S2S: 404 Not Found after Upgrade to OF 3.7.0

Try playing around a little with the security (certificate) settings. See if you specifically allow self-signed certs, things like that. Something changed in that area, although I don’t remember from the top of my head what. Let me know if you keep running into issues, and I’ll look further.

I have the same issue.

Also when I select “Server Certificates” in the admin web interface i get the following java exception:

java.security.InvalidKeyException: Supplied key (null) is not a RSAPrivateKey instance

at org.bouncycastle.jce.provider.JDKDigestSignature.engineInitSign(Unknown Source)

at java.security.Signature$Delegate.engineInitSign(Signature.java:1095)

at java.security.Signature.initSign(Signature.java:480)

at org.bouncycastle.jce.PKCS10CertificationRequest.(Unknown Source)

at org.bouncycastle.jce.PKCS10CertificationRequest.(Unknown Source)

at org.jivesoftware.util.CertificateManager.createSigningRequest(CertificateManage r.java:432)

at org.jivesoftware.openfire.admin.ssl_002dcertificates_jsp._jspService(ssl_002dce rtificates_jsp.java:549)

at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:97)

at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)

at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:530)

at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.ja va:1216)

at com.opensymphony.module.sitemesh.filter.PageFilter.parsePage(PageFilter.java:11 8)

at com.opensymphony.module.sitemesh.filter.PageFilter.doFilter(PageFilter.java:52)

at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.ja va:1187)

at org.jivesoftware.util.LocaleFilter.doFilter(LocaleFilter.java:74)

at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.ja va:1187)

at org.jivesoftware.util.SetCharacterEncodingFilter.doFilter(SetCharacterEncodingF ilter.java:50)

at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.ja va:1187)

at org.jivesoftware.admin.PluginFilter.doFilter(PluginFilter.java:78)

at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.ja va:1187)

at org.jivesoftware.admin.AuthCheckFilter.doFilter(AuthCheckFilter.java:164)

at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.ja va:1187)

at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:425)

at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:119)

at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:494)

at org.eclipse.jetty.server.session.SessionHandler.handle(SessionHandler.java:182)

at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:93 3)

at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:362)

at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:867 )

at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:117)

at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandler Collection.java:245)

at org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.jav a:126)

at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:113)

at org.eclipse.jetty.server.Server.handle(Server.java:334)

at org.eclipse.jetty.server.HttpConnection.handleRequest(HttpConnection.java:559)

at org.eclipse.jetty.server.HttpConnection$RequestHandler.headerComplete(HttpConne ction.java:992)

at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:541)

at org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:203)

at org.eclipse.jetty.server.HttpConnection.handle(HttpConnection.java:406)

at org.eclipse.jetty.io.nio.SelectChannelEndPoint.run(SelectChannelEndPoint.java:4 62)

at org.eclipse.jetty.util.thread.QueuedThreadPool$2.run(QueuedThreadPool.java:436)

at java.lang.Thread.run(Thread.java:662)

I re-created my self-signed certificates and checked the checkbox “Accept self-signed certificates. Server dialback over TLS is now available.” (under Security Settings). And after a restart of OpenFire, my one buddy @unixboard.de was Online again. The other one is really offline ATM so I can’t check. But it looks good for now.

Update: Just found this old thread mentioning the exact same problem. Looks like ignite realtime should work on that error message … so that one can easier pinpoint the source of the problem.

I still have the same problem with 3.7.0. Allow self-signed certs is set to true and I’ve created new certificates.

