S2s TLS problem

Florian1 · May 18, 2006, 9:51am

Hi all,

wildfire 2.6.2 with my own self-signed certs. Looks like s2s TLS doesnÂ´t work. Is this a problem of the remote server or of my wildfire server.

here are the logs:

warn:

2006.05.18 09:40:30 Error creating secured outgoing session to remote server: xxx(DNS lookup: xxx.se:5269)

org.xmlpull.v1.XmlPullParserException: could not determine namespace bound to element prefix stream (position: START_DOCUMENT seen stream:error… @1:14)

at org.xmlpull.mxp1.MXParser.parseStartTag(MXParser.java:1816)

at org.xmlpull.mxp1.MXParser.parseProlog(MXParser.java:1479)

at org.jivesoftware.wildfire.net.MXParser.nextImpl(MXParser.java:331)

at org.xmlpull.mxp1.MXParser.next(MXParser.java:1093)

at org.jivesoftware.wildfire.server.OutgoingServerSession.createOutgoingSession(Ou tgoingServerSession.java:288)

at org.jivesoftware.wildfire.server.OutgoingServerSession.authenticateDomain(Outgo ingServerSession.java:140)

at org.jivesoftware.wildfire.server.OutgoingSessionPromise.createSessionAndSendPac ket(OutgoingSessionPromise.java:126)

at org.jivesoftware.wildfire.server.OutgoingSessionPromise.access$300(OutgoingSess ionPromise.java:37)

at org.jivesoftware.wildfire.server.OutgoingSessionPromise$1$1.run(OutgoingSession Promise.java:91)

at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(Unknown Source)

at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)

at java.lang.Thread.run(Unknown Source)

debug:

2006.05.18 09:40:30 OS - Trying to connect to xxx.se:5269

2006.05.18 09:40:30 OS - Plain connection to xxx:5269 successful

2006.05.18 09:40:30 OS - Going to try connecting using server dialback

2006.05.18 09:40:30 OS - Trying to connect to xx.se:5269

2006.05.18 09:40:30 OS - Connection to xxx:5269 successful

2006.05.18 09:40:31 OS - Sent dialback key to host: xxx id: 1777994704 from domain: yyy.de

2006.05.18 09:40:31 Connect Socket[addr=/129.16.79.38,port=63243,localport=5269]

2006.05.18 09:40:31 RS - Received dialback key from host: xxx to: yyy.de

2006.05.18 09:40:31 RS - Trying to connect to Authoritative Server: xxx:5269

2006.05.18 09:40:31 RS - Connection to AS: xxx:5269 successful

2006.05.18 09:40:31 RS - Asking AS to verify dialback key for id70eda76c

2006.05.18 09:40:31 RS - Key was VERIFIED by the Authoritative Server for: xxx

2006.05.18 09:40:31 RS - Closing connection to Authoritative Server: xxx

2006.05.18 09:40:31 RS - Sending key verification result to OS: xxx

2006.05.18 09:40:31 AS - Verifying key for host: xxx id: 1777994704

2006.05.18 09:40:31 AS - Key was: VALID for host: xxx id: 1777994704

2006.05.18 09:40:31 OS - Validation GRANTED from: xxx id: 1777994704 for domain: yyy.de

is threre a way 2 see if the s2s connection is TLS secured (via webinterface)?

Users also reporting that Client TLS (miranda) doesnÂ´t work.

maybe i installed the certs via the keytool wrong or something…

sc

Gaston_Dombiak · May 18, 2006, 1:26pm

Hey scata,

Is the remote server you are trying to connect running ejabberd? The error you are reporting is the one we received when trying to establish a secured connection with jabber.org. Ejabberd developers where notified of this issue that may be fixed in the 1.1.1 version.

Regards,

– Gato

Florian1 · May 18, 2006, 3:10pm

bingo, ejabberd thats right. thanks

is there a way to see if a s2s connection is SSL/TLS secured in the web interface?

regards

sc

Gaston_Dombiak · May 18, 2006, 5:44pm

Hey sc,

The admin console indicates that a connection (either client or server) is secured by showing a lock next to the connection in the sessions summary page.

BTW, remember to mark the question as closed when it has been answered.

Thanks,

– Gato