Quantcast
Channel: Ignite Realtime: Message List
Viewing all 12000 articles
Browse latest View live

Re: Spark 2.8 login problem

August 26, 2016, 6:17 am
$
0
0

I can't login also!!!

Different setup.

Previous I was running latest 2.7.7 official build with Openfire 4.03 with standalone database (I have no AD integration) and no problems at all. This working right before I installed 2.8.

Updated to the new 2.8 build and now every time I try to enter it says "Invalid username or password". Obviously I didn't change those.

Although I didn't change anything, I changed my password to another and still the same error.

The "Accept all certificates" option, no matter the state, it doesn't solve this problem.

 

Here's the log:

ago 26, 2016 12:05:34 PM org.jivesoftware.spark.util.log.Log error

SEVERE: connection error

org.jivesoftware.smack.SmackException: java.security.cert.CertificateException: Hostname verification of certificate failed. Certificate does not authenticate 192.168.1.165

    at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.parsePackets(XMPPTCPC onnection.java:1029)

    at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.access$300(XMPPTCPCon nection.java:956)

    at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader$1.run(XMPPTCPConnecti on.java:971)

    at java.lang.Thread.run(Unknown Source)

Caused by: java.security.cert.CertificateException: Hostname verification of certificate failed. Certificate does not authenticate 192.168.1.165

    at org.jivesoftware.smack.tcp.XMPPTCPConnection.proceedTLSReceived(XMPPTCPConnecti on.java:775)

    at org.jivesoftware.smack.tcp.XMPPTCPConnection.access$1000(XMPPTCPConnection.java :140)

    at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.parsePackets(XMPPTCPC onnection.java:1022)

    ... 3 more

Can anyone help me??

Search

User not removed from MUC room when client connection aborts

August 26, 2016, 6:42 am
$
0
0

Hi everyone,

 

We've literally been struggling with this issue for years so I hope someone from igniterealtime will be able to help me with this!

We have a NodeJS-Based XMPP gateway that creates and closes quite a lot of anonymous xmpp client connections. We're using the regular XMPP Client protocol (through the node-xmpp-client package), not BOSH. We're using the latest Openfire 4.0.3.

 

The problem is that users keep "freezing" in MUC rooms, meaning they stay in them even if they should have disconnected. This does not happen with _all_ our client connections, just some, pretty randomly. The problem then is that nicknames are taken and new connections get a 409-conflict when trying to re-join the MUC room. I can't rule out some rude behavior from the node-xmpp-client library, when it comes to tcp connection handling, but the users even stay in the MUC rooms when I completely stop the node process and after waiting for the usual 30sec tcp timeout - they just never get removed, which to me points at an Openfire bug.

 

To me, it looks like Openfire doesn't remove users from MUC rooms in all client connection closing scenarios (like maybe tcp abort or something...).

 

Could anyone from the team please have a look at this? I'd be willing to debug with them if need be.

 

Best regards,

Mike

Re: Connect to OF with Smack 4.1.8 via SSL (Port 5223)

August 26, 2016, 7:07 am
$
0
0

...but then I'm getting:

Error

org.jivesoftware.smack.SmackException: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

    at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.parsePackets(XMPPTCPC onnection.java:1029)

    at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.access$300(XMPPTCPCon nection.java:956)

    at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader$1.run(XMPPTCPConnecti on.java:971)

    at java.lang.Thread.run(Thread.java:745)

Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

    at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)

    at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1904)

    at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:279)

    at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:273)

    at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1446)

    at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:209)

    at sun.security.ssl.Handshaker.processLoop(Handshaker.java:901)

    at sun.security.ssl.Handshaker.process_record(Handshaker.java:837)

    at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1023)

    at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1332)

    at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1359)

    at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1343)

    at org.jivesoftware.smack.tcp.XMPPTCPConnection.proceedTLSReceived(XMPPTCPConnecti on.java:769)

    at org.jivesoftware.smack.tcp.XMPPTCPConnection.access$1000(XMPPTCPConnection.java :140)

    at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.parsePackets(XMPPTCPC onnection.java:1022)

    ... 3 more

...

Re: Spark 2.7.7 Cannot log in after I upgrade open fire 4.0.3

August 27, 2016, 12:42 am

Re: unable to login via WAN

August 27, 2016, 12:46 am
$
0
0

I see, will test that test version of 2.8.0.

