Hello everyone.
I'm hoping someone can shed some light on what is going on, as this is driving me crazy. I've spend the last couple of days trying to get eJabberd server to accept secure connections, but sasl authentication fails on step 2
I'm a newbie, so I'm hoping I'm not doing some basic error.
I've searched online and all I found is related to Anounymous SASL: not the case.
I'm running ejabberd version 2.1.10 on linux based on Turnkey 13.0 from ()
I've tried different ejabberd versions, different linux distros, different certificate and domains.
Plain text works fine, but if I activate starttls on C2S, then the client refuses to terminate the challenge procedure with the server.
I've tried different clients (pidgeon, adium, our own application) always with the same results.
Pidgeon says :"Error is -10 : SASL(-10): server failed mutual authentication step: DIGEST-MD5: This server wants us to believe that he knows shared secret"
Adium: "invalid challenge from the server"
Bellow You can see a full transcript from pidgeon and the full log from ejabberd.
Thank you all for any help
EJABBERD LOG:
=INFO REPORT==== 2015-04-19 19:13:15 ===
I(<0.473.0>:ejabberd_listener:281) : (#Port<0.1921>) Accepted connection {{77,54,65,156},62857} -> {{172,31,99,251},5222}
=INFO REPORT==== 2015-04-19 19:13:15 ===
D(<0.496.0>:ejabberd_receiver:320) : Received XML on stream = "<?xml version='1.0' ?>"
=INFO REPORT==== 2015-04-19 19:13:15 ===
D(<0.496.0>:ejabberd_receiver:320) : Received XML on stream = "<stream:stream to='xmpp.example.com' xmlns='jabber:client' xmlns:stream='http://etherx.jabber.org/streams' version='1.0'>"
=INFO REPORT==== 2015-04-19 19:13:15 ===
D(<0.497.0>:ejabberd_c2s:1553) : Send XML on stream = [60,63,120,109,108,32,
118,101,114,115,105,
111,110,61,39,49,46,48,
39,63,62,60,115,116,
114,101,97,109,58,115,
116,114,101,97,109,32,
120,109,108,110,115,61,
39,106,97,98,98,101,
114,58,99,108,105,101,
110,116,39,32,120,109,
108,110,115,58,115,116,
114,101,97,109,61,39,
104,116,116,112,58,47,
47,101,116,104,101,114,
120,46,106,97,98,98,
101,114,46,111,114,103,
47,115,116,114,101,97,
109,115,39,32,105,100,
61,39,"2853255830",39,
32,102,114,111,109,61,
39,"xmpp.example.com",
39,
[" version='","1.0",
"'"],
[" xml:lang='","en",
"'"],
62]
=INFO REPORT==== 2015-04-19 19:13:15 ===
D(<0.497.0>:ejabberd_c2s:1553) : Send XML on stream = <<"<stream:features><starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'/><mechanisms xmlns='urn:ietf:params:xml:ns:xmpp-sasl'><mechanism>SCRAM-SHA-1</mechanism><mechanism>ANONYMOUS</mechanism><mechanism>DIGEST-MD5</mechanism><mechanism>PLAIN</mechanism></mechanisms><c xmlns='http://jabber.org/protocol/caps' hash='sha-1' node='http://www.process-one.net/en/ejabberd/' ver='GgBjinftMQ4H81m+4jSVXMg/dVU='/><register xmlns='http://jabber.org/features/iq-register'/></stream:features>">>
=INFO REPORT==== 2015-04-19 19:13:15 ===
D(<0.496.0>:ejabberd_receiver:320) : Received XML on stream = "<starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'/>"
