powered by Jive Software

Problem making outbound S2S connection to jabber.org

I’m having trouble making an outgoing s2s connection to jabber.org from my server. Inbound connections seem to work okay

I’m seeing this in the log when I use the Server to Server Test tool from the openfire web console:

<iq type="get" id="276-53" from="morante.net" to="jabber.org"><ping xmlns="urn:xmpp:ping"/></iq>
<iq type="error" id="276-53" to="morante.net" from="jabber.org"><ping xmlns="urn:xmpp:ping"/><error code="404" type="cancel"><remote-server-not-found xmlns="urn:ietf:params:xml:ns:xmpp-stanzas"/></error></iq>
Thu Apr 30 05:47:25 EDT 2020: INFO: Sending server to server ping request to jabber.org
Thu Apr 30 05:47:25 EDT 2020: INFO: STARTTLS negotiation failed. Closing connection (without sending any data such as <failure/> or </stream>).
javax.net.ssl.SSLHandshakeException: General SSLEngine problem
	at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1521)
	at sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:528)
	at sun.security.ssl.SSLEngineImpl.writeAppRecord(SSLEngineImpl.java:1197)
	at sun.security.ssl.SSLEngineImpl.wrap(SSLEngineImpl.java:1165)
	at javax.net.ssl.SSLEngine.wrap(SSLEngine.java:469)
	at org.jivesoftware.openfire.net.TLSStreamHandler.doHandshake(TLSStreamHandler.java:289)
	at org.jivesoftware.openfire.net.TLSStreamHandler.start(TLSStreamHandler.java:174)
	at org.jivesoftware.openfire.net.SocketConnection.startTLS(SocketConnection.java:194)
	at org.jivesoftware.openfire.session.LocalOutgoingServerSession.secureAndAuthenticate(LocalOutgoingServerSession.java:407)
	at org.jivesoftware.openfire.session.LocalOutgoingServerSession.createOutgoingSession(LocalOutgoingServerSession.java:297)
	at org.jivesoftware.openfire.session.LocalOutgoingServerSession.authenticateDomain(LocalOutgoingServerSession.java:206)
	at org.jivesoftware.openfire.server.OutgoingSessionPromise$PacketsProcessor.sendPacket(OutgoingSessionPromise.java:260)
	at org.jivesoftware.openfire.server.OutgoingSessionPromise$PacketsProcessor.run(OutgoingSessionPromise.java:238)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
	at java.lang.Thread.run(Thread.java:748)
Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem
	at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
	at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1709)
	at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:318)
	at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:310)
	at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1639)
	at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:223)
	at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1037)
	at sun.security.ssl.Handshaker$1.run(Handshaker.java:970)
	at sun.security.ssl.Handshaker$1.run(Handshaker.java:967)
	at java.security.AccessController.doPrivileged(Native Method)
	at sun.security.ssl.Handshaker$DelegatedTask.run(Handshaker.java:1459)
	at org.jivesoftware.openfire.net.TLSStreamHandler.doTasks(TLSStreamHandler.java:340)
	at org.jivesoftware.openfire.net.TLSStreamHandler.doHandshake(TLSStreamHandler.java:250)
	... 10 more
Caused by: java.security.cert.CertificateException: java.security.cert.CertPathBuilderException: No issuer certificate for certificate in certification path found.
	at org.jivesoftware.openfire.keystore.OpenfireX509TrustManager.checkServerTrusted(OpenfireX509TrustManager.java:108)
	at sun.security.ssl.AbstractTrustManagerWrapper.checkServerTrusted(SSLContextImpl.java:1113)
	at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1626)
	... 18 more
Caused by: java.security.cert.CertPathBuilderException: No issuer certificate for certificate in certification path found.
	at org.bouncycastle.jce.provider.PKIXCertPathBuilderSpi.engineBuild(Unknown Source)
	at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)
	at org.jivesoftware.openfire.keystore.OpenfireX509TrustManager.checkChainTrusted(OpenfireX509TrustManager.java:261)
	at org.jivesoftware.openfire.keystore.OpenfireX509TrustManager.checkServerTrusted(OpenfireX509TrustManager.java:104)
	... 20 more
Thu Apr 30 05:47:25 EDT 2020: WARN: Unable to create a new outgoing session
Thu Apr 30 05:47:25 EDT 2020: WARN: Unable to create a new session: Dialback (as a fallback) failed.
Thu Apr 30 05:47:25 EDT 2020: WARN: Unable to authenticate: Fail to create new session.
Thu Apr 30 05:47:25 EDT 2020: INFO: Successful server to server response received.
Thu Apr 30 05:47:25 EDT 2020: ERROR: Primary packet routing failed
org.jivesoftware.openfire.PacketException: Cannot route packet of type IQ or Presence to bare JID: <iq type="error" id="276-53" to="morante.net" from="jabber.org"><ping xmlns="urn:xmpp:ping"/><error code="404" type="cancel"><remote-server-not-found xmlns="urn:ietf:params:xml:ns:xmpp-stanzas"/></error></iq>
	at org.jivesoftware.openfire.spi.RoutingTableImpl.routeToLocalDomain(RoutingTableImpl.java:309)
	at org.jivesoftware.openfire.spi.RoutingTableImpl.routePacket(RoutingTableImpl.java:242)
	at org.jivesoftware.openfire.server.OutgoingSessionPromise$PacketsProcessor.returnErrorToSender(OutgoingSessionPromise.java:342)
	at org.jivesoftware.openfire.server.OutgoingSessionPromise$PacketsProcessor.run(OutgoingSessionPromise.java:241)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
	at java.lang.Thread.run(Thread.java:748)
Thu Apr 30 05:47:25 EDT 2020: INFO: Failed to establish server to server session.