I run two openfire servers on two different domains. Both servers are running Linux and one with a signed cert and the other has a self-signed cert. I was using openfire 3.4.5 on them both without any problems at all.
After switching to 3.5.0, however, s2s MUC is now broken. Neither of my servers seem to be able to get a bi-directional connection going with the conference.* element of any other servers. Regular user-to-user chat works fine, though.
Here’s some debug log capture incase it will shed any light on the problem:
2008.04.09 18:27:43 LocalOutgoingServerSession: OS - Trying to connect to conference.gajim.org:5269(DNS lookup: conference.gajim.org:5269)
2008.04.09 18:27:44 LocalOutgoingServerSession: OS - Plain connection to conference.gajim.org:5269 successful 2008.04.09 18:27:44 LocalOutgoingServerSession: OS - Indicating we want TLS to conference.gajim.org 2008.04.09 18:27:45 LocalOutgoingServerSession: OS - Negotiating TLS with conference.gajim.org 2008.04.09 18:27:45
CertificateManager: SubjectAltName of invalid type found:
EMAILADDRESS=asterix@lagaule.org, CN=gajim.org, OU=Domain validated
only, O=Yann Leboulanger, L=Fontenay Le Fleury, C=FR 2008.04.09 18:27:45
LocalOutgoingServerSession: Handshake error while creating secured
outgoing session to remote server: conference.gajim.org(DNS lookup:
conference.gajim.org:5269) javax.net.ssl.SSLHandshakeException: General SSLEngine problem at com.sun.net.ssl.internal.ssl.Handshaker.checkThrown(Unknown Source) at com.sun.net.ssl.internal.ssl.SSLEngineImpl.checkTaskThrown(Unknown Source) at com.sun.net.ssl.internal.ssl.SSLEngineImpl.writeAppRecord(Unknown Source) at com.sun.net.ssl.internal.ssl.SSLEngineImpl.wrap(Unknown Source) at javax.net.ssl.SSLEngine.wrap(Unknown Source) at org.jivesoftware.openfire.net.TLSStreamHandler.doHandshake(TLSStreamHandler.jav a:263) at org.jivesoftware.openfire.net.TLSStreamHandler.start(TLSStreamHandler.java:157) at org.jivesoftware.openfire.net.SocketConnection.startTLS(SocketConnection.java:1 65) at org.jivesoftware.openfire.session.LocalOutgoingServerSession.secureAndAuthentic ate(LocalOutgoingServerSession.java:369) at org.jivesoftware.openfire.session.LocalOutgoingServerSession.createOutgoingSess ion(LocalOutgoingServerSession.java:302) at org.jivesoftware.openfire.session.LocalOutgoingServerSession.authenticateDomain (LocalOutgoingServerSession.java:143) at org.jivesoftware.openfire.server.OutgoingSessionPromise$PacketsProcessor.sendPa cket(OutgoingSessionPromise.java:213) at org.jivesoftware.openfire.server.OutgoingSessionPromise$PacketsProcessor.run(Ou tgoingSessionPromise.java:193) at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(Unknown Source) at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source) at java.lang.Thread.run(Unknown Source) Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source) at com.sun.net.ssl.internal.ssl.SSLEngineImpl.fatal(Unknown Source) at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source) at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source) at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(Unknown Source) at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(Unknown Source) at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Unknown Source) at com.sun.net.ssl.internal.ssl.Handshaker$1.run(Unknown Source) at java.security.AccessController.doPrivileged(Native Method) at com.sun.net.ssl.internal.ssl.Handshaker$DelegatedTask.run(Unknown Source) at org.jivesoftware.openfire.net.TLSStreamHandler.doTasks(TLSStreamHandler.java:31 4) at org.jivesoftware.openfire.net.TLSStreamHandler.doHandshake(TLSStreamHandler.jav a:224) … 10 more Caused by: java.security.cert.CertificateException: root certificate not trusted of http://gajim.org at org.jivesoftware.openfire.net.ServerTrustManager.checkServerTrusted(ServerTrust Manager.java:134) … 18 more 2008.04.09 18:27:45 LocalOutgoingServerSession: OS - Going to try connecting using server dialback with: conference.gajim.org 2008.04.09 18:27:45 ServerDialback: OS - Trying to connect to conference.gajim.org:5269(DNS lookup: conference.gajim.org:5269) 2008.04.09 18:27:48 ServerDialback: OS - Connection to conference.gajim.org:5269 successful 2008.04.09 18:27:48 ServerDialback: OS - Sent dialback key to host: conference.gajim.org id: 1281397133 from domain: stevegibson.com 2008.04.09 18:27:48 Connect Socket[http://addr=/88.191.11.156,port=45554,localport=5269
