[asterisk-bugs] [Asterisk 0013656]: Jabber fails to authenticate when using SSL.

Asterisk Bug Tracker noreply at bugs.digium.com
Mon Oct 13 08:12:25 CDT 2008 

A NOTE has been added to this issue. 
====================================================================== 
http://bugs.digium.com/view.php?id=13656 
====================================================================== 
Reported By:                shrift
Assigned To:                phsultan
====================================================================== 
Project:                    Asterisk
Issue ID:                   13656
Category:                   Resources/res_jabber
Reproducibility:            always
Severity:                   minor
Priority:                   normal
Status:                     assigned
Asterisk Version:           1.6.0 
SVN Branch (only for SVN checkouts, not tarball releases): 1.6.0 
SVN Revision (number only!):  
Disclaimer on File?:        N/A 
Request Review:              
====================================================================== 
Date Submitted:             2008-10-09 14:39 CDT
Last Modified:              2008-10-13 08:12 CDT
====================================================================== 
Summary:                    Jabber fails to authenticate when using SSL.
Description: 
The jabber resource will not authenticate in client mode with an SSL
connection.

Jabber debug in the console shows a lot of these:
JABBER: servant-jabber OUTGOING: <?xml version='1.0'?><stream:stream
xmlns:stream='http://etherx.jabber.org/streams' xmlns='jabber:client'
to='crosscomm.net' version='1.0'>

Here is the error from my apple server:
error: SSL handshake error (error:140760FC:SSL
routines:SSL23_GET_CLIENT_HELLO:unknown protocol)

And here is an error from my openfire server:
2008.10.08 12:40:18 ConnectionHandler:
javax.net.ssl.SSLHandshakeException: SSL handshake failed.
	at org.apache.mina.filter.SSLFilter.messageReceived(SSLFilter.java:416)
	at
org.apache.mina.common.support.AbstractIoFilterChain.callNextMessageReceived(AbstractIoFilterChain.java:299)
	at
org.apache.mina.common.support.AbstractIoFilterChain.access$1100(AbstractIoFilterChain.java:53)
	at
org.apache.mina.common.support.AbstractIoFilterChain$EntryImpl$1.messageReceived(AbstractIoFilterChain.java:648)
	at
org.apache.mina.common.support.AbstractIoFilterChain$HeadFilter.messageReceived(AbstractIoFilterChain.java:499)
	at
org.apache.mina.common.support.AbstractIoFilterChain.callNextMessageReceived(AbstractIoFilterChain.java:299)
	at
org.apache.mina.common.support.AbstractIoFilterChain.fireMessageReceived(AbstractIoFilterChain.java:293)
	at
org.apache.mina.transport.socket.nio.SocketIoProcessor.read(SocketIoProcessor.java:228)
	at
org.apache.mina.transport.socket.nio.SocketIoProcessor.process(SocketIoProcessor.java:198)
	at
org.apache.mina.transport.socket.nio.SocketIoProcessor.access$400(SocketIoProcessor.java:45)
	at
org.apache.mina.transport.socket.nio.SocketIoProcessor$Worker.run(SocketIoProcessor.java:485)
	at
org.apache.mina.util.NamePreservingRunnable.run(NamePreservingRunnable.java:51)
	at
java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:885)
	at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:907)
	at java.lang.Thread.run(Thread.java:619)
Caused by: javax.net.ssl.SSLException: Unrecognized SSL message, plaintext
connection?
	at
com.sun.net.ssl.internal.ssl.EngineInputRecord.bytesInCompletePacket(EngineInputRecord.java:152)
	at
com.sun.net.ssl.internal.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:754)
	at
com.sun.net.ssl.internal.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:669)
	at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:607)
	at
org.apache.mina.filter.support.SSLHandler.unwrap0(SSLHandler.java:658)
	at
org.apache.mina.filter.support.SSLHandler.unwrapHandshake(SSLHandler.java:614)
	at
org.apache.mina.filter.support.SSLHandler.handshake(SSLHandler.java:493)
	at
org.apache.mina.filter.support.SSLHandler.messageReceived(SSLHandler.java:306)
	at org.apache.mina.filter.SSLFilter.messageReceived(SSLFilter.java:392)
	... 14 more

====================================================================== 

---------------------------------------------------------------------- 
 (0093536) shrift (reporter) - 2008-10-13 08:12
 http://bugs.digium.com/view.php?id=13656#c93536 
---------------------------------------------------------------------- 
Thanks for looking at this. 

I have tried many things to get this to work on the apple server, but
their configuration seems to be very one client (iChat) tracked. Very
frustrating. I'll not ask for help here getting that figured out as it's an
issue with the auth mechs that they setup with their configuration.

As for my openfire server, I did indeed get it to work on port 5222 with
SSL and sasl turned on. If I leave all settings the same but change the
port to 5223 then the connection fails... While it is good that it works
correctly on port 5222, my openfire does support 5223 and there should
probably be some better information returned to the console if asterisk
will not work with a client on 5223.

Again, thanks for the help. 

Issue History 
Date Modified    Username       Field                    Change               
====================================================================== 
2008-10-13 08:12 shrift         Note Added: 0093536                          
======================================================================

More information about the asterisk-bugs mailing list