Bug #484
Unable to authenticate after upgrade to rc2
Description
After installing rc2, I am no longer able to successfully connect to my Openfire 3.8.0 server. My server logs report a buffer underflow, which I believe is during the TLS handshake.
I am using a self-signed cert (which I am prompted to accept, and select "Always") and have "Require SSL/TLS" enabled.
This has been working flawlessly on previous versions. The only thing I did was upgrade Beem.
2013.03.02 12:21:42 org.jivesoftware.openfire.nio.ClientConnectionHandler - [/x.x.x.x:46668] Data Read: org.apache.mina.filter.support.SSLHandler@9c4e62f (HeapBuffer[pos=0 lim=22 cap=64: 17 03 01 00 11 4B 10 D4 FD E6 1A CA 3B 52 B4 DF 2C AF F2 C9 57 C5])
2013.03.02 12:21:42 org.jivesoftware.openfire.nio.ClientConnectionHandler - [/x.x.x.x:46668] unwrap()
2013.03.02 12:21:42 org.jivesoftware.openfire.nio.ClientConnectionHandler - [/x.x.x.x:46668] inNetBuffer: java.nio.DirectByteBuffer[pos=0 lim=22 cap=16921]
2013.03.02 12:21:42 org.jivesoftware.openfire.nio.ClientConnectionHandler - [/x.x.x.x:46668] appBuffer: java.nio.DirectByteBuffer[pos=0 lim=33842 cap=33842]
2013.03.02 12:21:42 org.jivesoftware.openfire.nio.ClientConnectionHandler - [/x.x.x.x:46668] Unwrap res:Status = OK HandshakeStatus = NOT_HANDSHAKING
bytesConsumed = 22 bytesProduced = 1
2013.03.02 12:21:42 org.jivesoftware.openfire.nio.ClientConnectionHandler - [/x.x.x.x:46668] inNetBuffer: java.nio.DirectByteBuffer[pos=22 lim=22 cap=16921]
2013.03.02 12:21:42 org.jivesoftware.openfire.nio.ClientConnectionHandler - [/x.x.x.x:46668] appBuffer: java.nio.DirectByteBuffer[pos=1 lim=33842 cap=33842]
2013.03.02 12:21:42 org.jivesoftware.openfire.nio.ClientConnectionHandler - [/x.x.x.x:46668] Unwrap res:Status = BUFFER_UNDERFLOW HandshakeStatus = NOT_HANDSHAKING
bytesConsumed = 0 bytesProduced = 0
2013.03.02 12:21:42 org.jivesoftware.openfire.nio.ClientConnectionHandler - [/x.x.x.x:46668] appBuffer: java.nio.DirectByteBuffer[pos=0 lim=1 cap=33842]
2013.03.02 12:21:42 org.jivesoftware.openfire.nio.ClientConnectionHandler - [/x.x.x.x:46668] app data read: HeapBuffer[pos=0 lim=1 cap=1: 20] (20)
Device: Galaxy Nexus
Version: 4.2.2
Rooted: no
Thanks for looking at this - I use Beem every day!
What steps will reproduce the problem?
1.
2.
3.
What is the expected output? What do you see instead?
What version of Beem are you using? On what Android version? On what device?
Please provide any additional information below.
What steps will reproduce the problem?
1.
2.
3.
What is the expected output? What do you see instead?
What version of Beem are you using? On what Android version? On what device?
Please provide any additional information below.
Updated by Chris Weiland over 11 years ago
i have also this problem
the authentification with a Jabber Account over ccc.de is rejected
Updated by John S over 11 years ago
Frédéric Barthéléry wrote:
Can we have the logcat from Beem ?
It appears both logcat and catlog require my phone to be rooted (it's not). That may take me a couple of days.
In the meantime, I've created an account for you on my server and sent you the details in IM if you'd like to try it yourself.
Updated by John S over 11 years ago
I forgot to add, I upgraded my Openfire server to the (now current) version 3.8.1 just to see if it would resolve this issue, but it did not. My other xmpp clients still continue to work as expected.
Updated by Frédéric Barthéléry over 11 years ago
- Subject changed from Unable to authenticate after upgrade to rc2 to Unable to authenticate after upgrade to rc2
- Description updated (diff)
- Status changed from New to Assigned
- Assignee set to Frédéric Barthéléry
This seems to be a serverside problem (at least for jabber.ccc.de)
The server announced that it supports a more secure authentication mechanism (SCRAM-SHA-1) and Beem try to use it to authenticate (The support for this mechanism was added in 0.1.8). But the server rejects the authentication immediately.
Your other clients use the DIGEST-MD5 mechanism which is less secured.