 

Apologies for the mixed up of topic. Let me create a different one for contacts/groups.

 

Thanks

jepoy

unable to find groups

August 27, 2016, 12:49 am
$
0
0

Hi, my setup of Openfire server is looking up in our ldap. I can add/search users manually but my question is, Can I add/search the OU or groups in our ldap?

 

So as not to find one user one by one and add them manually instead just add the group/OU itself.

 

Thanks

jepoy

Re: unable to find groups

August 27, 2016, 12:54 am
$
0
0

This is a Openfire configuration question, so moved this to Openfire Support speedy it needs your LDAP magic intervention

Re: unable to find groups

August 27, 2016, 1:01 am
$
0
0

Thanks and sorry for the incorrect category

Search

Re: unable to find groups

August 27, 2016, 3:17 am
$
0
0

I think it's working now, I changed the ldap Bae DN I point it to the root (domain) ab=nd after a few minutes, saw the whole users and groups.

 

Thanks

jepoy

Re: unable to login via WAN

August 27, 2016, 3:18 am
$
0
0

yap, version 2.8.0 build 886 has this option alright and I was able to login using IP address not just the servername or domain name

 

Thanks

jepoy

Re: Spark 2.8 login problem solved, but no search and muc

August 27, 2016, 5:29 am
$
0
0

I ended up reinstalling 4.0.3 from scratch and now all is well. I can search and see the conference rooms. Still having issues with file transfers but this is another issue.

Re: What does TLSUtils.acceptAllCertificates do exactly?

August 27, 2016, 7:09 am
$
0
0

tl;dr: It does trust all certificates. But hostname verification, i.e. if the certificate presented is valid for a "hostname" (the service actually) is, by design of TLS and newer Java's TLS API, done somewhere else. So in order to really simply accept all certificates no matter what (something which you shouldn't do), you also have to install an "accept all" HostnameVerifier.

Re: Connect to OF with Smack 4.1.8 via SSL (Port 5223)

August 27, 2016, 7:13 am
$
0
0

Your SSLContext is not able to build a valid trust path from the certs in the trust store to the cert presented. Your options are:

- Find a cert which when put in the trust store establishes a valid trust chain

- Install a end-entity certificate which has a valid trust path on the service

- Use TLS pinning (e.g. java-pinning) on the client side

- Use TOFU principe for trust the certificate (e.g. Memorizing Trust Manager for Android).

- Accept all certificate (Don't do that)

- Don't use TLS

 

Please also read up on TLS and make sure to understand how it works before you try to secure connections via TLS.

Re: What does TLSUtils.acceptAllCertificates do exactly?

August 27, 2016, 8:39 am
$
0
0

Thanks. Yes, hostname verification is disabled via TLSUtils.disableHostnameVerificationForTlsCertificicates. I understand that any automatic acceptance shouldn't be an option. But Spark doesn't have any mechanism for accepting individual certificates. Using a self-signed certificate is fine in a closed safe environment and many are doing this (especially when Openfire automatically provides them). We have already grown a user base of bad servers installations as older Smack\Spark versions allowed any certificate and hostname mismatching. It won't be nice to just dump those users. At least hostname verifier is not disabled by default. And i'm going to make acceptallcerts option disabled by default for the next version of Spark.

Re: Minimum specs for OpenFire Server?

August 28, 2016, 7:58 am
$
0
0

Thanks GUUS + WROOT,

 

This is EXACTLY what I needed, so if i've calculated right following example TEST SERVER could handle ~3600 users?

 

CPU:4 Cores @ 3.0 GHz or Higher
RAM:4 GB DEDICATED RAM
DISK:60GB SSD Storage
NETWORK:1Gbps Public and Private Interface
PUBLIC BANDWIDTH:10 TB Premium Bandwidth
Primary IPv4 Allocation:/29 IPv4 Allocation (5 Usable IP Address)
OPERATING SYSTEM:CentOS 7.0 (64 bit)

 

Upgrading RAM is only thing left then as USERS + activity increase, right?

 

Many thanks for the info, appreciated!

Search

Re: unable to login via WAN

August 29, 2016, 6:46 am
$
0
0

I'm also having the same problem.

Previous I was not getting this to work inside my lan but after a few tweaks I just got 2.8.0 running ok.

 

 

The problem now is connecting via WAN.

I'm using two apps. Normal Spark, 2.8 and 2.7.7, and Xabber for Android.

