3.5.0 s2s MUC is broken

I run two openfire servers on two different domains. Both servers are running Linux and one with a signed cert and the other has a self-signed cert. I was using openfire 3.4.5 on them both without any problems at all.

After switching to 3.5.0, however, s2s MUC is now broken. Neither of my servers seem to be able to get a bi-directional connection going with the conference.* element of any other servers. Regular user-to-user chat works fine, though.

Here’s some debug log capture incase it will shed any light on the problem:

2008.04.09 18:27:43 LocalOutgoingServerSession: OS - Trying to connect to conference.gajim.org:5269(DNS lookup: conference.gajim.org:5269)

2008.04.09 18:27:44 LocalOutgoingServerSession: OS - Plain connection to conference.gajim.org:5269 successful 2008.04.09 18:27:44 LocalOutgoingServerSession: OS - Indicating we want TLS to conference.gajim.org 2008.04.09 18:27:45 LocalOutgoingServerSession: OS - Negotiating TLS with conference.gajim.org 2008.04.09 18:27:45

CertificateManager: SubjectAltName of invalid type found:

           EMAILADDRESS=asterix@lagaule.org, CN=gajim.org, OU=Domain validated

only, O=Yann Leboulanger, L=Fontenay Le Fleury, C=FR 2008.04.09 18:27:45

LocalOutgoingServerSession: Handshake error while creating secured

outgoing session to remote server: conference.gajim.org(DNS lookup:

conference.gajim.org:5269) javax.net.ssl.SSLHandshakeException: General SSLEngine problem at com.sun.net.ssl.internal.ssl.Handshaker.checkThrown(Unknown Source) at com.sun.net.ssl.internal.ssl.SSLEngineImpl.checkTaskThrown(Unknown Source) at com.sun.net.ssl.internal.ssl.SSLEngineImpl.writeAppRecord(Unknown Source) at com.sun.net.ssl.internal.ssl.SSLEngineImpl.wrap(Unknown Source) at javax.net.ssl.SSLEngine.wrap(Unknown Source) at org.jivesoftware.openfire.net.TLSStreamHandler.doHandshake(TLSStreamHandler.jav a:263) at org.jivesoftware.openfire.net.TLSStreamHandler.start(TLSStreamHandler.java:157) at org.jivesoftware.openfire.net.SocketConnection.startTLS(SocketConnection.java:1 65) at org.jivesoftware.openfire.session.LocalOutgoingServerSession.secureAndAuthentic ate(LocalOutgoingServerSession.java:369) at org.jivesoftware.openfire.session.LocalOutgoingServerSession.createOutgoingSess ion(LocalOutgoingServerSession.java:302) at org.jivesoftware.openfire.session.LocalOutgoingServerSession.authenticateDomain (LocalOutgoingServerSession.java:143) at org.jivesoftware.openfire.server.OutgoingSessionPromise$PacketsProcessor.sendPa cket(OutgoingSessionPromise.java:213) at org.jivesoftware.openfire.server.OutgoingSessionPromise$PacketsProcessor.run(Ou tgoingSessionPromise.java:193) at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(Unknown Source) at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source) at java.lang.Thread.run(Unknown Source) Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source) at com.sun.net.ssl.internal.ssl.SSLEngineImpl.fatal(Unknown Source) at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source) at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source) at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(Unknown Source) at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(Unknown Source) at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Unknown Source) at com.sun.net.ssl.internal.ssl.Handshaker$1.run(Unknown Source) at java.security.AccessController.doPrivileged(Native Method) at com.sun.net.ssl.internal.ssl.Handshaker$DelegatedTask.run(Unknown Source) at org.jivesoftware.openfire.net.TLSStreamHandler.doTasks(TLSStreamHandler.java:31 4) at org.jivesoftware.openfire.net.TLSStreamHandler.doHandshake(TLSStreamHandler.jav a:224) … 10 more Caused by: java.security.cert.CertificateException: root certificate not trusted of http://gajim.org at org.jivesoftware.openfire.net.ServerTrustManager.checkServerTrusted(ServerTrust Manager.java:134) … 18 more 2008.04.09 18:27:45 LocalOutgoingServerSession: OS - Going to try connecting using server dialback with: conference.gajim.org 2008.04.09 18:27:45 ServerDialback: OS - Trying to connect to conference.gajim.org:5269(DNS lookup: conference.gajim.org:5269) 2008.04.09 18:27:48 ServerDialback: OS - Connection to conference.gajim.org:5269 successful 2008.04.09 18:27:48 ServerDialback: OS - Sent dialback key to host: conference.gajim.org id: 1281397133 from domain: stevegibson.com 2008.04.09 18:27:48 Connect Socket[http://addr=/88.191.11.156,port=45554,localport=5269

http://addr=/88.191.11.156,port=45554,localport=5269] 2008.04.09 18:27:49 ServerDialback: RS - Received dialback key from host: conference.gajim.org to: stevegibson.com 2008.04.09 18:27:52

