powered by Jive Software

Openfire 3.4.2 has been released

We are pleased to announce the release of Openfire 3.4.2! This is a maintenance release that also includes nice improvements such as better certificate management and support for Entity Capabilities. Performance has been improved too therefore the Connection Manager module has been updated. A complete list of changes can be found here.

The SparkWeb client included in the Enterprise edition has been updated too. Lots of improvements has been made and it now has support for group chat. You can use the SparkWeb client from here.

Download Openfire from here.

Download Openfire Enterprise from here.

Download Connection Manager from here

Enjoy!

Openfire Team

MySQL driver downgraded?

As i will be absent at work for a long time i wonder is it worth to upgrade today. What exactly will MINA upgrade give?

I just installed Openfire 3.4.2 from scratch but found a problem which did not occur in 3.4.1. In the setup it asks for the admin-username and password. I enter admin@mydomain.de, but I can’t login when the setup is finished. I looked in the database and saw, that the wrong user with the wrong password was saved in the table jiveUser (both user and plainPassword were ‘admin’). I just changed both to the values I entered in the setup and I could login.

I just upgraded to 3.4.2 (mainly for the certificate management improvements) and discovered the following issue:

  1. I created two selfsigned certificates via the openfire webinterface

  2. I restarted openfire via the webinterface

  3. openfire asked me to enter some data in order to create a csr

  4. I entered the requested data

  5. I restarted openfire again

  6. Now i should be able to fetch the csr, but instead openfire ask me again to enter some data for the csr???

i checked /opt/openfire/resources/security

the files have been changed (timestamp), but obviously openfire isn’t recognizing it?!?

any idea on howto fix that and get a csr?

best,

Mark

What was the “some data” Openfire wanted you to enter? In my install the CSRs are immediately shown without any action on my part and the field where to enter data is the one where the response from the certification authority should get entered!

Openfire keeps telling me the following:

“The issuer information for the certificates should be updated before sending the Certificate Signing Request (CSR) to a Certificate Authority (CA). Click here to update the issuer information.”

When I click on “here”, openfire ask me to enter:

“Complete the following information of the certificate issuer. This information will be stored in the certificates pending to be sent to the Certificate Authority. The Certificate Authority will validate the information in order to sign the certificates.”

Name: xmpp.myserver.com

Organizational Unit: xmpp.myserver.com

Organization: xmpp.myserver.com

City: MyCity

State: MyState

Country Code: AU

Then I click on “Update information”

On the next page openfire tells me “the certificates have been changed - click here to restart”.

When I now restart openfire and come back to the certificate management it still tells me:

“The issuer information for the certificates should be updated before sending the Certificate Signing Request (CSR) to a Certificate Authority (CA). Click here to update the issuer information.”

Hey Mark,

Do you see any error in the log files? Does the user running the Openfire server have permission to modify the files located under resources\security? Could you execute ‘keytool -list -v -keystore keystore’ under resources\security and paste the results?

Thanks,

– Gato

Hi Gato,

thanks for stepping in.

According to the timestamp, the files get changed every time I update the Information which openfire requests me to enter.

Also openfire is currently running as root So it should have the rights to change the files

#keytool -list -v -keystore keystore
Enter keystore password:  *****************  WARNING WARNING WARNING  *****************
* The integrity of the information stored in your keystore  *
* has NOT been verified!  In order to verify its integrity, *
* you must provide your keystore password.                  *
*****************  WARNING WARNING WARNING  ***************** Keystore type: jks
Keystore provider: SUN Your keystore contains 2 entries Alias name: xmpp.mydomain.com_rsa
Creation date: Dec 7, 2007
Entry type: keyEntry
Certificate chain length: 1
Certificate[1]:
Owner: C=AT, ST=myState, L=myTown, O=xmpp.mydomain.com, OU=xmpp.mydomain.com, CN=xmpp.mydomain.com
Issuer: C=AT, ST=myState, L=myTown, O=xmpp.mydomain.com, OU=xmpp.mydomain.com, CN=xmpp.mydomain.com
Serial number: <bla>
Valid from: Fri Dec 07 17:58:29 CET 2007 until: Sat Nov 10 17:58:29 CET 2012
Certificate fingerprints:
      MD5:  <bla>
      SHA1: <bla> *******************************************
******************************************* Alias name: xmpp.mydomain.com_dsa
Creation date: Dec 7, 2007
Entry type: keyEntry
Certificate chain length: 1
Certificate[1]:
Owner: C=AT, ST=myState, L=myTown, O=xmpp.mydomain.com, OU=xmpp.mydomain.com, CN=xmpp.mydomain.com
Issuer: C=AT, ST=myState, L=myTown, O=xmpp.mydomain.com, OU=xmpp.mydomain.com, CN=xmpp.mydomain.com
Serial number: <bla>
Valid from: Fri Dec 07 17:58:35 CET 2007 until: Sat Nov 10 17:58:35 CET 2012
Certificate fingerprints:
      MD5:  <bla>
      SHA1: <bla> *******************************************
*******************************************

