S2S doesn't work (dialback broken)
Description
Environment
Attachments
- 10 Dec 2011, 01:03 AM
- 24 Mar 2011, 07:46 PM
Activity
Neustradamus November 1, 2013 at 1:34 PM
All are really good?
You must sign it! https://github.com/stpeter/manifesto/blob/master/manifesto.txt
If it is not, all Openfire XMPP servers will be removed of the XMPP network soon
Guus der Kinderen January 1, 2012 at 12:58 PM
I've committed Marcins patch to improve communication with domains using pre 1.0-versioned stream headers.
Lets use a different issue than this one (https://igniterealtime.atlassian.net/browse/OF-443#icft=OF-443) for new issues with S2S - this one is getting out of hand.
Marcin Cieślak December 17, 2011 at 3:32 PM
Update: jabber.wp.pl s2s works today without any problems (probably something on their said, as suddenly s2s connections from my non-Openfire accounts started working.
Marcin Cieślak December 17, 2011 at 1:05 AM
I have quickly checked breaking session - amessage.de fails on TLS/SSL negotiation
2011.12.16 23:47:12 org.jivesoftware.openfire.net.SocketConnection - Error retrieving client certificates of: [Session-31, TLS_RSA_WITH_AES_256_CBC_SHA]
javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
at sun.security.ssl.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:371)
at org.jivesoftware.openfire.net.SocketConnection.getPeerCertificates(SocketConnection.java:423)
at org.jivesoftware.openfire.net.SASLAuthentication.doExternalAuthentication(SASLAuthentication.java:504)
at org.jivesoftware.openfire.net.SASLAuthentication.handle(SASLAuthentication.java:245)
at org.jivesoftware.openfire.net.SocketReadingMode.authenticateClient(SocketReadingMode.java:130)
at org.jivesoftware.openfire.net.BlockingReadingMode.readStream(BlockingReadingMode.java:148)
at org.jivesoftware.openfire.net.BlockingReadingMode.run(BlockingReadingMode.java:76)
at org.jivesoftware.openfire.net.SocketReader.run(SocketReader.java:137)
at java.lang.Thread.run(Thread.java:679The other one (jabber.wp.pl) stops at some point, it's not related to the version header I guess:
Fetching vCard works fine with that server.
Openfire to WP:
<stream:stream xmlns:stream="http://etherx.jabber.org/streams"
xmlns="jabber:server" xmlns:db="jabber:server:dialback">WP to Openfire:
<?xml version='1.0'?><stream:stream
xmlns:stream='http://etherx.jabber.org/streams' id='89124b7afb0fe01c7e767f345349f33a00967631'
xmlns='jabber:server' xmlns:db='jabber:server:dialback'>Openfire to WP:
<db:verify from="saper.info"
to="jabber.wp.pl"
id="7e0bbe12">59a04579c36d2c860e719c6ffb9cd7c66e2fab03</db:verify>WP to Openfire:
<db:verify from='jabber.wp.pl'
to='saper.info'
id='7e0bbe12' type='valid'/>Openfire to WP:
</stream:stream>Marcin Cieślak December 16, 2011 at 11:58 PM
With the ancient server in question it works - it does not like version="1.0" only in responses to its own greeting.
I run openfire trunk for myself for my daily use and I keep s2s connections to:
jabber.org
igniterealtime.org
gmail.com
the one making trouble - non public
another non public making sometimes trouble with s2s
7thguard.net
chrome.pl
but I have added two s2s contacts for my accounts at
amessage.de
jabber.wp.pl
and yes, it seems it does not get through. Not sure how the last one works with s2s. Amessage is occasionally making s2s trouble with some servers.
I have no access to any older Openfire instance right now.
Details
Assignee
Guus der KinderenGuus der KinderenReporter
wrootwrootIgnite Forum URL
Components
Affects versions
Priority
Blocker
Details
Details
Assignee
Reporter
Ignite Forum URL
Components
Affects versions
Priority
Blocker
Many users report that S2S isn't working for them anymore after the upgrade to 3.7.0.
"After further testing, I've found that 3.7.0 will no successfully negotiate dialback connections with other systems also running 3.7.0. These connections also log an error like:
2011.03.04 15:45:53 ServerDialback: OS - Unexpected answer in validation from: ee.washington.edu id: 5b589264 for domain: dragonsdawn.net answer:<stream:features xmlns:stream="http://etherx.jabber.org/streams"><starttls xmlns="urn:ietf:params:xml:ns:xmpp-tls"/><dialback xmlns="urn:xmpp:features:dialback"/><mechanisms xmlns="urn:ietf:params:xml:ns:xmpp-sasl"/></stream:features>"
also http://community.igniterealtime.org/message/210452#210452