[asterisk-bugs] [Asterisk 0013656]: Jabber fails to authenticate when using SSL.
Asterisk Bug Tracker
noreply at bugs.digium.com
Fri Oct 10 10:07:47 CDT 2008
A NOTE has been added to this issue.
======================================================================
http://bugs.digium.com/view.php?id=13656
======================================================================
Reported By: shrift
Assigned To: phsultan
======================================================================
Project: Asterisk
Issue ID: 13656
Category: Resources/res_jabber
Reproducibility: always
Severity: minor
Priority: normal
Status: assigned
Asterisk Version: 1.6.0
SVN Branch (only for SVN checkouts, not tarball releases): 1.6.0
SVN Revision (number only!):
Disclaimer on File?: N/A
Request Review:
======================================================================
Date Submitted: 2008-10-09 14:39 CDT
Last Modified: 2008-10-10 10:07 CDT
======================================================================
Summary: Jabber fails to authenticate when using SSL.
Description:
The jabber resource will not authenticate in client mode with an SSL
connection.
Jabber debug in the console shows a lot of these:
JABBER: servant-jabber OUTGOING: <?xml version='1.0'?><stream:stream
xmlns:stream='http://etherx.jabber.org/streams' xmlns='jabber:client'
to='crosscomm.net' version='1.0'>
Here is the error from my apple server:
error: SSL handshake error (error:140760FC:SSL
routines:SSL23_GET_CLIENT_HELLO:unknown protocol)
And here is an error from my openfire server:
2008.10.08 12:40:18 ConnectionHandler:
javax.net.ssl.SSLHandshakeException: SSL handshake failed.
at org.apache.mina.filter.SSLFilter.messageReceived(SSLFilter.java:416)
at
org.apache.mina.common.support.AbstractIoFilterChain.callNextMessageReceived(AbstractIoFilterChain.java:299)
at
org.apache.mina.common.support.AbstractIoFilterChain.access$1100(AbstractIoFilterChain.java:53)
at
org.apache.mina.common.support.AbstractIoFilterChain$EntryImpl$1.messageReceived(AbstractIoFilterChain.java:648)
at
org.apache.mina.common.support.AbstractIoFilterChain$HeadFilter.messageReceived(AbstractIoFilterChain.java:499)
at
org.apache.mina.common.support.AbstractIoFilterChain.callNextMessageReceived(AbstractIoFilterChain.java:299)
at
org.apache.mina.common.support.AbstractIoFilterChain.fireMessageReceived(AbstractIoFilterChain.java:293)
at
org.apache.mina.transport.socket.nio.SocketIoProcessor.read(SocketIoProcessor.java:228)
at
org.apache.mina.transport.socket.nio.SocketIoProcessor.process(SocketIoProcessor.java:198)
at
org.apache.mina.transport.socket.nio.SocketIoProcessor.access$400(SocketIoProcessor.java:45)
at
org.apache.mina.transport.socket.nio.SocketIoProcessor$Worker.run(SocketIoProcessor.java:485)
at
org.apache.mina.util.NamePreservingRunnable.run(NamePreservingRunnable.java:51)
at
java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:885)
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:907)
at java.lang.Thread.run(Thread.java:619)
Caused by: javax.net.ssl.SSLException: Unrecognized SSL message, plaintext
connection?