http://addr=/88.191.11.156,port=45554,localport=5269] 2008.04.09 18:27:49 ServerDialback: RS - Received dialback key from host: conference.gajim.org to: stevegibson.com 2008.04.09 18:27:52
000312 (01/03/00) - #3 registered a statement as closed which wasn’t
known to be open. This could happen if you close a statement twice. 2008.04.09 18:27:52
000313 (01/03/00) - #1 registered a statement as closed which wasn’t
known to be open. This could happen if you close a statement twice. 2008.04.09 18:28:08
ServerDialback: OS - Time out waiting for answer in validation from:
conference.gajim.org id: 1281397133 for domain: stevegibson.com 2008.04.09 18:28:08 OutgoingServerSocketReader: Finishing Outgoing Server Reader. No session to close. java.net.SocketException: Socket closed at java.net.SocketInputStream.socketRead0(Native Method) at java.net.SocketInputStream.read(Unknown Source) at org.jivesoftware.openfire.net.ServerTrafficCounter$InputStreamWrapper.read(Serv erTrafficCounter.java:209) at sun.nio.cs.StreamDecoder.readBytes(Unknown Source) at sun.nio.cs.StreamDecoder.implRead(Unknown Source) at sun.nio.cs.StreamDecoder.read(Unknown Source) at java.io.InputStreamReader.read(Unknown Source) at org.xmlpull.mxp1.MXParser.fillBuf(MXParser.java:2992) at org.xmlpull.mxp1.MXParser.more(MXParser.java:3046) at org.jivesoftware.openfire.net.MXParser.nextImpl(MXParser.java:75) at org.xmlpull.mxp1.MXParser.nextToken(MXParser.java:1100) at org.dom4j.io.XMPPPacketReader.parseDocument(XMPPPacketReader.java:317) at org.jivesoftware.openfire.server.OutgoingServerSocketReader$1.run(OutgoingServe rSocketReader.java:92) 2008.04.09 18:28:09 LocalOutgoingServerSession: OS - Trying to connect to gajim.org:5269(DNS lookup: panoramix.gajim.org:5269) 2008.04.09 18:28:10 LocalOutgoingServerSession: OS - Plain connection to gajim.org:5269 successful 2008.04.09 18:28:10 LocalOutgoingServerSession: OS - Indicating we want TLS to gajim.org 2008.04.09 18:28:10 LocalOutgoingServerSession: OS - Negotiating TLS with gajim.org 2008.04.09 18:28:10
CertificateManager: SubjectAltName of invalid type found:
EMAILADDRESS=asterix@lagaule.org, CN=gajim.org, OU=Domain validated
only, O=Yann Leboulanger, L=Fontenay Le Fleury, C=FR 2008.04.09 18:28:10
LocalOutgoingServerSession: Handshake error while creating secured
outgoing session to remote server: gajim.org(DNS lookup:
panoramix.gajim.org:5269) javax.net.ssl.SSLHandshakeException: General SSLEngine problem at com.sun.net.ssl.internal.ssl.Handshaker.checkThrown(Unknown Source) at com.sun.net.ssl.internal.ssl.SSLEngineImpl.checkTaskThrown(Unknown Source) at com.sun.net.ssl.internal.ssl.SSLEngineImpl.writeAppRecord(Unknown Source) at com.sun.net.ssl.internal.ssl.SSLEngineImpl.wrap(Unknown Source) at javax.net.ssl.SSLEngine.wrap(Unknown Source) at org.jivesoftware.openfire.net.TLSStreamHandler.doHandshake(TLSStreamHandler.jav a:263) at org.jivesoftware.openfire.net.TLSStreamHandler.start(TLSStreamHandler.java:157) at org.jivesoftware.openfire.net.SocketConnection.startTLS(SocketConnection.java:1 65) at org.jivesoftware.openfire.session.LocalOutgoingServerSession.secureAndAuthentic ate(LocalOutgoingServerSession.java:369) at org.jivesoftware.openfire.session.LocalOutgoingServerSession.createOutgoingSess ion(LocalOutgoingServerSession.java:302) at org.jivesoftware.openfire.session.LocalOutgoingServerSession.authenticateDomain (LocalOutgoingServerSession.java:184) at org.jivesoftware.openfire.server.OutgoingSessionPromise$PacketsProcessor.sendPa cket(OutgoingSessionPromise.java:213) at