Hey Mark,

The certificates were updated with the issuer information but for some reason Openfire is failing to recognize that a CSR can be generated. I also noticed that you are getting a “WARNING WARNING WARNING” message that I never saw which suggests me that you are using another JVM provider (but not SUN’s one). Would you mind send me your keystore file so I can debug the problem here? You can generate new certs and send them to me so there is no security problem.

Thanks,

– Gato

Hi Gato,

the WARNING is always shown, when you dont enter the keystore password (no idea what the default password is

I am on Debian Etch.

should i append the keystore here?

best,

Mark

Hey Mark,

the WARNING is always shown, when you dont enter the keystore password (no idea what the default password is

I am on Debian Etch.

No idea that you could still see the list of certs even without a password. That is crazy. BTW, the default password is changeit.

should i append the keystore here?

You can send them to me by email (gaston at jivesoftware dot com).

Thanks,

– Gato

hrgz.

now THATS really strange.

I just updated the data again (entered some “bogus-data”)

myTown, myState, xmpp.mydomain.com etc.

and guess what… NOW openfire shows the csr and the form-boxes to enter the results signed by the ca.

very strange.

anyway i’ll send you the keystore files.

I think, i tracked the problem down.

When one of the fields:

Name, Organizational Unit, Organization

contain a value thats EQUAL to the servers domain-name > openfire always shows the “csr-data collection” dialog again

if all fields are NOT EQUAL to the servers domain-name > openfire shows the csr and allows the entry of the CA signed data

i’ll test further if its just one special field (name OR organizational unit OR organization) or if it applies to all fields.

okay. i tested all combinations now.

if($Name==$openfireDomainName) { echo "csr loop error"; } else { echo "everything works just fine"; }

For a couple rooms I’m not able to set permissions.

Room Administration:

User Permissions:

Exception:

java.lang.StringIndexOutOfBoundsException: String index out of range: -1

at java.lang.String.substring(Unknown Source)

at org.jivesoftware.openfire.admin.muc_002droom_002daffiliations_jsp._jspService(m uc_002droom_002daffiliations_jsp.java:323)

at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:97)

at javax.servlet.http.HttpServlet.service(HttpServlet.java:802)

at org.mortbay.jetty.servlet.ServletHolder.handle(ServletHolder.java:487)

at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.ja va:1093)

at com.opensymphony.module.sitemesh.filter.PageFilter.parsePage(PageFilter.java:11 8)

at com.opensymphony.module.sitemesh.filter.PageFilter.doFilter(PageFilter.java:52)

at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.ja va:1084)

at org.jivesoftware.util.LocaleFilter.doFilter(LocaleFilter.java:65)

at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.ja va:1084)

at org.jivesoftware.util.SetCharacterEncodingFilter.doFilter(SetCharacterEncodingF ilter.java:41)

at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.ja va:1084)

at org.jivesoftware.admin.PluginFilter.doFilter(PluginFilter.java:69)

at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.ja va:1084)

at org.jivesoftware.admin.AuthCheckFilter.doFilter(AuthCheckFilter.java:98)

at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.ja va:1084)

at org.mortbay.jetty.servlet.ServletHandler.handle(ServletHandler.java:360)

