SleekXMPP icon indicating copy to clipboard operation
SleekXMPP copied to clipboard
verified publisher icon fritzy

Cannot use sleekxmpp with latest ejabberd

Open fjouatte opened this issue 8 years ago • 9 comments

Hello,

If it's not a real issue, please just close this ticket :)

Since ejabberd latest release, we cannot use sleekxmpp (tested 1.1.10 and 1.3.2) anymore.

INFO Connecting to room 'xxx' on server 'xxx' INFO Negotiating TLS INFO Using SSL version: TLS 1.0 ERROR CERT: Invalid certificate trust chain. ERROR Error reading from XML stream.

fjouatte avatar Apr 04 '17 09:04 fjouatte

You need to change to the correct cert.

Otherwise for workaround, you can ignore the certificate error as following.

At this is __init__ function

# Discard SSL Error
self.add_event_handler("ssl_invalid_cert", self.discard)

And create this function

def discard(self, event):
    return

aminyuddin avatar Apr 05 '17 04:04 aminyuddin

Hello, @mohdaminyuddin thank you for answering me but the certificate is correct and i'm not looking for a workaround which consists in bypassing certificate validation.

For information, the certificate i'm using is self signed. It worked for a long time but the latest ejabberd release breaks it.

fjouatte avatar Apr 06 '17 13:04 fjouatte

Hi @fjouatte . Unfortunately a self-signed cert in not a valid cert by definition, the fact it worked before was a work-around itself of sorts. Now-a-days there are free certs you can get (lets encrypt) so there is less need for such work-arounds (or you can set up you own CA, though that is a lot more complicated.)

ghost avatar Apr 06 '17 17:04 ghost

You can generate your own root certificate, use that to generate your ejabberd certificate. Ensure the common name is correct as your XMPP domain.

Then, define the ca cert as following :

xmpp.ca_certs = "path/to/ca/cert"

lxnx0 avatar Apr 07 '17 11:04 lxnx0

@fjouatte To the best of my understanding your issue is caused by the fact that ejabberd might require TLSv1.1+. See https://github.com/fritzy/SleekXMPP/issues/452#issuecomment-312509055 for a workaround. The error message here seems to be missleading (thank you openssl)!

apollo13 avatar Jul 02 '17 18:07 apollo13

I found this issue because I had the same problem with ejabberd. Setting xmpp.ssl_version = ssl.PROTOCOL_SSLv23 fixed it for me. Thank you.

shred avatar Jan 05 '18 20:01 shred

yes, temporarily I have managed to avoid this error with below code: import ssl xmpp.ssl_version = ssl.PROTOCOL_SSLv23

RameshJangama avatar Jan 06 '18 15:01 RameshJangama

It works with TLS 1.2 without problem now?

Neustradamus avatar Nov 30 '18 02:11 Neustradamus

@fjouatte @mohdaminyuddin @hlwsmith @lxnx0 @apollo13 @shred @myluckyapps: Any news?

Have you tested with "master"?

  • https://github.com/fritzy/SleekXMPP/commits/develop

It works?

Neustradamus avatar Apr 08 '19 02:04 Neustradamus