=INFO REPORT==== 2015-04-19 19:13:15 ===
D(<0.496.0>:shaper:61) : State: {maxrate,1000,0,1429470795107348}, Size=51
M=25.5, I=64.591
=INFO REPORT==== 2015-04-19 19:13:15 ===
D(<0.496.0>:ejabberd_receiver:320) : Received XML on stream = []
=INFO REPORT==== 2015-04-19 19:13:15 ===
D(<0.496.0>:shaper:61) : State: {maxrate,1000,394.7368421052632,
1429470795171948}, Size=0
M=0.0, I=0.853
=INFO REPORT==== 2015-04-19 19:13:15 ===
D(<0.496.0>:ejabberd_receiver:320) : Received XML on stream = []
=INFO REPORT==== 2015-04-19 19:13:15 ===
D(<0.496.0>:shaper:61) : State: {maxrate,1000,197.3684210526316,
1429470795172808}, Size=0
M=0.0, I=60.582
=INFO REPORT==== 2015-04-19 19:13:15 ===
D(<0.496.0>:ejabberd_receiver:320) : Received XML on stream = []
=INFO REPORT==== 2015-04-19 19:13:15 ===
D(<0.496.0>:shaper:61) : State: {maxrate,1000,98.6842105263158,
1429470795233397}, Size=0
M=0.0, I=61.195
=INFO REPORT==== 2015-04-19 19:13:15 ===
D(<0.496.0>:ejabberd_receiver:320) : Received XML on stream = "<stream:stream to='xmpp.example.com' xmlns='jabber:client' xmlns:stream='http://etherx.jabber.org/streams' version='1.0'>"
=INFO REPORT==== 2015-04-19 19:13:15 ===
D(<0.496.0>:shaper:61) : State: {maxrate,1000,49.3421052631579,
1429470795294597}, Size=121
M=62.03035413153457, I=67.288
=INFO REPORT==== 2015-04-19 19:13:15 ===
D(<0.497.0>:ejabberd_c2s:1553) : Send XML on stream = [60,63,120,109,108,32,
118,101,114,115,105,
111,110,61,39,49,46,48,
39,63,62,60,115,116,
114,101,97,109,58,115,
116,114,101,97,109,32,
120,109,108,110,115,61,
39,106,97,98,98,101,
114,58,99,108,105,101,
110,116,39,32,120,109,
108,110,115,58,115,116,
114,101,97,109,61,39,
104,116,116,112,58,47,
47,101,116,104,101,114,
120,46,106,97,98,98,
101,114,46,111,114,103,
47,115,116,114,101,97,
109,115,39,32,105,100,
61,39,"3715017592",39,
32,102,114,111,109,61,
39,"xmpp.example.com",
39,
[" version='","1.0",
"'"],
[" xml:lang='","en",
"'"],
62]
=INFO REPORT==== 2015-04-19 19:13:15 ===
D(<0.497.0>:ejabberd_c2s:1553) : Send XML on stream = <<"<stream:features><mechanisms xmlns='urn:ietf:params:xml:ns:xmpp-sasl'><mechanism>SCRAM-SHA-1</mechanism><mechanism>ANONYMOUS</mechanism><mechanism>DIGEST-MD5</mechanism><mechanism>PLAIN</mechanism></mechanisms><c xmlns='http://jabber.org/protocol/caps' hash='sha-1' node='http://www.process-one.net/en/ejabberd/' ver='GgBjinftMQ4H81m+4jSVXMg/dVU='/><register xmlns='http://jabber.org/features/iq-register'/></stream:features>">>
=INFO REPORT==== 2015-04-19 19:13:15 ===
D(<0.496.0>:ejabberd_receiver:320) : Received XML on stream = "<auth xmlns='urn:ietf:params:xml:ns:xmpp-sasl' mechanism='DIGEST-MD5' xmlns:ga='http://www.google.com/talk/protocol/auth' ga:client-uses-full-bind-result='true'/>"
=INFO REPORT==== 2015-04-19 19:13:15 ===
D(<0.496.0>:shaper:61) : State: {maxrate,1000,0,1429470795362475}, Size=162
M=81.0, I=62.133
=INFO REPORT==== 2015-04-19 19:13:15 ===