at org.mortbay.jetty.security.SecurityHandler.handle(SecurityHandler.java:216)

at org.mortbay.jetty.servlet.SessionHandler.handle(SessionHandler.java:181)

at org.mortbay.jetty.handler.ContextHandler.handle(ContextHandler.java:712)

at org.mortbay.jetty.webapp.WebAppContext.handle(WebAppContext.java:405)

at org.mortbay.jetty.handler.ContextHandlerCollection.handle(ContextHandlerCollect ion.java:211)

at org.mortbay.jetty.handler.HandlerCollection.handle(HandlerCollection.java:114)

at org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:139)

at org.mortbay.jetty.Server.handle(Server.java:313)

at org.mortbay.jetty.HttpConnection.handleRequest(HttpConnection.java:506)

at org.mortbay.jetty.HttpConnection$RequestHandler.headerComplete(HttpConnection.j ava:830)

at org.mortbay.jetty.HttpParser.parseNext(HttpParser.java:514)

at org.mortbay.jetty.HttpParser.parseAvailable(HttpParser.java:211)

at org.mortbay.jetty.HttpConnection.handle(HttpConnection.java:381)

at org.mortbay.io.nio.SelectChannelEndPoint.run(SelectChannelEndPoint.java:396)

at org.mortbay.thread.BoundedThreadPool$PoolThread.run(BoundedThreadPool.java:442)

Thanks for your time & Take Care!

2 things.

  1. The start script works great. In fact, it’s taking far less time for it to initialize now.

  2. THE RPM WORKED PERFECTLY!!!

I’ve been suffering through backing up configs and security stores before every upgrade for over a year now. I’d been begging and pleading for an RPM that would respect configs and security files and just plain install.

yum update openfire-3.4.2-1.i386.rpm

server:eGroupWare 100% |=========================| 951 B 00:00

livna 100% |=========================| 2.1 kB 00:00

fedora 100% |=========================| 2.1 kB 00:00

updates 100% |=========================| 2.3 kB 00:00

Setting up Update Process

Examining openfire-3.4.2-1.i386.rpm: openfire - 3.4.2-1.i386

Marking openfire-3.4.2-1.i386.rpm as an update to openfire - 3.4.0-1.i386

Resolving Dependencies

–> Running transaction check

—> Package openfire.i386 0:3.4.2-1 set to be updated

–> Finished Dependency Resolution

Dependencies Resolved

=============================================================================

Package Arch Version Repository Size

=============================================================================

Updating:

openfire i386 3.4.2-1 openfire-3.4.2-1.i386.rpm 108 M

Transaction Summary

=============================================================================

Install 0 Package(s)

Update 1 Package(s)

Remove 0 Package(s)

Total download size: 108 M

Is this ok : y

Downloading Packages:

Running rpm_check_debug

Running Transaction Test

Finished Transaction Test

Transaction Test Succeeded

Running Transaction

Updating : openfire #########################

Shutting down openfire:

Cleanup : openfire #########################

Updated: openfire.i386 0:3.4.2-1

Complete!

service openfire start

Starting openfire:

netstat -pan | grep 9091

tcp 0 0 :::9091 :::* LISTEN 9711/java

THANK YOU!!!

I have Windows server 2003 running Openfire 3.3.3 and even though I stop the service and quit. I still get an error saying that openfire is still running. I cannot get to the admin console but the spark client still connects. Am I missing a service or process?

After upgrading to 3.4.2 the webinterface doesn’t work.

First some information about a problem with the previous version which could be important: When I upgraded from 3.3.3 to 3.4.0 I also had a little problem with the webinterface; when trying to login using the secure(port: 9091) interface it wouldn’t login. But when using the unsecure interface(port: 9090) it did work. After being logged in, it was possible to change to the secure interface.