at
com.sun.net.ssl.internal.ssl.EngineInputRecord.bytesInCompletePacket(EngineInputRecord.java:152)
at
com.sun.net.ssl.internal.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:754)
at
com.sun.net.ssl.internal.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:669)
at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:607)
at
org.apache.mina.filter.support.SSLHandler.unwrap0(SSLHandler.java:658)
at
org.apache.mina.filter.support.SSLHandler.unwrapHandshake(SSLHandler.java:614)
at
org.apache.mina.filter.support.SSLHandler.handshake(SSLHandler.java:493)
at
org.apache.mina.filter.support.SSLHandler.messageReceived(SSLHandler.java:306)
at org.apache.mina.filter.SSLFilter.messageReceived(SSLFilter.java:392)
... 14 more
======================================================================
----------------------------------------------------------------------
(0093479) shrift (reporter) - 2008-10-10 10:07
http://bugs.digium.com/view.php?id=13656#c93479
----------------------------------------------------------------------
I don't actually think that either of my servers support tls on port 5222,
so I'm not sure that port 5222 is worthy of trouble shooting, but here is
the asterisk debug of trying to make client connections on port 5222 to
both applie iChat and openfire, "servant-jabber" is apple,
"bubbletastic-jabbber" is openfire:
[Oct 10 09:59:11] VERBOSE[3630] logger.c:
JABBER: servant-jabber OUTGOING: <?xml version='1.0'?><stream:stream
xmlns:stream='http://etherx.jabber.org/streams' xmlns='jabber:client'
to='crosscomm.net' version='1.0'>
[Oct 10 09:59:15] VERBOSE[3630] logger.c:
JABBER: servant-jabber INCOMING: <?xml version='1.0'?><stream:stream
xmlns:stream='http://etherx.jabber.org/streams' xmlns='jabber:client'
from='crosscomm.net' version='1.0'
id='qnbq5d13xwxrr2u74lj7dzgtvr4xohzs7mrwcywx'><stream:features
xmlns:stream='http://etherx.jabber.org/streams'><starttls
xmlns='urn:ietf:params:xml:ns:xmpp-tls'><required/></starttls></stream:features>
[Oct 10 09:59:15] VERBOSE[3630] logger.c:
JABBER: servant-jabber OUTGOING: <starttls
xmlns='urn:ietf:params:xml:ns:xmpp-tls'/>
[Oct 10 09:59:15] VERBOSE[3630] logger.c:
JABBER: servant-jabber INCOMING: <proceed
xmlns='urn:ietf:params:xml:ns:xmpp-tls'/>
[Oct 10 09:59:15] VERBOSE[3630] logger.c:
JABBER: servant-jabber OUTGOING: <?xml version='1.0'?><stream:stream
xmlns:stream='http://etherx.jabber.org/streams' xmlns='jabber:client'
to='crosscomm.net' version='1.0'>
[Oct 10 09:59:15] VERBOSE[3630] logger.c:
JABBER: servant-jabber INCOMING: <?xml version='1.0'?><stream:stream
xmlns:stream='http://etherx.jabber.org/streams' xmlns='jabber:client'
from='crosscomm.net' version='1.0'
id='gc3njb2n0yiodvokl8jv4agmgnx5kp0ud04obtsm'>
[Oct 10 09:59:15] VERBOSE[3630] logger.c:
JABBER: servant-jabber OUTGOING: <iq type='set' id='aaaaf'
to='crosscomm.net'><query
xmlns='jabber:iq:auth'><username>asterisk</username><resource>asterisk</resource><digest>3d350f9485cc4accc94d732d87a7079b457cd96b</digest></query></iq>
[Oct 10 09:59:15] VERBOSE[3630] logger.c:
JABBER: servant-jabber INCOMING: <stream:features
xmlns:stream='http://etherx.jabber.org/streams'><mechanisms
xmlns='urn:ietf:params:xml:ns:xmpp-sasl'><mechanism>GSSAPI</mechanism></mechanisms></stream:features>
[Oct 10 09:59:15] VERBOSE[3630] logger.c:
JABBER: servant-jabber INCOMING: <iq xmlns='jabber:client'
from='crosscomm.net' id='aaaaf' type='error'><error code='401'/><query
xmlns='jabber:iq:auth'><username>asterisk</username><resource>asterisk</resource><digest>3d350f9485cc4accc94d732d87a7079b457cd96b</digest></query></iq>