2011.03.08 20:39:40 LocalOutgoingServerSession: OS - Trying to connect to draugr.de:5269(DNS lookup: s2s.jabberd.draugr.de:5269)
2011.03.08 20:39:40 LocalOutgoingServerSession: OS - Plain connection to draugr.de:5269 successful
2011.03.08 20:39:40 LocalOutgoingServerSession: OS - Indicating we want TLS to draugr.de
2011.03.08 20:39:40 LocalOutgoingServerSession: OS - Negotiating TLS with draugr.de
2011.03.08 20:39:40 LocalOutgoingServerSession: OS - TLS negotiation with draugr.de was successful
2011.03.08 20:39:40 LocalOutgoingServerSession: OS - Error, no SASL mechanisms or SERVER DIALBACK were offered by draugr.de
2011.03.08 20:39:40 LocalOutgoingServerSession: OS - Going to try connecting using server dialback with: draugr.de
2011.03.08 20:39:40 ServerDialback: OS - Trying to connect to draugr.de:5269(DNS lookup: s2s.jabberd.draugr.de:5269)
2011.03.08 20:39:40 ServerDialback: OS - Connection to draugr.de:5269 successful
2011.03.08 20:39:40 ServerDialback: OS - Sent dialback key to host: draugr.de id: 990188208 from domain: reucon.com
2011.03.08 20:39:40 ServerDialback: OS - Unexpected answer in validation from: draugr.de id: 990188208 for domain: reucon.com answer:<stream:features xmlns:stream="http://etherx.jabber.org/streams"><starttls xmlns="urn:ietf:params:xml:ns:xmpp-tls"/><c xmlns="http://jabber.org/protocol/caps" hash="sha-1" node="http://www.process-one.net/en/ejabberd/" ver="AxFG3uvIZfHAbBjOUb9t3klmoos="/></stream:features>

I’ve also got the same issue which started recently.

I’ve generated new externally signed certs, removed all plugins, allowed self-signed certs, and the server is still showing 404 errors for anything S2S.

Has anyone managed to resolve this rather serious issue yet?

XMPP Console shows:

away

<x xmlns='http://jabber.org/protocol/muc’/>

Thanks & regards,

Art

For me it’s also still there for the domain gmx.net. The other one - unixboard.de - now works fine.

After switching of TLS for s2s connection the server can set up a connection to the other server again:

xmpp.server.tls.enabled = false

This shouldn’t be the final solution…

Does anybody send a bug report about this issue to issue tracker?

Hi Michael,

Thanks for the tip, I’ve tried this on my server however it did not resolve the errors…anyone else got Michael’s method working?

Kind regards,

Art

I just downgraded to 3.6.4 by importing the db dump from before the upgrade.

Same here. S2S is not functional, with or without TLS. Paradoxically we can communicate with ICQ users thanks to Kraken gateway (1.1.3 beta - who use it too? is it possible to be problem here?) but not with other jabber users.

Looks like the same OF-443

Oh, btw. I have added the changes of Wilhelm posted in http://community.igniterealtime.org/message/206943 to my server.

After reverting the changes I still can connect to the server. Maybe you can try the following to options:

xmpp.server.certificate.accept-selfsigned = true

xmpp.server.certificate.verify.root = false

Any news here … this is pretty annoying … when will there be a bug fix release ?

This is very annoying that we do not yet have a fix for this problem …

Yeah, this problem is very annoying. Version 3.7.0 is not useable if you want to talk to people on other servers, I downgraded to 3.6.4. I really wonder why it takes so damn long for this to be fixed.

Because there are no developers to fix this.

Hi,

thanks for the answer. What happened to the developers? I thought this was a half commercial software with a company supporting it? Is there any chance that there will be developers working again on this some day?

Regards,

Sven

This was long time ago. Original developers (Jive Software) has open sourced Openfire and left it as it is a few years ago. Currently they only provide this site and servers for our needs. So all projects on this site rely heavily on volunteers. There is currently only one strong java developer for Openfire, but he was very busy with his own life/job recently. I think one company is planning to invest some time and their developers into Openfire project on Q4, also a few days ago another volunteer proposed his help. As his company is working with s2s, i hope he will be able to investigate this issue. Nothing is set in stone of course, their plans can change. If you or your company has spare human resources (at least for one bug), you are welcome to contribute to this project.

1 Like