIL; Server 192.168.x.x UDP port 53 answered SERVFAIL
2018-07-08 19:57:04 ERROR (read_thread) [sleekxmpp.xmlstream.xmlstream] CERT: Invalid certificate trust chain.
2018-07-08 19:57:04 ERROR (read_thread) [sleekxmpp.xmlstream.xmlstream] Can not read from closed socket.

Additional information: I am using LetsEncrypt certs and ca-certificates version 20161130+nmu1 is installed on the system. The XMPP server is Prosody version 0.10.2-1~bpo9+1. It did work in the past, but stopped at some point a few months ago.

Azimoth commented 6 years ago

Found the solution: sleekxmpp doesn't support anything above TLS1 (I enforced TLS 1.1). For more details see here.

flowolf commented 6 years ago

the TLSv1 issue is fixed with #17283 @fabaff please close