D(<0.497.0>:ejabberd_c2s:1553) : Send XML on stream = <<"<challenge xmlns='urn:ietf:params:xml:ns:xmpp-sasl'>bm9uY2U9Ijg5NDU2ODUyNiIscW9wPSJhdXRoIixjaGFyc2V0PXV0Zi04LGFsZ29yaXRobT1tZDUtc2Vzcw==</challenge>">>
=INFO REPORT==== 2015-04-19 19:13:15 ===
D(<0.496.0>:ejabberd_receiver:320) : Received XML on stream = "<response xmlns='urn:ietf:params:xml:ns:xmpp-sasl'>dXNlcm5hbWU9ImpwciIscmVhbG09InhtcHAueW91YmVlcC5jb20iLG5vbmNlPSI4OTQ1Njg1MjYiLGNub25jZT0iaDRiRDhhRFdRZnA3dURCMHNuN1gvQ1d4L0x2Y3ZJYXZxRURxQ1FWR1ovdz0iLG5jPTAwMDAwMDAxLHFvcD1hdXRoLGRpZ2VzdC11cmk9InhtcHAveG1wcC55b3ViZWVwLmNvbSIscmVzcG9uc2U9Mjk2MDJlNzhlOTMyYjkxYTFlOWFhYTBiMmE2NDVkNTYsY2hhcnNldD11dGYtOA==</response>"
=INFO REPORT==== 2015-04-19 19:13:15 ===
D(<0.496.0>:shaper:61) : State: {maxrate,1000,998.286890397959,
1429470795443614}, Size=362
M=361.3809148847167, I=43.058
=INFO REPORT==== 2015-04-19 19:13:15 ===
D(<0.497.0>:ejabberd_c2s:1553) : Send XML on stream = <<"<challenge xmlns='urn:ietf:params:xml:ns:xmpp-sasl'>cnNwYXV0aD1iZjAzNDVhMWJmM2UzNjJmOTFlMWFmYjBlYzczNTlhMQ==</challenge>">>
=INFO REPORT==== 2015-04-19 19:13:15 ===
D(<0.496.0>:ejabberd_receiver:320) : Received XML on stream = "</stream:stream>"
=INFO REPORT==== 2015-04-19 19:13:15 ===
D(<0.496.0>:shaper:61) : State: {maxrate,1000,999.0536823111003,
1429470795805679}, Size=16
M=15.984873231706016, I=0.76
=INFO REPORT==== 2015-04-19 19:13:15 ===
D(<0.497.0>:ejabberd_c2s:1553) : Send XML on stream = "</stream:stream>"
PIDGEON LOG:
(20:13:11) proxy: Connecting to xmpp.example.com:5222 with no proxy
(20:13:11) proxy: Connection in progress
(20:13:11) proxy: Connecting to xmpp.example.com:5222.
(20:13:11) proxy: Connected to xmpp.example.com:5222.
(20:13:11) jabber: Sending (): <?xml version='1.0' ?>
(20:13:11) jabber: Sending (): <stream:stream to='xmpp.example.com' xmlns='jabber:client' xmlns:stream='http://etherx.jabber.org/streams' version='1.0'>
(20:13:11) jabber: Recv (174): <?xml version='1.0'?><stream:stream xmlns='jabber:client' xmlns:stream='http://etherx.jabber.org/streams' id='2853255830' from='xmpp.example.com' version='1.0' xml:lang='en'>
(20:13:11) jabber: Recv (476): <stream:features><starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'/><mechanisms xmlns='urn:ietf:params:xml:ns:xmpp-sasl'><mechanism>SCRAM-SHA-1</mechanism><mechanism>ANONYMOUS</mechanism><mechanism>DIGEST-MD5</mechanism><mechanism>PLAIN</mechanism></mechanisms><c xmlns='http://jabber.org/protocol/caps' hash='sha-1' node='http://www.process-one.net/en/ejabberd/' ver='GgBjinftMQ4H81m+4jSVXMg/dVU='/><register xmlns='http://jabber.org/features/iq-register'/></stream:features>
(20:13:11) jabber: Sending (): <starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'/>
(20:13:11) jabber: Recv (50): <proceed xmlns='urn:ietf:params:xml:ns:xmpp-tls'/>
(20:13:11) nss: subject=OU=Software appliances,O=TurnKey Linux issuer=OU=Software appliances,O=TurnKey Linux
(20:13:11) certificate/x509/tls_cached: Starting verify for xmpp.example.com
(20:13:11) certificate/x509/tls_cached: Checking for cached cert...
