After some more discussions, I’ve set up a test server locally (with a new, fresh install of Openfire) and initiated a s2s connection by sending a message from the test server (jabtest) to an account on my production server (jabber.wolfbeast.com).
The debug logs are included here.
Test setup:
jabber.wolfbeast.com:
jabtest:
jabber.wolfbeast.com debug log:
— Marker inserted by admin at Jun 8, 2008 8:37:52 AM —
2008.06.08 08:39:13 Connect Socket addr=/192.168.73.88,port=1190,localport=5269
2008.06.08 08:39:13 Connect Socket addr=/192.168.73.88,port=1191,localport=5269
2008.06.08 08:39:13 ServerDialback: RS - Received dialback key from host: jabtest to: jabber.wolfbeast.com
2008.06.08 08:39:13 ServerDialback: RS - Trying to connect to Authoritative Server: jabtest:5269(DNS lookup: jabtest:5269)
2008.06.08 08:39:13 ServerDialback: RS - Connection to AS: jabtest:5269 successful
2008.06.08 08:39:13 ServerDialback: RS - Asking AS to verify dialback key for id3272d1e5
2008.06.08 08:39:13 ServerDialback: RS - Key was VERIFIED by the Authoritative Server for: jabtest
2008.06.08 08:39:13 ServerDialback: RS - Closing connection to Authoritative Server: jabtest
2008.06.08 08:39:13 ServerDialback: RS - Sending key verification result to OS: jabtest
2008.06.08 08:39:13 Connection closed before session established
Socket addr=/192.168.73.88,port=1190,localport=5269
2008.06.08 08:39:22 LocalOutgoingServerSession: OS - Trying to connect to jabtest:5269(DNS lookup: jabtest:5269)
2008.06.08 08:39:22 LocalOutgoingServerSession: OS - Plain connection to jabtest:5269 successful
2008.06.08 08:39:23 LocalOutgoingServerSession: OS - Indicating we want TLS to jabtest
2008.06.08 08:39:23 LocalOutgoingServerSession: OS - Negotiating TLS with jabtest
2008.06.08 08:39:24 LocalOutgoingServerSession: OS - TLS negotiation with jabtest was successful
2008.06.08 08:39:24 LocalOutgoingServerSession: OS - Stream compression not supoprted by jabtest
2008.06.08 08:39:24 LocalOutgoingServerSession: OS - Starting EXTERNAL SASL with jabtest
2008.06.08 08:39:24 LocalOutgoingServerSession: OS - Error, EXTERNAL SASL authentication with jabtest failed
2008.06.08 08:39:24 LocalOutgoingServerSession: OS - Going to try connecting using server dialback with: jabtest
2008.06.08 08:39:24 ServerDialback: OS - Trying to connect to jabtest:5269(DNS lookup: jabtest:5269)
2008.06.08 08:39:24 ServerDialback: OS - Connection to jabtest:5269 successful
2008.06.08 08:39:24 ServerDialback: OS - Sent dialback key to host: jabtest id: 660fbefa from domain: jabber.wolfbeast.com
2008.06.08 08:39:24 Connect Socket addr=/192.168.73.88,port=1192,localport=5269
2008.06.08 08:39:24 ServerDialback: AS - Verifying key for host: jabtest id: 660fbefa
2008.06.08 08:39:24 ServerDialback: AS - Key was: VALID for host: jabtest id: 660fbefa
2008.06.08 08:39:24 ServerDialback: AS - Connection closed for host: jabtest id: 660fbefa
2008.06.08 08:39:24 Connection closed before session established
Socket addr=/192.168.73.88,port=1192,localport=5269
2008.06.08 08:39:24 ServerDialback: OS - Validation GRANTED from: jabtest id: 660fbefa for domain: jabber.wolfbeast.com
— Marker inserted by admin at Jun 8, 2008 8:39:50 AM —
jabtest debug log:
2008.06.08 10:39:13 LocalOutgoingServerSession: OS - Trying to connect to jabber.wolfbeast.com:5269(DNS lookup: jabber.wolfbeast.com:5269)
2008.06.08 10:39:13 LocalOutgoingServerSession: OS - Plain connection to jabber.wolfbeast.com:5269 successful
2008.06.08 10:39:13 LocalOutgoingServerSession: OS - Indicating we want TLS to jabber.wolfbeast.com
2008.06.08 10:39:13 LocalOutgoingServerSession: OS - Negotiating TLS with jabber.wolfbeast.com
2008.06.08 10:39:13 CertificateManager: SubjectAltName of invalid type found: EMAILADDRESS=xxxxxx@wolfbeast.com, CN=wolfbeast.com, CN=jabber.wolfbeast.com, OU=Domain validated only, O=Mark Straver, L=SkxC3xB6vde, C=SE
2008.06.08 10:39:13 CertificateManager: SubjectAltName of invalid type found: EMAILADDRESS=xxxxxx@wolfbeast.com, CN=wolfbeast.com, CN=jabber.wolfbeast.com, OU=Domain validated only, O=Mark Straver, L=SkxC3xB6vde, C=SE
2008.06.08 10:39:13 LocalOutgoingServerSession: Handshake error while creating secured outgoing session to remote server: jabber.wolfbeast.com(DNS lookup: jabber.wolfbeast.com:5269)
javax.net.ssl.SSLHandshakeException: General SSLEngine problem
at com.sun.net.ssl.internal.ssl.Handshaker.checkThrown(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLEngineImpl.checkTaskThrown(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLEngineImpl.writeAppRecord(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLEngineImpl.wrap(Unknown Source)
at javax.net.ssl.SSLEngine.wrap(Unknown Source)
at org.jivesoftware.openfire.net.TLSStreamHandler.doHandshake(TLSStreamHandler.jav a:264)
at org.jivesoftware.openfire.net.TLSStreamHandler.start(TLSStreamHandler.java:158)
at org.jivesoftware.openfire.net.SocketConnection.startTLS(SocketConnection.java:1 66)
at org.jivesoftware.openfire.session.LocalOutgoingServerSession.secureAndAuthentic ate(LocalOutgoingServerSession.java:370)
at org.jivesoftware.openfire.session.LocalOutgoingServerSession.createOutgoingSess ion(LocalOutgoingServerSession.java:303)
at org.jivesoftware.openfire.session.LocalOutgoingServerSession.authenticateDomain (LocalOutgoingServerSession.java:144)
at org.jivesoftware.openfire.server.OutgoingSessionPromise$PacketsProcessor.sendPa cket(OutgoingSessionPromise.java:215)
at org.jivesoftware.openfire.server.OutgoingSessionPromise$PacketsProcessor.run(Ou tgoingSessionPromise.java:194)
at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLEngineImpl.fatal(Unknown Source)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(Unknown Source)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(Unknown Source)
at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Unknown Source)
at com.sun.net.ssl.internal.ssl.Handshaker$1.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at com.sun.net.ssl.internal.ssl.Handshaker$DelegatedTask.run(Unknown Source)
at org.jivesoftware.openfire.net.TLSStreamHandler.doTasks(TLSStreamHandler.java:31 5)
at org.jivesoftware.openfire.net.TLSStreamHandler.doHandshake(TLSStreamHandler.jav a:225)
… 10 more
Caused by: java.security.cert.CertificateException: target verification failed of wolfbeast.com
at org.jivesoftware.openfire.net.ServerTrustManager.checkServerTrusted(ServerTrust Manager.java:151)
… 18 more
2008.06.08 10:39:13 LocalOutgoingServerSession: OS - Going to try connecting using server dialback with: jabber.wolfbeast.com
