powered by Jive Software

Wildfire 3.1.1 SSLException certificate_unknown

customized Wildfire 3.1.1 on Debian (etch, 64 bit)

php based jabber bot using class_jabber ( http://code.blitzaffe.com/pages/phpclasses/files/jabber_client_52-11 )

The bot writes the online status of users into a firebird 2 table upon heartbeat (every second). This is for our online support through our website (JWChat). Customers get assinged a random number which is used as their jid (registering through our plugin).

The bot seemingly is disconnected and leaves memory at random times. Last time it was when a customer connected. Here is the error in Wildfires logs, I’'m hoping someone can help me decypher it:

2007.05.03 11:39:44 org.jivesoftware.wildfire.net.SocketReadingMode.negotiateTLS(SocketReadingMode.j ava:75) Error while negotiating TLS: org.jivesoftware.wildfire.net.SocketConnection@5256d175 socket: Socket[addr=/,port=57394,localport=5222] session: org.jivesoftware.wildfire.ClientSession@538ca6b2 status: 1 address: jabber.op3racional.eu/ec0026c6 id: ec0026c6 presence:

javax.net.ssl.SSLException: Received fatal alert: certificate_unknown

at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:166)

at com.sun.net.ssl.internal.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1356)

at com.sun.net.ssl.internal.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1324)

at com.sun.net.ssl.internal.ssl.SSLEngineImpl.recvAlert(SSLEngineImpl.java:1486)

at com.sun.net.ssl.internal.ssl.SSLEngineImpl.readRecord(SSLEngineImpl.java:961)

at com.sun.net.ssl.internal.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:787 )

at com.sun.net.ssl.internal.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:663)

at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:566)

at org.jivesoftware.wildfire.net.TLSStreamHandler.doHandshake(TLSStreamHandler.jav a:304)

at org.jivesoftware.wildfire.net.TLSStreamHandler.start(TLSStreamHandler.java:250)

at org.jivesoftware.wildfire.net.SocketConnection.startTLS(SocketConnection.java:1 73)

at org.jivesoftware.wildfire.net.SocketReadingMode.negotiateTLS(SocketReadingMode. java:72)

at org.jivesoftware.wildfire.net.BlockingReadingMode.readStream(BlockingReadingMod e.java:126)

at org.jivesoftware.wildfire.net.BlockingReadingMode.run(BlockingReadingMode.java: 62)

at org.jivesoftware.wildfire.net.SocketReader.run(SocketReader.java:123)

at java.lang.Thread.run(Thread.java:595)


The disconnect also happens at random times, not related to anyone logging on, but yesterday I deleted some of the temporary users, and the bot was disconnected.

I have since put a handler for unexpected disconnects, which writes to the log, but nothing shows up.

I would like to know about the exception above regardless, but any help is appreciated.

Hey Op3racional,

That error means that the client didn’'t trust the server certificate. In the client side you should find an error with the reason why the client failed to trust the server certificate. For instance, if the client is not using the correct truststore (i.e. list of trusted CA) then signed certs on the server will be ignored.


Thanks for clearing that up.

Hm, using JWChat and none of the clients should be trying TLS. I’'ll have to check that.

EDIT: Well, we don’'t use SSL on the JWChat webclient, JWChat and class_jabber by default use port 5222.

I have disabled TLS in the server, and left “old SSL” on. We’'ll have to see what happens.

EDIT 2: The ip address in the exception is the Wildfire servers. So either the bot or the HTTP binding servlet are doing this?

Message was edited by: Op3racional