External Authentication - SQL/SSL Error

ubentobox · May 22, 2014, 1:29am

Hi there,

I have a few errors I am getting but I am unsure as to why. I am integrating with Temar’s EVE API Package for SMF forums with Openfire. Everything works but Openfire is throwing some exceptions that make me think I missed something with the configuration. Please see the information below, if I forgot anything please let me know, I am green to Openfire.

The Server Settings on Openfire Admin Console are set to Enable External Components and share the Secret Key here and on the Jabber settings page in Temars. The certs are set as self signed that do not expire for 5 years, and clients are required SSL with self signed allowed.

Is there anything else I can provide other than the information below?

Also the Openfire Console - Database Properties has seemingly properly populated from the openfire.conf file, however I also get this error:

Server: Ubuntu 14.04

Openfire: 3.9.3

Install Method on First Attempt: https://www.digitalocean.com/community/articles/how-to-install-openfire-xmpp-ser ver-on-a-debian-or-ubuntu-vps

https://www.digitalocean.com/community/articles/how-to-install-openfire-xmpp-ser ver-on-a-debian-or-ubuntu-vpsInstall Method on Second Attempt: http://ubuntu-for-humans.blogspot.com/2009/11/install-openfire-on-ubuntu.html

When I installed the first time, the server seemed to work but then it failed hard. Inexplicable but sorry I am green with this.

The second time I had to install with a different method because the /etc/init.d/openfire directory would not create during the dpkg --install method, so I have to look for an alternative. The 2009 tutorial actually got me to get it running. It seemed to run for 20 minutes before disconnecting me and belching all the errors you see below.

Any help would be much appreciated.

http://pastebin.com/M8Bu4AT5 - SQL/SSL Errors in info.log

http://pastebin.com/sz3HjZbp - openfire.conf

https://drive.google.com/file/d/0ByTocddqS5qJMFZpQXFTX011NUU/edit - Openfire server security settings

Caused by: java.sql.SQLException: ConnectionManager.getConnection() failed to obtain a connection after 11 retries. The exception from the last attempt is as follows: java.sql.SQLException: Access denied for user ‘’@‘localhost’ (using password: NO)

Warning.log:

2014.05.20 02:09:58 org.jivesoftware.database.DbConnectionManager - Failed to create the connection provider specified by connectionProvider.className. Using the default pool.

Info.log:

2014.05.20 23:01:26 org.jivesoftware.openfire.nio.ConnectionHandler - ConnectionHandler reports IOException for session: (SOCKET, R: /98.110.196.10:1024, L: /192.168.1.50:5223, S: 0.0.0.0/0.0.0.0:5223)

javax.net.ssl.SSLHandshakeException: SSL handshake failed.

at org.apache.mina.filter.SSLFilter.messageReceived(SSLFilter.java:416)

at org.apache.mina.common.support.AbstractIoFilterChain.callNextMessageReceived(Ab stractIoFilterChain.java:299)

at org.apache.mina.common.support.AbstractIoFilterChain.access$1100(AbstractIoFilt erChain.java:53)

at org.apache.mina.common.support.AbstractIoFilterChain$EntryImpl$1.messageReceive d(AbstractIoFilterChain.java:648)

at org.apache.mina.common.support.AbstractIoFilterChain$HeadFilter.messageReceived (AbstractIoFilterChain.java:499)

at org.apache.mina.common.support.AbstractIoFilterChain.callNextMessageReceived(Ab stractIoFilterChain.java:299)

at org.apache.mina.common.support.AbstractIoFilterChain.fireMessageReceived(Abstra ctIoFilterChain.java:293)

at org.apache.mina.transport.socket.nio.SocketIoProcessor.read(SocketIoProcessor.j ava:228)

at org.apache.mina.transport.socket.nio.SocketIoProcessor.process(SocketIoProcesso r.java:198)

at org.apache.mina.transport.socket.nio.SocketIoProcessor.access$400(SocketIoProce ssor.java:45)

at org.apache.mina.transport.socket.nio.SocketIoProcessor$Worker.run(SocketIoProce ssor.java:485)

at org.apache.mina.util.NamePreservingRunnable.run(NamePreservingRunnable.java:51)

at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)

at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)

at java.lang.Thread.run(Thread.java:744)

Caused by: javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?

at sun.security.ssl.EngineInputRecord.bytesInCompletePacket(EngineInputRecord.java :171)

at sun.security.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:848)

at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:761)

at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:624)

at org.apache.mina.filter.support.SSLHandler.unwrap0(SSLHandler.java:668)

at org.apache.mina.filter.support.SSLHandler.unwrapHandshake(SSLHandler.java:624)

at org.apache.mina.filter.support.SSLHandler.handshake(SSLHandler.java:503)

at org.apache.mina.filter.support.SSLHandler.messageReceived(SSLHandler.java:306)

at org.apache.mina.filter.SSLFilter.messageReceived(SSLFilter.java:392)

… 14 more

Debug:

bytesConsumed = 0 bytesProduced = 0

2014.05.20 23:08:44 org.apache.mina.filter.executor.ExecutorFilter - Launching thread for /98.110.196.10:1024

2014.05.20 23:08:44 org.apache.mina.filter.executor.ExecutorFilter - Exiting since queue is empty for /98.110.196.10:1024