000312 (01/03/00) - #3 registered a statement as closed which wasn’t

known to be open. This could happen if you close a statement twice. 2008.04.09 18:27:52

000313 (01/03/00) - #1 registered a statement as closed which wasn’t

known to be open. This could happen if you close a statement twice. 2008.04.09 18:28:08

ServerDialback: OS - Time out waiting for answer in validation from:

conference.gajim.org id: 1281397133 for domain: stevegibson.com 2008.04.09 18:28:08 OutgoingServerSocketReader: Finishing Outgoing Server Reader. No session to close. java.net.SocketException: Socket closed at java.net.SocketInputStream.socketRead0(Native Method) at java.net.SocketInputStream.read(Unknown Source) at org.jivesoftware.openfire.net.ServerTrafficCounter$InputStreamWrapper.read(Serv erTrafficCounter.java:209) at sun.nio.cs.StreamDecoder.readBytes(Unknown Source) at sun.nio.cs.StreamDecoder.implRead(Unknown Source) at sun.nio.cs.StreamDecoder.read(Unknown Source) at java.io.InputStreamReader.read(Unknown Source) at org.xmlpull.mxp1.MXParser.fillBuf(MXParser.java:2992) at org.xmlpull.mxp1.MXParser.more(MXParser.java:3046) at org.jivesoftware.openfire.net.MXParser.nextImpl(MXParser.java:75) at org.xmlpull.mxp1.MXParser.nextToken(MXParser.java:1100) at org.dom4j.io.XMPPPacketReader.parseDocument(XMPPPacketReader.java:317) at org.jivesoftware.openfire.server.OutgoingServerSocketReader$1.run(OutgoingServe rSocketReader.java:92) 2008.04.09 18:28:09 LocalOutgoingServerSession: OS - Trying to connect to gajim.org:5269(DNS lookup: panoramix.gajim.org:5269) 2008.04.09 18:28:10 LocalOutgoingServerSession: OS - Plain connection to gajim.org:5269 successful 2008.04.09 18:28:10 LocalOutgoingServerSession: OS - Indicating we want TLS to gajim.org 2008.04.09 18:28:10 LocalOutgoingServerSession: OS - Negotiating TLS with gajim.org 2008.04.09 18:28:10

CertificateManager: SubjectAltName of invalid type found:

           EMAILADDRESS=asterix@lagaule.org, CN=gajim.org, OU=Domain validated

only, O=Yann Leboulanger, L=Fontenay Le Fleury, C=FR 2008.04.09 18:28:10

LocalOutgoingServerSession: Handshake error while creating secured

outgoing session to remote server: gajim.org(DNS lookup:

panoramix.gajim.org:5269) javax.net.ssl.SSLHandshakeException: General SSLEngine problem at com.sun.net.ssl.internal.ssl.Handshaker.checkThrown(Unknown Source) at com.sun.net.ssl.internal.ssl.SSLEngineImpl.checkTaskThrown(Unknown Source) at com.sun.net.ssl.internal.ssl.SSLEngineImpl.writeAppRecord(Unknown Source) at com.sun.net.ssl.internal.ssl.SSLEngineImpl.wrap(Unknown Source) at javax.net.ssl.SSLEngine.wrap(Unknown Source) at org.jivesoftware.openfire.net.TLSStreamHandler.doHandshake(TLSStreamHandler.jav a:263) at org.jivesoftware.openfire.net.TLSStreamHandler.start(TLSStreamHandler.java:157) at org.jivesoftware.openfire.net.SocketConnection.startTLS(SocketConnection.java:1 65) at org.jivesoftware.openfire.session.LocalOutgoingServerSession.secureAndAuthentic ate(LocalOutgoingServerSession.java:369) at org.jivesoftware.openfire.session.LocalOutgoingServerSession.createOutgoingSess ion(LocalOutgoingServerSession.java:302) at org.jivesoftware.openfire.session.LocalOutgoingServerSession.authenticateDomain (LocalOutgoingServerSession.java:184) at org.jivesoftware.openfire.server.OutgoingSessionPromise$PacketsProcessor.sendPa cket(OutgoingSessionPromise.java:213) at org.jivesoftware.openfire.server.OutgoingSessionPromise$PacketsProcessor.run(Ou tgoingSessionPromise.java:193) at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(Unknown Source) at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source) at java.lang.Thread.run(Unknown Source) Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source) at com.sun.net.ssl.internal.ssl.SSLEngineImpl.fatal(Unknown Source) at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source) at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source) at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(Unknown Source) at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(Unknown Source) at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Unknown Source) at com.sun.net.ssl.internal.ssl.Handshaker$1.run(Unknown Source) at java.security.AccessController.doPrivileged(Native Method) at com.sun.net.ssl.internal.ssl.Handshaker$DelegatedTask.run(Unknown Source) at org.jivesoftware.openfire.net.TLSStreamHandler.doTasks(TLSStreamHandler.java:31 4) at org.jivesoftware.openfire.net.TLSStreamHandler.doHandshake(TLSStreamHandler.jav a:224) … 10 more Caused by: java.security.cert.CertificateException: root certificate not trusted of http://gajim.org at org.jivesoftware.openfire.net.ServerTrustManager.checkServerTrusted(ServerTrust Manager.java:134) … 18 more 2008.04.09 18:28:10 LocalOutgoingServerSession: OS - Going to try connecting using server dialback with: gajim.org 2008.04.09 18:28:10 ServerDialback: OS - Trying to connect to gajim.org:5269(DNS lookup: panoramix.gajim.org:5269) 2008.04.09 18:28:11 ServerDialback: OS - Connection to gajim.org:5269 successful 2008.04.09 18:28:11 ServerDialback: OS - Sent dialback key to host: gajim.org id: 176430292 from domain: stevegibson.com 2008.04.09 18:28:11 Connect Socket[http://addr=/88.191.11.156,port=47970,localport=5269

http://addr=/88.191.11.156,port=47970,localport=5269] 2008.04.09 18:28:11 ServerDialback: RS - Received dialback key from host: gajim.org to: stevegibson.com 2008.04.09 18:28:11 ServerDialback: RS - Trying to connect to Authoritative Server: gajim.org:5269(DNS lookup: panoramix.gajim.org:5269) 2008.04.09 18:28:11 ServerDialback: RS - Connection to AS: gajim.org:5269 successful 2008.04.09 18:28:11 ServerDialback: RS - Asking AS to verify dialback key for id21fea2e0 2008.04.09 18:28:12 ServerDialback: RS - Key was VERIFIED by the Authoritative Server for: gajim.org 2008.04.09 18:28:12 ServerDialback: RS - Closing connection to Authoritative Server: gajim.org 2008.04.09 18:28:12 ServerDialback: RS - Sending key verification result to OS: gajim.org 2008.04.09 18:28:12 ServerDialback: AS - Verifying key for host: gajim.org id: 176430292 2008.04.09 18:28:12 ServerDialback: AS - Key was: VALID for host: gajim.org id: 176430292 2008.04.09 18:28:12 ServerDialback: OS - Validation GRANTED from: gajim.org id: 176430292 for domain: stevegibson.com 2008.04.09 18:28:12

ServerDialback: RS - Trying to connect to Authoritative Server:

conference.gajim.org:5269(DNS lookup: conference.gajim.org:5269) 2008.04.09 18:28:13 ServerDialback: RS - Connection to AS: conference.gajim.org:5269 successful 2008.04.09 18:28:13 ServerDialback: RS - Asking AS to verify dialback key for idd3beb0cd 2008.04.09 18:28:13 ServerDialback: RS - Key was VERIFIED by the Authoritative Server for: conference.gajim.org 2008.04.09 18:28:13 ServerDialback: RS - Closing connection to Authoritative Server: conference.gajim.org 2008.04.09 18:28:13 ServerDialback: RS - Sending key verification result to OS: conference.gajim.org 2008.04.09 18:28:13 ServerDialback: AS - Verifying key for host: conference.gajim.org id: 1281397133 2008.04.09 18:28:13 ServerDialback: AS - Key was: VALID for host: conference.gajim.org id: 1281397133 2008.04.09 18:28:23 ServerDialback: OS - Sent dialback key to host: conference.xmpplink.com id: c9a7a40 from domain: stevegibson.com 2008.04.09 18:28:23

