Hans-Christoph Steiner <[email protected]> writes: > Does your XMPP server have a TLS certificate from a certificate provider that > is in your trust store of your device? That usually means you bought a TLS > certificate, but it can also be achieved in other ways, like using > https://cacert.org and manually including their certs in your device's trust > store.
Yes. I have a private CA, and put that CA cert in as an additional trust anchor. firefox and k-9 accept the host cert without issues. I do not remember exactly if chatsecure asked me if it was ok to use the cert. Earlier I wrote: >> Sat Apr 18 19:38:51 2015 [notice] [22] [10.1.2.3, port=40015] connect >> Sat Apr 18 19:38:52 2015 [notice] [22] DIGEST-MD5 authentication succeeded: >> [email protected] 10.1.2.3:40015 TLS >> Sat Apr 18 19:38:52 2015 [notice] [22] bound: [email protected]/foo >> Sat Apr 18 19:38:52 2015 [notice] session started: [email protected]/foo >> Sat Apr 18 19:38:52 2015 [notice] [22] [10.1.2.3, port=40015] disconnect >> [email protected]/foo, packets: 2 >> Sat Apr 18 19:38:52 2015 [notice] session ended: [email protected]/foo >> Sat Apr 18 19:38:52 2015 [notice] user unloaded [email protected] I am pretty sure this isn't it, as the server logs above indicate that I have authenticated, and surely chatsecure should not be sending my xmpp password to a remote system that has failed TLS negotiation (that's most of the point of checking for TLS). I turned up debugging, and the whole sasl login looks ok on the client side. But when it looks like it should succeed, chatsecure throws an exception. D/SMACK ( 1493): 12:42:43 pm RCV (1109498760): <iq xmlns='jabber:client' id='[redacted]' type='result'><bind xmlns='urn:ietf:params:xml:ns:xmpp-bind'><jid>[email protected]\ r.bbn.com/n7</jid></bind></iq> E/GB.XmppConnection( 1493): 0 : exception thrown on connection E/GB.XmppConnection( 1493): Session establishment not offered by server: E/GB.XmppConnection( 1493): at org.jivesoftware.smack.SASLAuthentication.bindResourceAndEstablishSession(SASLAuthentication.java:481) E/GB.XmppConnection( 1493): at org.jivesoftware.smack.SASLAuthentication.authenticate(SASLAuthentication.java:348) E/GB.XmppConnection( 1493): at org.jivesoftware.smack.XMPPConnection.login(XMPPConnection.java:204) E/GB.XmppConnection( 1493): at info.guardianproject.otr.app.im.plugin.xmpp.XmppConnection.initConnectionAndLogin(XmppConnection.java:997) E/GB.XmppConnection( 1493): at info.guardianproject.otr.app.im.plugin.xmpp.XmppConnection.do_login(XmppConnection.java:859) E/GB.XmppConnection( 1493): at info.guardianproject.otr.app.im.plugin.xmpp.XmppConnection.access$900(XmppConnection.java:129) E/GB.XmppConnection( 1493): at info.guardianproject.otr.app.im.plugin.xmpp.XmppConnection$1.run(XmppConnection.java:819) E/GB.XmppConnection( 1493): at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1112) E/GB.XmppConnection( 1493): at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:587) E/GB.XmppConnection( 1493): at java.lang.Thread.run(Thread.java:841) D/GB.XmppConnection( 1493): 0 : not authorized - will not retry D/GB.XmppConnection( 1493): 0 : will not retry D/GB.XmppConnection( 1493): 0 : clear ping D/GB.XmppConnection( 1493): 0 : connection closed
pgpB9aYoDNPIu.pgp
Description: PGP signature
_______________________________________________ List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev To unsubscribe, email: [email protected]
