[guardian-dev] chatsecure android failing with jabberd2
Greg Troxel
gdt at ir.bbn.com
Tue Apr 21 12:48:51 EDT 2015
Hans-Christoph Steiner <hans at guardianproject.info> writes:
> Does your XMPP server have a TLS certificate from a certificate provider that
> is in your trust store of your device? That usually means you bought a TLS
> certificate, but it can also be achieved in other ways, like using
> https://cacert.org and manually including their certs in your device's trust
> store.
Yes. I have a private CA, and put that CA cert in as an additional
trust anchor. firefox and k-9 accept the host cert without issues. I
do not remember exactly if chatsecure asked me if it was ok to use the
cert.
Earlier I wrote:
>> Sat Apr 18 19:38:51 2015 [notice] [22] [10.1.2.3, port=40015] connect
>> Sat Apr 18 19:38:52 2015 [notice] [22] DIGEST-MD5 authentication succeeded: gdt at example.com 10.1.2.3:40015 TLS
>> Sat Apr 18 19:38:52 2015 [notice] [22] bound: jid=gdt at example.com/foo
>> Sat Apr 18 19:38:52 2015 [notice] session started: jid=gdt at example.com/foo
>> Sat Apr 18 19:38:52 2015 [notice] [22] [10.1.2.3, port=40015] disconnect jid=gdt at example.com/foo, packets: 2
>> Sat Apr 18 19:38:52 2015 [notice] session ended: jid=gdt at example.com/foo
>> Sat Apr 18 19:38:52 2015 [notice] user unloaded jid=gdt at example.com
I am pretty sure this isn't it, as the server logs above indicate that I
have authenticated, and surely chatsecure should not be sending my xmpp
password to a remote system that has failed TLS negotiation (that's most
of the point of checking for TLS).
I turned up debugging, and the whole sasl login looks ok on the client
side. But when it looks like it should succeed, chatsecure throws an
exception.
D/SMACK ( 1493): 12:42:43 pm RCV (1109498760): <iq xmlns='jabber:client' id='[redacted]' type='result'><bind xmlns='urn:ietf:params:xml:ns:xmpp-bind'><jid>gdt at example.com.i\
r.bbn.com/n7</jid></bind></iq>
E/GB.XmppConnection( 1493): 0 : exception thrown on connection
E/GB.XmppConnection( 1493): Session establishment not offered by server:
E/GB.XmppConnection( 1493): at org.jivesoftware.smack.SASLAuthentication.bindResourceAndEstablishSession(SASLAuthentication.java:481)
E/GB.XmppConnection( 1493): at org.jivesoftware.smack.SASLAuthentication.authenticate(SASLAuthentication.java:348)
E/GB.XmppConnection( 1493): at org.jivesoftware.smack.XMPPConnection.login(XMPPConnection.java:204)
E/GB.XmppConnection( 1493): at info.guardianproject.otr.app.im.plugin.xmpp.XmppConnection.initConnectionAndLogin(XmppConnection.java:997)
E/GB.XmppConnection( 1493): at info.guardianproject.otr.app.im.plugin.xmpp.XmppConnection.do_login(XmppConnection.java:859)
E/GB.XmppConnection( 1493): at info.guardianproject.otr.app.im.plugin.xmpp.XmppConnection.access$900(XmppConnection.java:129)
E/GB.XmppConnection( 1493): at info.guardianproject.otr.app.im.plugin.xmpp.XmppConnection$1.run(XmppConnection.java:819)
E/GB.XmppConnection( 1493): at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1112)
E/GB.XmppConnection( 1493): at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:587)
E/GB.XmppConnection( 1493): at java.lang.Thread.run(Thread.java:841)
D/GB.XmppConnection( 1493): 0 : not authorized - will not retry
D/GB.XmppConnection( 1493): 0 : will not retry
D/GB.XmppConnection( 1493): 0 : clear ping
D/GB.XmppConnection( 1493): 0 : connection closed
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 180 bytes
Desc: not available
URL: <http://lists.mayfirst.org/pipermail/guardian-dev/attachments/20150421/86c1b260/attachment.sig>
More information about the guardian-dev
mailing list