powered by Jive Software

[bug] dialback broken in 3.7.0

After upgrading from 3.6.4 to 3.7.0, I’m unable to send messages to a remote system which was previously working (ee.washington.edu). The following is written to warn.log:

2011.03.04 15:00:37 Error trying to connect to remote server: washington.edu(DNS lookup: washington.edu:5269)

java.net.ConnectException: Connection refused

at java.net.PlainSocketImpl.socketConnect(Native Method)

at java.net.PlainSocketImpl.doConnect(PlainSocketImpl.java:333)

at java.net.PlainSocketImpl.connectToAddress(PlainSocketImpl.java:195)

at java.net.PlainSocketImpl.connect(PlainSocketImpl.java:182)

at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:366)

at java.net.Socket.connect(Socket.java:525)

at org.jivesoftware.openfire.session.LocalOutgoingServerSession.createOutgoingSess ion(LocalOutgoingServerSession.java:278)

at org.jivesoftware.openfire.session.LocalOutgoingServerSession.authenticateDomain (LocalOutgoingServerSession.java:208)

at org.jivesoftware.openfire.server.OutgoingSessionPromise$PacketsProcessor.sendPa cket(OutgoingSessionPromise.java:261)

at org.jivesoftware.openfire.server.OutgoingSessionPromise$PacketsProcessor.run(Ou tgoingSessionPromise.java:238)

at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java: 886)

at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)

at java.lang.Thread.run(Thread.java:619)

Using tcpdump, I see that my system establishes a connection to the correct system, and then closes the socket, establishes a second connection and closes that socket. The remote system then establishes a connection to my server, which my server then closes.

1 Like

Debug log:

2011.03.04 15:45:53 LocalOutgoingServerSession: OS - Trying to connect to ee.washington.edu:5269(DNS lookup: cerf.ee.washington.edu:5269)

2011.03.04 15:45:53 Exiting since queue is empty for /173.14.255.101:39155

2011.03.04 15:45:53 LocalOutgoingServerSession: OS - Plain connection to ee.washington.edu:5269 successful

2011.03.04 15:45:53 LocalOutgoingServerSession: OS - Indicating we want TLS to ee.washington.edu

2011.03.04 15:45:53 LocalOutgoingServerSession: OS - Negotiating TLS with ee.washington.edu

2011.03.04 15:45:53 LocalOutgoingServerSession: Handshake error while creating secured outgoing session to remote server: ee.washington.edu(DNS lookup: cer

f.ee.washington.edu:5269)

javax.net.ssl.SSLHandshakeException: General SSLEngine problem

2011.03.04 15:45:53 LocalOutgoingServerSession: OS - Going to try connecting using server dialback with: ee.washington.edu

2011.03.04 15:45:53 ServerDialback: OS - Trying to connect to ee.washington.edu:5269(DNS lookup: cerf.ee.washington.edu:5269)

2011.03.04 15:45:53 ServerDialback: OS - Connection to ee.washington.edu:5269 successful

2011.03.04 15:45:53 ServerDialback: OS - Sent dialback key to host: ee.washington.edu id: 5b589264 from domain: dragonsdawn.net

2011.03.04 15:45:53 ServerDialback: OS - Unexpected answer in validation from: ee.washington.edu id: 5b589264 for domain: dragonsdawn.net answer:<stream:features xmlns:stream=“http://etherx.jabber.org/streams”></stream:features>

So it looks like the destination domain has some sort of bad certificate, and dialback is no longer compatible between the two systems after I upgraded to 3.7.0.

Under Server -> Server Settings -> Security Settings -> Server Connection Security, I have enabled “Accept self-signed certificates…” This did not resolve the problem.