000314 (01/03/00) - #2 registered a statement as closed which wasn’t

           known to be open. This could happen if you close a statement twice.                2008.04.09 18:28:23 Connect Socket[http://addr=/24.227.169.93,port=54825,localport=5269

http://addr=/24.227.169.93,port=54825,localport=5269] 2008.04.09 18:28:23 ServerDialback: AS - Verifying key for host: conference.xmpplink.com id: c9a7a40 2008.04.09 18:28:23 ServerDialback: AS - Key was: VALID for host: conference.xmpplink.com id: c9a7a40 2008.04.09 18:28:23 ServerDialback: OS - Validation GRANTED from: conference.xmpplink.com id: c9a7a40 for domain: stevegibson.com 2008.04.09 18:28:23 ServerDialback: AS - Connection closed for host: conference.xmpplink.com id: c9a7a40 2008.04.09 18:28:23 Connection closed before session established Socket[http://addr=/24.227.169.93,port=54825,localport=5269

http://addr=/24.227.169.93,port=54825,localport=5269] 2008.04.09 18:29:48 ServerDialback: OS - Sent dialback key to host: xmpplink.com id: c9a7a40 from domain: conference.stevegibson.com 2008.04.09 18:29:48

ServerDialback: OS - Unexpected answer in validation from: xmpplink.com

id: c9a7a40 for domain: conference.stevegibson.com

answer:<stream:error

           xmlns:stream="http://etherx.jabber.org/streams"&gt;&lt;remote-connection-failed

xmlns=“urn:ietf:params:xml:ns:xmpp-streams”/></stream:error > 2008.04.09 18:29:48 ServerDialback: OS - Sent dialback key to host: xmpplink.com id: c9a7a40 from domain: conference.stevegibson.com 2008.04.09 18:30:06

Logging off conference.gajim.org on

org.jivesoftware.openfire.net.SocketConnection@1f568f socket:

           Socket[http://addr=/88.191.11.156,port=45554,localport=5269

http://addr=/88.191.11.156,port=45554,localport=5269] session:

org.jivesoftware.openfire.session.LocalIncomingServerSession@7587 b2

status: -1 address: conference.gajim.org id: d3beb0cd 2008.04.09 18:30:06

Logging off gajim.org on

org.jivesoftware.openfire.net.SocketConnection@19f31de socket:

           Socket[http://addr=/88.191.11.156,port=47970,localport=5269

http://addr=/88.191.11.156,port=47970,localport=5269] session:

org.jivesoftware.openfire.session.LocalIncomingServerSession@1205 042

status: -1 address: gajim.org id: 21fea2e0 2008.04.09 18:30:08

ServerDialback: OS - Time out waiting for answer in validation from:

xmpplink.com id: c9a7a40 for domain: conference.stevegibson.com 2008.04.09 18:38:12

OutgoingServerSocketReader: Finishing Outgoing Server Reader. Closing

session:

org.jivesoftware.openfire.session.LocalOutgoingServerSession@b924 2e

status: 1 address: gajim.org id: 176430292 java.io.EOFException:

no more data available - expected end tag </stream:stream> to

close start tag <stream:stream> from line 1, parser stopped on

END_TAG seen …2’><db:result from=‘gajim.org

to=‘stevegibson.com’ type=‘valid’/>… @1:218 at org.xmlpull.mxp1.MXParser.fillBuf(MXParser.java:3035) at org.xmlpull.mxp1.MXParser.more(MXParser.java:3046) at org.jivesoftware.openfire.net.MXParser.nextImpl(MXParser.java:75) at org.xmlpull.mxp1.MXParser.nextToken(MXParser.java:1100) at org.dom4j.io.XMPPPacketReader.parseDocument(XMPPPacketReader.java:317) at org.jivesoftware.openfire.server.OutgoingServerSocketReader$1.run(OutgoingServe rSocketReader.java:92) 2008.04.09 18:38:24