2014.05.20 23:08:44 org.jivesoftware.openfire.nio.ClientConnectionHandler - [/98.110.196.10:1024] Data Read: org.apache.mina.filter.support.SSLHandler@653bb2c2 (HeapBuffer[pos=0 lim=22 cap=1024: 3C 3F 78 6D 6C 20 76 65 72 73 69 6F 6E 3D 27 31 2E 30 27 20 3F 3E])

2014.05.20 23:08:44 org.jivesoftware.openfire.nio.ClientConnectionHandler - [/98.110.196.10:1024] doHandshake()

2014.05.20 23:08:44 org.jivesoftware.openfire.nio.ClientConnectionHandler - [/98.110.196.10:1024] handshakeStatus=NEED_UNWRAP

2014.05.20 23:08:44 org.jivesoftware.openfire.nio.ClientConnectionHandler - [/98.110.196.10:1024] unwrapHandshake()

2014.05.20 23:08:44 org.jivesoftware.openfire.nio.ClientConnectionHandler - [/98.110.196.10:1024] inNetBuffer: java.nio.DirectByteBuffer[pos=0 lim=22 cap=16921]

2014.05.20 23:08:44 org.jivesoftware.openfire.nio.ClientConnectionHandler - [/98.110.196.10:1024] appBuffer: java.nio.DirectByteBuffer[pos=0 lim=33842 cap=33842]

2014.05.20 23:08:44 org.apache.mina.filter.executor.ExecutorFilter - Launching thread for /98.110.196.10:1024

2014.05.20 23:08:44 org.apache.mina.filter.executor.ExecutorFilter - Exiting since queue is empty for /98.110.196.10:1024

2014.05.20 23:08:44 org.jivesoftware.openfire.nio.ClientConnectionHandler - [/98.110.196.10:1024] Data Read: org.apache.mina.filter.support.SSLHandler@653bb2c2 (HeapBuffer[pos=0 lim=117 cap=1024: 3C 73 74 72 65 61 6D 3A 73 74 72 65 61 6D 20 74 6F 3D 27 63 6C 30 6E 65 62 61 79 2E 63 6F 6D 27 20 78 6D 6C 6E 73 3D 27 6A 61 62 62 65 72 3A 63 6C 69 65 6E 74 27 20 78 6D 6C 6E 73 3A 73 74 72 65 61 6D 3D 27 68 74 74 70 3A 2F 2F 65 74 68 65 72 78 2E 6A 61 62 62 65 72 2E 6F 72 67 2F 73 74 72 65 61 6D 73 27 20 76 65 72 73 69 6F 6E 3D 27 31 2E 30 27 3E])

2014.05.20 23:08:44 org.jivesoftware.openfire.nio.ClientConnectionHandler - [/98.110.196.10:1024] expanded inNetBuffer:java.nio.DirectByteBuffer[pos=0 lim=17155 cap=17155]

2014.05.20 23:08:44 org.jivesoftware.openfire.nio.ClientConnectionHandler - [/98.110.196.10:1024] expanded appBuffer:java.nio.DirectByteBuffer[pos=0 lim=34310 cap=34310]

2014.05.20 23:08:44 org.jivesoftware.openfire.nio.ClientConnectionHandler - [/98.110.196.10:1024] doHandshake()

2014.05.20 23:08:44 org.jivesoftware.openfire.nio.ClientConnectionHandler - [/98.110.196.10:1024] handshakeStatus=NEED_UNWRAP

2014.05.20 23:08:44 org.jivesoftware.openfire.nio.ClientConnectionHandler - [/98.110.196.10:1024] unwrapHandshake()

2014.05.20 23:08:44 org.jivesoftware.openfire.nio.ClientConnectionHandler - [/98.110.196.10:1024] inNetBuffer: java.nio.DirectByteBuffer[pos=0 lim=117 cap=17155]

2014.05.20 23:08:44 org.jivesoftware.openfire.nio.ClientConnectionHandler - [/98.110.196.10:1024] appBuffer: java.nio.DirectByteBuffer[pos=0 lim=34310 cap=34310]

2014.05.20 23:08:44 org.jivesoftware.openfire.nio.ClientConnectionHandler - [/98.110.196.10:1024] Unwrap res:Status = CLOSED HandshakeStatus = NEED_WRAP

bytesConsumed = 0 bytesProduced = 0

2014.05.20 23:08:44 org.jivesoftware.openfire.nio.ClientConnectionHandler - [/98.110.196.10:1024] write outNetBuffer: java.nio.DirectByteBuffer[pos=0 lim=7 cap=16921]

2014.05.20 23:08:44 org.jivesoftware.openfire.nio.ClientConnectionHandler - [/98.110.196.10:1024] session write: HeapBuffer[pos=0 lim=7 cap=7: 15 03 01 00 02 02 50]

2014.05.20 23:08:44 org.jivesoftware.openfire.nio.ClientConnectionHandler - [/98.110.196.10:1024] Unexpected exception from SSLEngine.closeInbound().

javax.net.ssl.SSLException: Inbound closed before receiving peer’s close_notify: possible truncation attack?

at sun.security.ssl.Alerts.getSSLException(Alerts.java:208)

at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1630)

at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1598)

at sun.security.ssl.SSLEngineImpl.closeInbound(SSLEngineImpl.java:1528)

at org.apache.mina.filter.support.SSLHandler.destroy(SSLHandler.java:167)

at org.apache.mina.filter.SSLFilter.initiateClosure(SSLFilter.java:559)

at org.apache.mina.filter.SSLFilter.messageReceived(SSLFilter.java:406)