After further testing, I’ve found that 3.7.0 will no successfully negotiate dialback connections with other systems also running 3.7.0. These connections also log an error like:

2011.03.04 15:45:53 ServerDialback: OS - Unexpected answer in validation from: ee.washington.edu id: 5b589264 for domain: dragonsdawn.net answer:<stream:features xmlns:stream=“http://etherx.jabber.org/streams”></stream:features>

OF-443

If you back out revision 11784, the bug won’t be triggered. I think this needs a better long-term fix, but this’ll do for most users for now. Apply that change in reverse:

Index: trunk/src/java/org/jivesoftware/openfire/server/ServerDialback.java

===================================================================

diff -u -N -r11388 -r11784

— trunk/src/java/org/jivesoftware/openfire/server/ServerDialback.java (…/ServerDialback.java) (revision 11388)

+++ trunk/src/java/org/jivesoftware/openfire/server/ServerDialback.java (…/ServerDialback.java) (revision 11784)

@@ -194,35 +194,35 @@

  • Creates a new connection from the Originating Server to the Receiving Server for

  • authenticating the specified domain.

  • * @param domain domain of the Originating Server to authenticate with the Receiving Server.
    
  • * @param hostname IP address or hostname of the Receiving Server.
    
  • * @param localDomain domain of the Originating Server to authenticate with the Receiving Server.
    
  • * @param remoteDomain IP address or hostname of the Receiving Server.
    
  • @param port port of the Receiving Server.

  • @return an OutgoingServerSession if the domain was authenticated or null if none.

*/

  • public LocalOutgoingServerSession createOutgoingSession(String domain, String hostname, int port) {

  •    String realHostname = null;
    
  • public LocalOutgoingServerSession createOutgoingSession(String localDomain, String remoteDomain, int port) {

  •    String hostname = null;
    

int realPort = port;

try {

// Establish a TCP connection to the Receiving Server

Socket socket = new Socket();

// Get a list of real hostnames to connect to using DNS lookup of the specified hostname

  •        List<DNSUtil.HostAddress> hosts = DNSUtil.resolveXMPPDomain(hostname, port);
    
  •        List<DNSUtil.HostAddress> hosts = DNSUtil.resolveXMPPDomain(remoteDomain, port);
    

for (Iterator<DNSUtil.HostAddress> it = hosts.iterator(); it.hasNext():wink: {

try {

DNSUtil.HostAddress address = it.next();

  •                realHostname = address.getHost();
    
  •                hostname = address.getHost();
    

realPort = address.getPort();

  •                Log.debug("ServerDialback: OS - Trying to connect to " + hostname + ":" + port +
    
  •                        "(DNS lookup: " + realHostname + ":" + realPort + ")");
    
  •                Log.debug("ServerDialback: OS - Trying to connect to " + remoteDomain + ":" + port +
    
  •                        "(DNS lookup: " + hostname + ":" + realPort + ")");
    

// Establish a TCP connection to the Receiving Server

  •                socket.connect(new InetSocketAddress(realHostname, realPort),
    
  •                socket.connect(new InetSocketAddress(hostname, realPort),
    

RemoteServerManager.getSocketTimeout());

  •                Log.debug("ServerDialback: OS - Connection to " + hostname + ":" + port + " successful");
    
  •                Log.debug("ServerDialback: OS - Connection to " + remoteDomain + ":" + port + " successful");
    

break;

}

catch (Exception e) {

  •                Log.warn("Error trying to connect to remote server: " + hostname +
    
  •                        "(DNS lookup: " + realHostname + ":" + realPort + ")", e);
    
  •                Log.warn("Error trying to connect to remote server: " + remoteDomain +
    
  •                        "(DNS lookup: " + hostname + ":" + realPort + ")", e);
    

}

}

connection =

@@ -234,7 +234,10 @@

stream.append("<stream:stream");

         stream.append(" xmlns:stream=\"[http://etherx.jabber.org/streams](http://etherx.jabber.org/streams)\"");

stream.append(" xmlns=“jabber:server”");

  •        stream.append(" xmlns:db=\"jabber:server:dialback\">");
    
  •        stream.append(" to=\"").append(remoteDomain).append("\"");
    
  •        stream.append(" from=\"").append(localDomain).append("\"");
    
  •        stream.append(" xmlns:db=\"jabber:server:dialback\"");
    
  •        stream.append(" version=\"1.0\">");
    

connection.deliverRawText(stream.toString());

// Set a read timeout (of 5 seconds) so we don’t keep waiting forever

@@ -255,13 +258,13 @@

socket.setSoTimeout(soTimeout);

String id = xpp.getAttributeValue("", “id”);

OutgoingServerSocketReader socketReader = new OutgoingServerSocketReader(reader);

