[guardian-dev] chatsecure android failing with jabberd2

Greg Troxel gdt at ir.bbn.com
Tue Apr 21 12:48:51 EDT 2015

Hans-Christoph Steiner <hans at guardianproject.info> writes:

> Does your XMPP server have a TLS certificate from a certificate provider that
> is in your trust store of your device?  That usually means you bought a TLS
> certificate, but it can also be achieved in other ways, like using
> https://cacert.org and manually including their certs in your device's trust
> store.

Yes.  I have a private CA, and put that CA cert in as an additional
trust anchor.  firefox and k-9 accept the host cert without issues.  I
do not remember exactly if chatsecure asked me if it was ok to use the

Earlier I wrote:

>> Sat Apr 18 19:38:51 2015 [notice] [22] [, port=40015] connect
>> Sat Apr 18 19:38:52 2015 [notice] [22] DIGEST-MD5 authentication succeeded: gdt at example.com TLS
>> Sat Apr 18 19:38:52 2015 [notice] [22] bound: jid=gdt at example.com/foo
>> Sat Apr 18 19:38:52 2015 [notice] session started: jid=gdt at example.com/foo
>> Sat Apr 18 19:38:52 2015 [notice] [22] [, port=40015] disconnect jid=gdt at example.com/foo, packets: 2
>> Sat Apr 18 19:38:52 2015 [notice] session ended: jid=gdt at example.com/foo
>> Sat Apr 18 19:38:52 2015 [notice] user unloaded jid=gdt at example.com

I am pretty sure this isn't it, as the server logs above indicate that I
have authenticated, and surely chatsecure should not be sending my xmpp
password to a remote system that has failed TLS negotiation (that's most
of the point of checking for TLS).

I turned up debugging, and the whole sasl login looks ok on the client
side.  But when it looks like it should succeed, chatsecure throws an

D/SMACK   ( 1493): 12:42:43 pm RCV  (1109498760): <iq xmlns='jabber:client' id='[redacted]' type='result'><bind xmlns='urn:ietf:params:xml:ns:xmpp-bind'><jid>gdt at example.com.i\
E/GB.XmppConnection( 1493): 0 : exception thrown on connection
E/GB.XmppConnection( 1493): Session establishment not offered by server:
E/GB.XmppConnection( 1493):     at org.jivesoftware.smack.SASLAuthentication.bindResourceAndEstablishSession(SASLAuthentication.java:481)
E/GB.XmppConnection( 1493):     at org.jivesoftware.smack.SASLAuthentication.authenticate(SASLAuthentication.java:348)
E/GB.XmppConnection( 1493):     at org.jivesoftware.smack.XMPPConnection.login(XMPPConnection.java:204)
E/GB.XmppConnection( 1493):     at info.guardianproject.otr.app.im.plugin.xmpp.XmppConnection.initConnectionAndLogin(XmppConnection.java:997)
E/GB.XmppConnection( 1493):     at info.guardianproject.otr.app.im.plugin.xmpp.XmppConnection.do_login(XmppConnection.java:859)
E/GB.XmppConnection( 1493):     at info.guardianproject.otr.app.im.plugin.xmpp.XmppConnection.access$900(XmppConnection.java:129)
E/GB.XmppConnection( 1493):     at info.guardianproject.otr.app.im.plugin.xmpp.XmppConnection$1.run(XmppConnection.java:819)
E/GB.XmppConnection( 1493):     at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1112)
E/GB.XmppConnection( 1493):     at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:587)
E/GB.XmppConnection( 1493):     at java.lang.Thread.run(Thread.java:841)
D/GB.XmppConnection( 1493): 0 : not authorized - will not retry
D/GB.XmppConnection( 1493): 0 : will not retry
D/GB.XmppConnection( 1493): 0 : clear ping
D/GB.XmppConnection( 1493): 0 : connection closed
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 180 bytes
Desc: not available
URL: <http://lists.mayfirst.org/pipermail/guardian-dev/attachments/20150421/86c1b260/attachment.sig>

More information about the guardian-dev mailing list