But back to the problem I have with this version. I upgraded to the new version (3.4.2) using the tarball. As I can see everything did work, but the webinterface doesn’t work. When I go the webinterface it changes url from index.jsp to login.jsp, but I don’t get any content on my screen. In the error.log file this message can be found:

2007.12.10 15:04:44 org.jivesoftware.util.log.util.CommonsLogFactory$1.fatal(CommonsLogFactory.java :99) Exception initializing page context

java.lang.NoClassDefFoundError: javax/servlet/jsp/el/ExpressionEvaluator

at java.lang.ClassLoader.defineClass1(Native Method)

at java.lang.ClassLoader.defineClass(Unknown Source)

at java.security.SecureClassLoader.defineClass(Unknown Source)

at java.net.URLClassLoader.defineClass(Unknown Source)

at java.net.URLClassLoader.access$100(Unknown Source)

at java.net.URLClassLoader$1.run(Unknown Source)

at java.security.AccessController.doPrivileged(Native Method)

at java.net.URLClassLoader.findClass(Unknown Source)

at java.lang.ClassLoader.loadClass(Unknown Source)

at sun.misc.Launcher$AppClassLoader.loadClass(Unknown Source)

at java.lang.ClassLoader.loadClass(Unknown Source)

at java.lang.ClassLoader.loadClass(Unknown Source)

at java.lang.ClassLoader.loadClassInternal(Unknown Source)

at org.apache.jasper.runtime.JspFactoryImpl.internalGetPageContext(JspFactoryImpl. java:99)

at org.apache.jasper.runtime.JspFactoryImpl.getPageContext(JspFactoryImpl.java:61)

at org.jivesoftware.openfire.admin.login_jsp._jspService(login_jsp.java:72)

at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:97)

at javax.servlet.http.HttpServlet.service(HttpServlet.java:802)

at org.mortbay.jetty.servlet.ServletHolder.handle(ServletHolder.java:487)

at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.ja va:1093)

at com.opensymphony.module.sitemesh.filter.PageFilter.doFilter(PageFilter.java:39)

at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.ja va:1084)

at org.jivesoftware.util.LocaleFilter.doFilter(LocaleFilter.java:65)

at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.ja va:1084)

at org.jivesoftware.util.SetCharacterEncodingFilter.doFilter(SetCharacterEncodingF ilter.java:41)

at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.ja va:1084)

at org.jivesoftware.admin.PluginFilter.doFilter(PluginFilter.java:69)

at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.ja va:1084)

at org.jivesoftware.admin.AuthCheckFilter.doFilter(AuthCheckFilter.java:98)

at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.ja va:1084)

at org.mortbay.jetty.servlet.ServletHandler.handle(ServletHandler.java:360)

at org.mortbay.jetty.security.SecurityHandler.handle(SecurityHandler.java:216)

at org.mortbay.jetty.servlet.SessionHandler.handle(SessionHandler.java:181)

at org.mortbay.jetty.handler.ContextHandler.handle(ContextHandler.java:712)

at org.mortbay.jetty.webapp.WebAppContext.handle(WebAppContext.java:405)

at org.mortbay.jetty.handler.ContextHandlerCollection.handle(ContextHandlerCollect ion.java:211)

at org.mortbay.jetty.handler.HandlerCollection.handle(HandlerCollection.java:114)

at org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:139)

at org.mortbay.jetty.Server.handle(Server.java:313)

at org.mortbay.jetty.HttpConnection.handleRequest(HttpConnection.java:506)

at org.mortbay.jetty.HttpConnection$RequestHandler.headerComplete(HttpConnection.j ava:830)

at org.mortbay.jetty.HttpParser.parseNext(HttpParser.java:514)

at org.mortbay.jetty.HttpParser.parseAvailable(HttpParser.java:211)

at org.mortbay.jetty.HttpConnection.handle(HttpConnection.java:381)

at org.mortbay.io.nio.SelectChannelEndPoint.run(SelectChannelEndPoint.java:396)

at org.mortbay.thread.BoundedThreadPool$PoolThread.run(BoundedThreadPool.java:442)

Some system information:

CPU: Intel Xeon 3.06GHz

OS: FreeBSD 6.1 with the latest version of diablo (JRE)

I am using MySQL as external database.

Openfire 3.4.1 server information:

Environment

Java Version:

1.5.0 Sun Microsystems Inc. – Java HotSpot™ Server VM

Appserver:

jetty-6.1.x

OS / Hardware:

FreeBSD / i386