search

tigase / tigase-server

(M) Highly optimized, extremely modular and very flexible XMPP/Jabber server
https://tigase.net
GNU Affero General Public License v3.0
317 stars 106 forks source link

Problems with Tigase after default initialization using Spark connection #203

Closed axinss closed 1 year ago

axinss commented 1 year ago

The TigaseService version I am using is 8.3.0

The problem I encountered was when, according to official documents http://localhost:8080 After setting the address. An error occurred while using Spark to register users

The error is as follows:

[2023-05-28 21:53:08:609] [SEVERE ] [ in_7-c2s ] SSLContextContainer.getSSLContext(): Can not initialize SSLContext for domain: xxxx, protocol: TLS java.io.IOException: Cannot run program "keytool": error=13, Permission denied at java.base/java.lang.ProcessBuilder.start(ProcessBuilder.java:1143) at java.base/java.lang.ProcessBuilder.start(ProcessBuilder.java:1073) at tigase.cert.KeytoolCertificateGenerator.generateSelfSignedCertificateEntry(KeytoolCertificateGenerator.java:117) at tigase.cert.CertificateUtil.createSelfSignedCertificate(CertificateUtil.java:142) at tigase.io.CertificateContainer.createCertificateKmf(CertificateContainer.java:538) at tigase.io.CertificateContainer.createCertificate(CertificateContainer.java:142) at tigase.io.SSLContextContainerAbstract.createCertificate(SSLContextContainerAbstract.java:112) at tigase.io.SSLContextContainerAbstract.createContextHolder(SSLContextContainerAbstract.java:144) at tigase.io.SSLContextContainer.getSSLContext(SSLContextContainer.java:286) at tigase.io.SSLContextContainer.getSSLContext(SSLContextContainer.java:269) at tigase.io.SSLContextContainer.createIoInterface(SSLContextContainer.java:210) at tigase.net.IOService.startTLS(IOService.java:435) at tigase.server.xmppclient.ClientConnectionManager.processCommand(ClientConnectionManager.java:769) at tigase.server.xmppclient.ClientConnectionManager.processPacket(ClientConnectionManager.java:129) at tigase.server.AbstractMessageReceiver$QueueListener.run(AbstractMessageReceiver.java:1398) Caused by: java.io.IOException: error=13, Permission denied at java.base/java.lang.ProcessImpl.forkAndExec(Native Method) at java.base/java.lang.ProcessImpl.(ProcessImpl.java:314) at java.base/java.lang.ProcessImpl.start(ProcessImpl.java:244) at java.base/java.lang.ProcessBuilder.start(ProcessBuilder.java:1110) ... 14 more

[2023-05-28 21:53:08:610] [SEVERE ] [ in_7-c2s ] AbstractMessageReceiver$QueueListener.run(): [in_7-c2s] Exception during packet processing: from=sess-man@xxx, to=null, serverAuthorisedStanzaFrom=Optional.empty, DATA=, SIZE=273, XMLNS=null, PRIORITY=NORMAL, PERMISSION=LOCAL, TYPE=set, STABLE_ID=null java.lang.NullPointerException: Cannot invoke "javax.net.ssl.SSLContext.createSSLEngine()" because "sslc" is null at tigase.io.JcaTLSWrapper.(JcaTLSWrapper.java:81) at tigase.io.SSLContextContainer.createIoInterface(SSLContextContainer.java:213) at tigase.net.IOService.startTLS(IOService.java:435) at tigase.server.xmppclient.ClientConnectionManager.processCommand(ClientConnectionManager.java:769) at tigase.server.xmppclient.ClientConnectionManager.processPacket(ClientConnectionManager.java:129) at tigase.server.AbstractMessageReceiver$QueueListener.run(AbstractMessageReceiver.java:1398)

What I want to know is that SSL/TSL is mandatory in this version? I still haven't solved my problem after trying to use the following configurations according to the official documentation. So, I would like to know that for security reasons, SSL/TLS must be used when connecting in this version. It is still possible to bypass verification through configuration. 'vhost-tls-required' = false c2s () { seeOtherHost {} sslContextContainer () { 'tls-disabled-protocols' =[ 'TLSv1.3', 'TLSv1.2' ] } }

I am new to this field, so I hope the official can help me. thanks

woj-tek commented 1 year ago

What I want to know is that SSL/TSL is mandatory in this version? I still haven't solved my problem after trying to use the following configurations according to the official documentation. So, I would like to know that for security reasons, SSL/TLS must be used when connecting in this version. It is still possible to bypass verification through configuration.

By default SSL/TLS is required in this version, but you can still disable it: in addition to setting 'vhost-tls-required' = false you also have to disabled in on VHost level - open web admin UI (http://localhost:8080/), go to VHost setting and disable "vhost required" for both default domain and your own domain.

Please in mind, that TLS is recommended for security reasons. If you use JDK17, please make sure to either have keytool available on your system and has correct permissions/is accessible to JVM/Tigase (to generate self-signed certificate) or update correct certificate for the domain.

gradylu commented 1 year ago

I have the same issue,too. I want to ignore this TLS verification, how will I do?

woj-tek commented 1 year ago

Literally the message above gives you detailed information how to disable it...: https://github.com/tigase/tigase-server/issues/203#issuecomment-1567291624