  •            if (authenticateDomain(socketReader, domain, hostname, id)) {
    
  •            if (authenticateDomain(socketReader, localDomain, remoteDomain, id)) {
    

// Domain was validated so create a new OutgoingServerSession

StreamID streamID = new BasicStreamIDFactory().createStreamID(id);

  •                LocalOutgoingServerSession session = new LocalOutgoingServerSession(domain, connection, socketReader, streamID);
    
  •                LocalOutgoingServerSession session = new LocalOutgoingServerSession(localDomain, connection, socketReader, streamID);
    

connection.init(session);

// Set the hostname as the address of the session

  •                session.setAddress(new JID(null, hostname, null));
    
  •                session.setAddress(new JID(null, remoteDomain, null));
    

return session;

}

else {

@@ -279,17 +282,17 @@

}

}

catch (IOException e) {

  •        Log.debug("ServerDialback: Error connecting to the remote server: " + hostname + "(DNS lookup: " +
    
  •                realHostname + ":" + realPort + ")", e);
    
  •        Log.debug("ServerDialback: Error connecting to the remote server: " + remoteDomain + "(DNS lookup: " +
    
  •                hostname + ":" + realPort + ")", e);
    

// Close the connection

if (connection != null) {

connection.close();

}

}

catch (Exception e) {

  •        Log.error("Error creating outgoing session to remote server: " + hostname +
    
  •        Log.error("Error creating outgoing session to remote server: " + remoteDomain +
    

"(DNS lookup: " +

  •                realHostname +
    
  •                hostname +
    

“)”,

e);

// Close the connection

Gordon, please attach it as a patch file (via advanced mode editor), as it is hard to copy a code from the forums page.

The patch can be found here:

http://fisheye.igniterealtime.org/rdiff/openfire/trunk/src/java/org/jivesoftware /openfire/server/ServerDialback.java?r1=11388&r2=11784&u&N

Apply in reverse.

… Though I’m mostly sure that only this section of the patch is causing the problem:
R11784.patch.zip (509 Bytes)

I’ve confirmed that removing " version=1.0" only (rather than backing out all of R11784) will fix this problem.
openfire-of443.patch.zip (472 Bytes)

1 Like

is possibile a new realese of openfire for resolve this problem?

i think

Anyy news ? Any plans for a patch release to fix this bug ?

don’t know if it helps at all…but I have both of our openfire servers communicating with each other through the kraken IM gateway…not as much functionality…but user to user seems to work fine as long as groups are setup properly

Is there a way to patch a windows install for this?

i cant beleive something like this would get broken in a new release…

Pardon my ignorance, but how does one go about applying this patch? I’m using Openfire 3.7.0 on Debian and to “upgrade”, we typically just download the .tar.gz file, extract it, copy over config and cert info, shut down current service, reassign the symbolic link, and restart the service. This is my first foray into administrating a Linux app so I have no clue how to apply this patch.

Any documentation or help would be greatly appreciated.

-dweez

This is not a patch for the installed program, but for the source code. So it has to be compiled. Maybe someone will attach the recompiled binary (openfire.jar) here. Then you will be able to replace this jar in your installation (/openfire/lib/)

That would be great if someone would do that.

/me gives puppy dog eyes as he requests it

-dweez

Here you go. But use it at your own riks, i didn’t test it, though it really just removes a line with 1.0 vesion declaration in ServerDialback.java. Hope that helps and that it only needs openfire.jar to replace.
openfire.jar (7195579 Bytes)

Meh, I tried it out and it didn’t work. I’ll probably eventually roll back to 3.6.4 and wait to see if 3.7.1 resolves it. Thanks wroot.

-dweez

Thanks wroot, I tried it as well and was not able to get it to work. I still have the same problem I had with 3.7.0, that is it the server can’t seem to handle outgoing connections with another server (running 3.7.0 or 3.7.1 as well). I tried connecting to a 3.6.4 and the server sessions showed both incoming and outgoing traffic, but nothing seemed to actually go out (or was not received by the client at the other end). I was hoping to only need to downgrade one server to 3.6.4, but it looks like I will need to do both on this version.

Thanks for building this though! I will probably keep trying to test some things in case I missed something.