2008.06.08 10:39:13 ServerDialback: OS - Trying to connect to jabber.wolfbeast.com:5269(DNS lookup: jabber.wolfbeast.com:5269)
2008.06.08 10:39:13 ServerDialback: OS - Connection to jabber.wolfbeast.com:5269 successful
2008.06.08 10:39:13 ServerDialback: OS - Sent dialback key to host: jabber.wolfbeast.com id: 3272d1e5 from domain: jabtest
2008.06.08 10:39:13 Connect Socket addr=/192.168.73.254,port=4091,localport=5269
2008.06.08 10:39:13 ServerDialback: AS - Verifying key for host: jabber.wolfbeast.com id: 3272d1e5
2008.06.08 10:39:13 ServerDialback: AS - Key was: VALID for host: jabber.wolfbeast.com id: 3272d1e5
2008.06.08 10:39:13 ServerDialback: AS - Connection closed for host: jabber.wolfbeast.com id: 3272d1e5
2008.06.08 10:39:13 Connection closed before session established
Socket addr=/192.168.73.254,port=4091,localport=5269
2008.06.08 10:39:13 ServerDialback: OS - Validation GRANTED from: jabber.wolfbeast.com id: 3272d1e5 for domain: jabtest
2008.06.08 10:39:23 Connect Socket addr=/192.168.73.254,port=4092,localport=5269
2008.06.08 10:39:24 CertificateManager: SubjectAltName of invalid type found: EMAILADDRESS=xxxxxx@wolfbeast.com, CN=wolfbeast.com, CN=jabber.wolfbeast.com, OU=Domain validated only, O=Mark Straver, L=SkxC3xB6vde, C=SE
2008.06.08 10:39:24 CertificateManager: SubjectAltName of invalid type found: EMAILADDRESS=xxxxxx@wolfbeast.com, CN=wolfbeast.com, CN=jabber.wolfbeast.com, OU=Domain validated only, O=Mark Straver, L=SkxC3xB6vde, C=SE
2008.06.08 10:39:24 CertificateManager: SubjectAltName of invalid type found: EMAILADDRESS=certmaster@jabber.org, CN=StartCom Class 1 Intermediate CA - Jabber Software Foundation, OU=Secure Certificate Signing, O=Jabber Software Foundation, ST=Colorado, C=US
2008.06.08 10:39:24 CertificateManager: SubjectAltName of invalid type found: EMAILADDRESS=admin@startcom.org, CN=Free SSL Certification Authority, OU=CA Authority Dep., O=StartCom Ltd., L=Eilat, ST=Israel, C=IL
2008.06.08 10:39:24 Logging off jabtest/6acdb535 on org.jivesoftware.openfire.net.SocketConnection@2fe032 socket: Socket addr=/192.168.73.254,port=4092,localport=5269 session: org.jivesoftware.openfire.session.LocalIncomingServerSession@8d539f status: 1 address: jabtest/6acdb535 id: 6acdb535
2008.06.08 10:39:24 Connect Socket addr=/192.168.73.254,port=4093,localport=5269
2008.06.08 10:39:24 ServerDialback: RS - Received dialback key from host: jabber.wolfbeast.com to: jabtest
2008.06.08 10:39:24 ServerDialback: RS - Trying to connect to Authoritative Server: jabber.wolfbeast.com:5269(DNS lookup: jabber.wolfbeast.com:5269)
2008.06.08 10:39:24 ServerDialback: RS - Connection to AS: jabber.wolfbeast.com:5269 successful
2008.06.08 10:39:24 ServerDialback: RS - Asking AS to verify dialback key for id660fbefa
2008.06.08 10:39:24 ServerDialback: RS - Key was VERIFIED by the Authoritative Server for: jabber.wolfbeast.com
2008.06.08 10:39:24 ServerDialback: RS - Closing connection to Authoritative Server: jabber.wolfbeast.com
2008.06.08 10:39:24 ServerDialback: RS - Sending key verification result to OS: jabber.wolfbeast.com
— Marker inserted by admin at Jun 8, 2008 10:39:43 AM —
Message was edited by: wolfbeest - killed autoformatting of logs by clearspace 