With 2.7.7 and Xabber I can login fine, for now. With Openfire 4.1 all is going to change.

With 2.8 I can't. No matter what I do, I simply can't login. Maybe cause Server for WAN (I'm using a ddns domain to point to my real server ip) differs from the one used over lan.

Hope that this can be fixed.

Re: Spark 2.8.0 login problem with server name as IP

August 29, 2016, 6:51 am
$
0
0

You can try 2.8.0 886 from the link above and enable "Disable certificate hostname verification" setting. This is a not recommended workaround, but should work, if you can't figure out another way.

 

So, when you connect from WAN, what do you put as a Server in Spark? If that doesn't match what you put from LAN, then it must be a domain mismatch in the certificate. You can try putting the same value as with LAN, but then put your ddns host in the Advanced menu, by unchecking "Automatically discover host and port".

File transfer does not work from Spark 2.7.7 to 2.8

August 29, 2016, 6:46 am
$
0
0

I have install OpenFire 4.0.3 on Ubuntu Linux. I have Spark 2.7.7 clients and they have no issues at all. I have installed Spark 2.8 on Ubuntu Linux to try it out. So far, everything is OK and I can send files to the other 2.7.7 clients. When they send me files, I never get them. The error I see on the Spark window is this:

 

"There was an error during file transfer"

 

When opening Spark's log, I see the following error:

 

SEVERE: There was an error during file transfer.

org.jivesoftware.smack.SmackException: Error in execution

  at org.jivesoftware.smackx.filetransfer.IncomingFileTransfer.negotiateStream(Incom ingFileTransfer.java:199)

  at org.jivesoftware.smackx.filetransfer.IncomingFileTransfer.access$100(IncomingFi leTransfer.java:57)

  at org.jivesoftware.smackx.filetransfer.IncomingFileTransfer$1.run(IncomingFileTra nsfer.java:129)

  at java.lang.Thread.run(Thread.java:745)

Caused by: java.util.concurrent.ExecutionException: org.jivesoftware.smack.SmackException: SOCKS5 negotiation failed

  at java.util.concurrent.FutureTask.report(FutureTask.java:122)

  at java.util.concurrent.FutureTask.get(FutureTask.java:206)

  at org.jivesoftware.smackx.filetransfer.IncomingFileTransfer.negotiateStream(Incom ingFileTransfer.java:193)

  ... 3 more

Caused by: org.jivesoftware.smack.SmackException: SOCKS5 negotiation failed

  at org.jivesoftware.smackx.bytestreams.socks5.Socks5Client$1.call(Socks5Client.jav a:105)

  at org.jivesoftware.smackx.bytestreams.socks5.Socks5Client$1.call(Socks5Client.jav a:80)

  at java.util.concurrent.FutureTask.run(FutureTask.java:266)

 

 

This happens with or without port 7777 being opened.

 

Thanks!

 

EDIT - File transfer works between two 2.8 clients. (Ubuntu Linux)

Java versions issue - Open Fire 4.0.3

August 29, 2016, 7:17 am
$
0
0

Ubuntu Linux, fresh installation. Running the latest Oracle Java:

 

java version "1.8.0_101"

Java(TM) SE Runtime Environment (build 1.8.0_101-b13)

Java HotSpot(TM) 64-Bit Server VM (build 25.101-b13, mixed mode)

 

When trying to install via the deb file, the installer requires the installation of "default-jre-headless". When installing this via apt-get, the version which is installed is Java 7. When running the following command:

 

"update-alternatives --config java"

 

I get the following:

 

  Selection    Path                                            Priority   Status

------------------------------------------------------------

  0            /usr/lib/jvm/java-7-openjdk-amd64/jre/bin/java   1071      auto mode

  1            /usr/lib/jvm/java-7-openjdk-amd64/jre/bin/java   1071      manual mode

* 2            /usr/lib/jvm/java-8-oracle/jre/bin/java          2         manual mode

 

But when opening the Open Fire web interface, I see the following:

 

Java Version:1.7.0_111 Oracle Corporation -- OpenJDK 64-Bit Server VM

 

Any ideas how to force OP to use the correct version?

 

Thanks!

Re: Spark 2.8 failed to login

August 29, 2016, 7:58 am
$
0
0

Then i just wont update Openfire - until this problem is resolved. This is a big problem that cant just be worked around.

Viewing all 12000 articles
Browse latest View live
Search