org.jivesoftware.openfire.server.OutgoingSessionPromise$PacketsProcessor.run(Ou tgoingSessionPromise.java:193) at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(Unknown Source) at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source) at java.lang.Thread.run(Unknown Source) Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source) at com.sun.net.ssl.internal.ssl.SSLEngineImpl.fatal(Unknown Source) at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source) at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source) at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(Unknown Source) at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(Unknown Source) at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Unknown Source) at com.sun.net.ssl.internal.ssl.Handshaker$1.run(Unknown Source) at java.security.AccessController.doPrivileged(Native Method) at com.sun.net.ssl.internal.ssl.Handshaker$DelegatedTask.run(Unknown Source) at org.jivesoftware.openfire.net.TLSStreamHandler.doTasks(TLSStreamHandler.java:31 4) at org.jivesoftware.openfire.net.TLSStreamHandler.doHandshake(TLSStreamHandler.jav a:224) … 10 more Caused by: java.security.cert.CertificateException: root certificate not trusted of http://gajim.org at org.jivesoftware.openfire.net.ServerTrustManager.checkServerTrusted(ServerTrust Manager.java:134) … 18 more 2008.04.09 18:28:10 LocalOutgoingServerSession: OS - Going to try connecting using server dialback with: gajim.org 2008.04.09 18:28:10 ServerDialback: OS - Trying to connect to gajim.org:5269(DNS lookup: panoramix.gajim.org:5269) 2008.04.09 18:28:11 ServerDialback: OS - Connection to gajim.org:5269 successful 2008.04.09 18:28:11 ServerDialback: OS - Sent dialback key to host: gajim.org id: 176430292 from domain: stevegibson.com 2008.04.09 18:28:11 Connect Socket[http://addr=/88.191.11.156,port=47970,localport=5269
http://addr=/88.191.11.156,port=47970,localport=5269] 2008.04.09 18:28:11 ServerDialback: RS - Received dialback key from host: gajim.org to: stevegibson.com 2008.04.09 18:28:11 ServerDialback: RS - Trying to connect to Authoritative Server: gajim.org:5269(DNS lookup: panoramix.gajim.org:5269) 2008.04.09 18:28:11 ServerDialback: RS - Connection to AS: gajim.org:5269 successful 2008.04.09 18:28:11 ServerDialback: RS - Asking AS to verify dialback key for id21fea2e0 2008.04.09 18:28:12 ServerDialback: RS - Key was VERIFIED by the Authoritative Server for: gajim.org 2008.04.09 18:28:12 ServerDialback: RS - Closing connection to Authoritative Server: gajim.org 2008.04.09 18:28:12 ServerDialback: RS - Sending key verification result to OS: gajim.org 2008.04.09 18:28:12 ServerDialback: AS - Verifying key for host: gajim.org id: 176430292 2008.04.09 18:28:12 ServerDialback: AS - Key was: VALID for host: gajim.org id: 176430292 2008.04.09 18:28:12 ServerDialback: OS - Validation GRANTED from: gajim.org id: 176430292 for domain: stevegibson.com 2008.04.09 18:28:12
ServerDialback: RS - Trying to connect to Authoritative Server:
conference.gajim.org:5269(DNS lookup: conference.gajim.org:5269) 2008.04.09 18:28:13 ServerDialback: RS - Connection to AS: conference.gajim.org:5269 successful 2008.04.09 18:28:13 ServerDialback: RS - Asking AS to verify dialback key for idd3beb0cd 2008.04.09 18:28:13 ServerDialback: RS - Key was VERIFIED by the Authoritative Server for: conference.gajim.org 2008.04.09 18:28:13 ServerDialback: RS - Closing connection to Authoritative Server: conference.gajim.org 2008.04.09 18:28:13 ServerDialback: RS - Sending key verification result to OS: conference.gajim.org 2008.04.09 18:28:13 ServerDialback: AS - Verifying key for host: conference.gajim.org id: 1281397133 2008.04.09 18:28:13 ServerDialback: AS - Key was: VALID for host: conference.gajim.org id: 1281397133 2008.04.09 18:28:23 ServerDialback: OS - Sent dialback key to host: conference.xmpplink.com id: c9a7a40 from domain: stevegibson.com 2008.04.09 18:28:23
000314 (01/03/00) - #2 registered a statement as closed which wasn’t