OutgoingServerSocketReader: Finishing Outgoing Server Reader. Closing

session:

org.jivesoftware.openfire.session.LocalOutgoingServerSession@1616 dd6

status: 1 address: jabber.org id: 3071030879 java.io.EOFException:

no more data available - expected end tag </stream:stream> to

close start tag <stream:stream> from line 1, parser stopped on

END_TAG seen …’><db:result from=‘jabber.org

to=‘stevegibson.com’ type=‘valid’/>… @1:220 at org.xmlpull.mxp1.MXParser.fillBuf(MXParser.java:3035) at org.xmlpull.mxp1.MXParser.more(MXParser.java:3046) at org.jivesoftware.openfire.net.MXParser.nextImpl(MXParser.java:75) at org.xmlpull.mxp1.MXParser.nextToken(MXParser.java:1100) at org.dom4j.io.XMPPPacketReader.parseDocument(XMPPPacketReader.java:317) at org.jivesoftware.openfire.server.OutgoingServerSocketReader$1.run(OutgoingServe rSocketReader.java:92)

May I enquire do you have enterprise installed with no license in it!and see if you can get rooms list from conference.igniterealtime.org and join

yes my openfire 3.5.0 muc is broken to only can get chatrooms on my server and at conference.igniterealtime.org all other chat services broken to.I think it was enterprise plugin with on license but I have uninstalled enterprise plugin but stll muc chatrooms is broken still only works on two services mine and conference.igniterealtime.org all the others broken to

I’m not running the enterprise plugin on either server.

Surprisingly, I was able to disco and browse the rooms at conference.igniterealtime.org and was able to join open_chat. For some reason the s2s session listing only shows outbound connections for the igniterealtime.org services. And it seems a bit inconsistent… there is often a delay of several seconds before the join goes through.

And I still can’t join any other MUCs on other servers (like jabber.org, gajim.org, ejabberd.ru, etc). And my servers can’t join each other’s MUCs half the time. Occasionally a connection will work for a while and then I’ll get a message in the MUC along the lines of “remote server not found”. But I have yet to be able to connect at all to any of the other servers I mentioned.

-Steve

I would like to add to this thread that I am experiencing the same problem: I am unable to connect to MUCs on other servers with Openfire 3.5.0. All the debug log tells me is:

2008.04.10 12:43:05

Logging off conference.jabber.org on

org.jivesoftware.openfire.net.SocketConnection@12c508f socket:

Socket[http://addr=/208.68.163.214,port=35981,localport=5269] session:

org.jivesoftware.openfire.session.LocalIncomingServerSession@76b33

status: -1 address: conference.jabber.org id: 2fc245cb

And indeed, I can join igniterealtime conference rooms.

Same problem here, no extern muc in openfire 3.5.0 rc2 and 3.5.0 final and gmail communication also broken in same versions, in rc1 works fine and 3.4.5.

Clean instalation and old instalion no works. And the servers is working perfect, no dns problem.

Well, it looks like I will have to revert back to 3.4.5 until this is resolved. As big as this problem is, I’m surprised that it made it through to the release.

I wonder if it is isolated to certain architectures? Probably not since everything runs ontop of the Java VM.

-Steve

I am using both 3.4.5 and 3.5.0 switch back and forth I have public server so need muc rooms to work so I am back on 3.4.5 again to.but when muc rooms is fixed will switch again as 3.5.0 is much nicer server

Hey guys,

For your information, we are studying this problem right now. Server-2-server between servers (no pun intended) is working fine. That means that one-2-one chats will work fine. The case we are analyzing now is server-2-server with subdomains inside of a server (e.g. jivesoftware.com tries to talk to conference.igniterealtime.org).

I hope to post good news tomorrow.

Thanks,

– Gato

yes problem is only happening in the chatroom services IE subdomain and not anywhere els thatkyou Gato

Gato I will put server 3.5.0 on line all day tomorro for you can use it for testing my chatrrom subdomain is chat.kingshomeworld.com

Bruce

Not sure if that will help though, because connecting to any Openfire MUC works, it’s connecting to non-openfire MUC services that doesn’t work. I have checked this with jivesoftware.com, igniterealtime.org, your server, and another openfire server (even in a dyndns domain). All worked fine.

the only ones I am sure where opnfire servers where igniterealtime witch works and jive witch did not work!Just like to help some

Has this issue been resolved?

We’re trying to use s2s to partition a large userbase accross a number of Openfire 3.6.2 instances. 1-to-1 messaging works fine using Spark but MUC doesn’t seem to be.

Help in this area would be appreciated.

We are on 3.6.2 and see the same issue are there any updates as to why this is broken?