[Oct 10 09:59:45] VERBOSE[3629] logger.c:
JABBER: bubbletastic-jabber OUTGOING: <?xml version='1.0'?><stream:stream
xmlns:stream='http://etherx.jabber.org/streams' xmlns='jabber:client'
to='bubbletastic.com' version='1.0'>
[Oct 10 09:59:50] VERBOSE[3629] logger.c:
JABBER: bubbletastic-jabber INCOMING: <?xml version='1.0'
encoding='UTF-8'?><stream:stream
xmlns:stream="http://etherx.jabber.org/streams" xmlns="jabber:client"
from="bubbletastic.com" id="ac91f7db" xml:lang="en" version="1.0">
[Oct 10 09:59:50] VERBOSE[3629] logger.c:
JABBER: bubbletastic-jabber OUTGOING: <starttls
xmlns='urn:ietf:params:xml:ns:xmpp-tls'/>
[Oct 10 09:59:50] VERBOSE[3629] logger.c:
JABBER: bubbletastic-jabber INCOMING: <stream:features><starttls
xmlns="urn:ietf:params:xml:ns:xmpp-tls"></starttls><mechanisms
xmlns="urn:ietf:params:xml:ns:xmpp-sasl"><mechanism>DIGEST-MD5</mechanism><mechanism>PLAIN</mechanism><mechanism>CRAM-MD5</mechanism></mechanisms><compression
xmlns="http://jabber.org/features/compress"><method>zlib</method></compression><auth
xmlns="http://jabber.org/features/iq-auth"/><register
xmlns="http://jabber.org/features/iq-register"/></stream:features>
[Oct 10 09:59:51] VERBOSE[3629] logger.c:
JABBER: bubbletastic-jabber INCOMING: <proceed
xmlns="urn:ietf:params:xml:ns:xmpp-tls"/>
[Oct 10 09:59:53] VERBOSE[3629] logger.c:
JABBER: bubbletastic-jabber OUTGOING: <?xml version='1.0'?><stream:stream
xmlns:stream='http://etherx.jabber.org/streams' xmlns='jabber:client'
to='bubbletastic.com' version='1.0'>
[Oct 10 09:59:54] VERBOSE[3629] logger.c:
JABBER: bubbletastic-jabber INCOMING: <?xml version='1.0'
encoding='UTF-8'?><stream:stream
xmlns:stream="http://etherx.jabber.org/streams" xmlns="jabber:client"
from="bubbletastic.com" id="ac91f7db" xml:lang="en"
version="1.0"><stream:features><mechanisms
xmlns="urn:ietf:params:xml:ns:xmpp-sasl"><mechanism>DIGEST-MD5</mechanism><mechanism>PLAIN</mechanism><mechanism>CRAM-MD5</mechanism></mechanisms><compression
xmlns="http://jabber.org/features/compress"><method>zlib</method></compression><auth
xmlns="http://jabber.org/features/iq-auth"/><register
xmlns="http://jabber.org/features/iq-register"/></stream:features>
[Oct 10 09:59:54] VERBOSE[3629] logger.c:
JABBER: bubbletastic-jabber OUTGOING: <iq type='set' id='aaaaf'
to='bubbletastic.com'><query
xmlns='jabber:iq:auth'><username>asterisk</username><resource>asterisk</resource><digest>1e573f443d80d2a59dae7414633662e3d811c7d9</digest></query></iq>
[Oct 10 09:59:54] VERBOSE[3629] logger.c:
JABBER: bubbletastic-jabber INCOMING: <iq type="error" id="aaaaf"
from="bubbletastic.com" to="bubbletastic.com/ac91f7db"><query
xmlns="jabber:iq:auth"><username>asterisk</username><resource>asterisk</resource><digest>1e573f443d80d2a59dae7414633662e3d811c7d9</digest></query><error
code="401" type="auth"><not-authorized
xmlns="urn:ietf:params:xml:ns:xmpp-stanzas"/></error></iq>
Also after doing that stuff I tried to login to my servers with port 5222
and ssl, neither of them let me do it, that was using the iChat client.
When I tried this with the Spark (openfire's client app) there wasn't even
an option to use ssl with port 5222.
One other issue worth noting is that when I make changes in the
jabber.conf they don't seem to take effect on a jabber reload, I have to do
core restart now, shall I open a bug for that?
Issue History
Date Modified Username Field Change
======================================================================
2008-10-10 10:07 shrift Note Added: 0093479
======================================================================
More information about the asterisk-bugs
mailing list