Here are some logs of the problematic xmpp exchange :
D/SMACK (24061): 03:27:23 PM SENT (1116882216): <stream:stream to="jabber.ccc.de" xmlns="jabber:client" xmlns:stream="http://etherx.jabber.org/streams" version="1.0"> D/SMACK (24061): 03:27:23 PM RCV (1116882216): <?xml version='1.0'?><stream:stream xmlns='jabber:client' xmlns:stream='http://etherx.jabber.org/streams' id='2855799452' from='jabber.ccc.de' version='1.0' xml:lang='en'> D/SMACK (24061): 03:27:23 PM RCV (1116882216): <stream:features><mechanisms xmlns='urn:ietf:params:xml:ns:xmpp-sasl'><mechanism>PLAIN</mechanism><mechanism>DIGEST-MD5</mechanism><mechanism>SCRAM-SHA-1</mechanism></mechanisms><c xmlns='http://jabber.org/protocol/caps' hash='sha-1' node='http://www.process-one.net/en/ejabberd/' ver='o8zQAtrb2wELMmZizvbnpvqp5cE='/><register xmlns='http://jabber.org/features/iq-register'/></stream:features> D/SMACK (24061): 03:27:23 PM SENT (1116882216): <auth mechanism="SCRAM-SHA-1" xmlns="urn:ietf:params:xml:ns:xmpp-sasl">bixhPWJlZW0sbj1iZWVtLHI9NDA1NzViYjFiODNlYzdlMGFmMjU4ZGFmOGIyNzEwNTQ2OTEzOTFhN2NhZWJjODZmZmU1YWFhMGNhYWMzZWRmMw==</auth> D/SMACK (24061): 03:27:23 PM RCV (1116882216): <failure xmlns='urn:ietf:params:xml:ns:xmpp-sasl'><bad-protocol/></failure> E/XMPPConnectionAdapter(24061): Error while connecting E/XMPPConnectionAdapter(24061): SASL authentication failed using mechanism SCRAM-SHA-1: E/XMPPConnectionAdapter(24061): at org.jivesoftware.smack.SASLAuthentication.authenticate(SASLAuthentication.java:259) E/XMPPConnectionAdapter(24061): at org.jivesoftware.smack.XMPPConnection.login(XMPPConnection.java:207) E/XMPPConnectionAdapter(24061): at com.beem.project.beem.service.XmppConnectionAdapter.login(XmppConnectionAdapter.java:251) E/XMPPConnectionAdapter(24061): at com.beem.project.beem.service.LoginAsyncTask.doInBackground(LoginAsyncTask.java:100) E/XMPPConnectionAdapter(24061): at com.beem.project.beem.service.LoginAsyncTask.doInBackground(LoginAsyncTask.java:57) E/XMPPConnectionAdapter(24061): at android.os.AsyncTask$2.call(AsyncTask.java:287) E/XMPPConnectionAdapter(24061): at java.util.concurrent.FutureTask.run(FutureTask.java:234) E/XMPPConnectionAdapter(24061): at android.os.AsyncTask$SerialExecutor$1.run(AsyncTask.java:230) E/XMPPConnectionAdapter(24061): at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1080) E/XMPPConnectionAdapter(24061): at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:573) E/XMPPConnectionAdapter(24061): at java.lang.Thread.run(Thread.java:856)
Updated by Chris Weiland over 11 years ago
hello Frederic ,
what can i do with this Problem ? Is this Problem corrigible?
Can you solve the problem with SCRAM-SHA-1?
will there be an update?
best regards
Chris
Updated by Frédéric Barthéléry over 11 years ago
- Status changed from Assigned to Resolved
- % Done changed from 0 to 100
Applied in changeset 8198b5e53cac.
Updated by Frédéric Barthéléry over 11 years ago
I just push a fix for this. You should be able to connect with scram-sha-1 even on the bogus server.
However, this is an issue on the server side, you may want to contact them in order to signal them that bug.
Updated by Chris Weiland over 11 years ago
hello Frédéric ,
Request to CCC.de is now sent out. Could you please make a request? As a programmer, you have even more options.
best regards
Chris
Updated by Chris Weiland over 11 years ago
Hello Frédéric ,
when there will be a new update ?
I want to use their software with my account on Android ;-)
Updated by Chris Weiland over 11 years ago
PS: i have no feedback from ccc.de ...... more as bad :-(
Updated by Frédéric Barthéléry over 11 years ago
Chris Weiland wrote:
Hello Frédéric ,
when there will be a new update ?
I want to use their software with my account on Android ;-)
There will be an update at the end of the week.
Updated by Frédéric Barthéléry over 11 years ago
- Subject changed from Unable to authenticate after upgrade to rc2 to Unable to authenticate after upgrade to rc2
- Description updated (diff)
- Status changed from Resolved to Closed
- Target version set to 0.1.8
Updated by Chris Weiland over 11 years ago
hello Frédéric ,
many thank you for the today Upgrade G
it work with my ccc.de Account and is work so far ...very very good.
I hope the App is not so a Akku Killer as the Jabiru App ;-)
many many thanks for this G
PS: have the Conection now with scram-sha-1 or have the conection changed ?
best regards
Chris
Updated by Frédéric Barthéléry over 11 years ago
Chris Weiland wrote:
PS: have the Conection now with scram-sha-1 or have the conection changed ?
It works with scram-sha-1