known to be open. This could happen if you close a statement twice. 2008.04.09 18:28:23 Connect Socket[http://addr=/24.227.169.93,port=54825,localport=5269
http://addr=/24.227.169.93,port=54825,localport=5269] 2008.04.09 18:28:23 ServerDialback: AS - Verifying key for host: conference.xmpplink.com id: c9a7a40 2008.04.09 18:28:23 ServerDialback: AS - Key was: VALID for host: conference.xmpplink.com id: c9a7a40 2008.04.09 18:28:23 ServerDialback: OS - Validation GRANTED from: conference.xmpplink.com id: c9a7a40 for domain: stevegibson.com 2008.04.09 18:28:23 ServerDialback: AS - Connection closed for host: conference.xmpplink.com id: c9a7a40 2008.04.09 18:28:23 Connection closed before session established Socket[http://addr=/24.227.169.93,port=54825,localport=5269
http://addr=/24.227.169.93,port=54825,localport=5269] 2008.04.09 18:29:48 ServerDialback: OS - Sent dialback key to host: xmpplink.com id: c9a7a40 from domain: conference.stevegibson.com 2008.04.09 18:29:48
ServerDialback: OS - Unexpected answer in validation from: xmpplink.com
id: c9a7a40 for domain: conference.stevegibson.com
answer:<stream:error
xmlns:stream="http://etherx.jabber.org/streams"><remote-connection-failed
xmlns=“urn:ietf:params:xml:ns:xmpp-streams”/></stream:error > 2008.04.09 18:29:48 ServerDialback: OS - Sent dialback key to host: xmpplink.com id: c9a7a40 from domain: conference.stevegibson.com 2008.04.09 18:30:06
Logging off conference.gajim.org on
org.jivesoftware.openfire.net.SocketConnection@1f568f socket:
Socket[http://addr=/88.191.11.156,port=45554,localport=5269
http://addr=/88.191.11.156,port=45554,localport=5269] session:
org.jivesoftware.openfire.session.LocalIncomingServerSession@7587 b2
status: -1 address: conference.gajim.org id: d3beb0cd 2008.04.09 18:30:06
Logging off gajim.org on
org.jivesoftware.openfire.net.SocketConnection@19f31de socket:
Socket[http://addr=/88.191.11.156,port=47970,localport=5269
http://addr=/88.191.11.156,port=47970,localport=5269] session:
org.jivesoftware.openfire.session.LocalIncomingServerSession@1205 042
status: -1 address: gajim.org id: 21fea2e0 2008.04.09 18:30:08
ServerDialback: OS - Time out waiting for answer in validation from:
xmpplink.com id: c9a7a40 for domain: conference.stevegibson.com 2008.04.09 18:38:12
OutgoingServerSocketReader: Finishing Outgoing Server Reader. Closing
session:
org.jivesoftware.openfire.session.LocalOutgoingServerSession@b924 2e
status: 1 address: gajim.org id: 176430292 java.io.EOFException:
no more data available - expected end tag </stream:stream> to
close start tag <stream:stream> from line 1, parser stopped on
END_TAG seen …2’><db:result from=‘gajim.org’
to=‘stevegibson.com’ type=‘valid’/>… @1:218 at org.xmlpull.mxp1.MXParser.fillBuf(MXParser.java:3035) at org.xmlpull.mxp1.MXParser.more(MXParser.java:3046) at org.jivesoftware.openfire.net.MXParser.nextImpl(MXParser.java:75) at org.xmlpull.mxp1.MXParser.nextToken(MXParser.java:1100) at org.dom4j.io.XMPPPacketReader.parseDocument(XMPPPacketReader.java:317) at org.jivesoftware.openfire.server.OutgoingServerSocketReader$1.run(OutgoingServe rSocketReader.java:92) 2008.04.09 18:38:24
OutgoingServerSocketReader: Finishing Outgoing Server Reader. Closing
session:
org.jivesoftware.openfire.session.LocalOutgoingServerSession@1616 dd6
status: 1 address: jabber.org id: 3071030879 java.io.EOFException:
no more data available - expected end tag </stream:stream> to
close start tag <stream:stream> from line 1, parser stopped on
END_TAG seen …’><db:result from=‘jabber.org’
to=‘stevegibson.com’ type=‘valid’/>… @1:220 at org.xmlpull.mxp1.MXParser.fillBuf(MXParser.java:3035) at org.xmlpull.mxp1.MXParser.more(MXParser.java:3046) at org.jivesoftware.openfire.net.MXParser.nextImpl(MXParser.java:75) at org.xmlpull.mxp1.MXParser.nextToken(MXParser.java:1100) at org.dom4j.io.XMPPPacketReader.parseDocument(XMPPPacketReader.java:317) at org.jivesoftware.openfire.server.OutgoingServerSocketReader$1.run(OutgoingServe rSocketReader.java:92)