(20:13:11) certificate/x509/tls_cached: ...Found cached cert
(20:13:11) nss/x509: Loading certificate from /home/test_user/.purple/certificates/x509/tls_peers/xmpp.example.com
(20:13:11) certificate/x509/tls_cached: Peer cert matched cached
(20:13:11) nss/x509: Exporting certificate to /home/test_user/.purple/certificates/x509/tls_peers/xmpp.example.com
(20:13:11) util: Writing file /home/test_user/.purple/certificates/x509/tls_peers/xmpp.example.com
(20:13:11) certificate: Successfully verified certificate for xmpp.example.com
(20:13:11) jabber: Sending (ssl) (): <stream:stream to='xmpp.example.com' xmlns='jabber:client' xmlns:stream='http://etherx.jabber.org/streams' version='1.0'>
(20:13:11) jabber: Recv (ssl)(174): <?xml version='1.0'?><stream:stream xmlns='jabber:client' xmlns:stream='http://etherx.jabber.org/streams' id='3715017592' from='xmpp.example.com' version='1.0' xml:lang='en'>
(20:13:11) jabber: Recv (ssl)(425): <stream:features><mechanisms xmlns='urn:ietf:params:xml:ns:xmpp-sasl'><mechanism>SCRAM-SHA-1</mechanism><mechanism>ANONYMOUS</mechanism><mechanism>DIGEST-MD5</mechanism><mechanism>PLAIN</mechanism></mechanisms><c xmlns='http://jabber.org/protocol/caps' hash='sha-1' node='http://www.process-one.net/en/ejabberd/' ver='GgBjinftMQ4H81m+4jSVXMg/dVU='/><register xmlns='http://jabber.org/features/iq-register'/></stream:features>
(20:13:11) sasl: Mechs found: SCRAM-SHA-1 ANONYMOUS DIGEST-MD5 PLAIN
(20:13:11) jabber: Sending (ssl) (): <auth xmlns='urn:ietf:params:xml:ns:xmpp-sasl' mechanism='DIGEST-MD5' xmlns:ga='http://www.google.com/talk/protocol/auth' ga:client-uses-full-bind-result='true'/>
(20:13:11) jabber: Recv (ssl)(148): <challenge xmlns='urn:ietf:params:xml:ns:xmpp-sasl'>bm9uY2U9Ijg5NDU2ODUyNiIscW9wPSJhdXRoIixjaGFyc2V0PXV0Zi04LGFsZ29yaXRobT1tZDUtc2Vzcw==</challenge>
(20:13:11) sasl: DIGEST-MD5 client step 2
(20:13:11) sasl: DIGEST-MD5 parse_server_challenge()
(20:13:11) sasl: DIGEST-MD5 ask_user_info()
(20:13:11) sasl: DIGEST-MD5 make_client_response()
(20:13:11) jabber: Sending (ssl) (): <response xmlns='urn:ietf:params:xml:ns:xmpp-sasl'>dXNlcm5hbWU9ImpwciIscmVhbG09InhtcHAueW91YmVlcC5jb20iLG5vbmNlPSI4OTQ1Njg1MjYiLGNub25jZT0iaDRiRDhhRFdRZnA3dURCMHNuN1gvQ1d4L0x2Y3ZJYXZxRURxQ1FWR1ovdz0iLG5jPTAwMDAwMDAxLHFvcD1hdXRoLGRpZ2VzdC11cmk9InhtcHAveG1wcC55b3ViZWVwLmNvbSIscmVzcG9uc2U9Mjk2MDJlNzhlOTMyYjkxYTFlOWFhYTBiMmE2NDVkNTYsY2hhcnNldD11dGYtOA==</response>
(20:13:11) jabber: Recv (ssl)(120): <challenge xmlns='urn:ietf:params:xml:ns:xmpp-sasl'>cnNwYXV0aD1iZjAzNDVhMWJmM2UzNjJmOTFlMWFmYjBlYzczNTlhMQ==</challenge>
(20:13:11) sasl: DIGEST-MD5 client step 3
(20:13:11) sasl: DIGEST-MD5: This server wants us to believe that he knows shared secret
(20:13:11) jabber: Error is -10 : SASL(-10): server failed mutual authentication step: DIGEST-MD5: This server wants us to believe that he knows shared secret
(20:13:11) connection: Connection error on 0x7feff99257a0 (reason: 3 description: SASL error: SASL(-10): server failed mutual authentication step: DIGEST-MD5: This server wants us to believe that he knows shared secret)
(20:13:11) account: Disconnecting account test_user@xmpp.example.com/ (0x7feffa00f930)
(20:13:11) connection: Disconnecting connection 0x7feff99257a0
(20:13:11) jabber: Sending (ssl) (): </stream:stream>
(20:13:11) sasl: DIGEST-MD5 client mech dispose
(20:13:11) sasl: DIGEST-MD5 common mech dispose
(20:13:11) connection: Destroying connection 0x7feff99257a0
(20:13:12) util: Writing file accounts.xml to directory /home/test_user/.purple
(20:13:12) util: Writing file /home/test_user/.purple/accounts.xml
No one had this problem
No one had this problem before.
All my tests, with diferent servers, with different versions ended up with the same result.
Could it be the certificate?
Thanks for any help
Sorry, but we cannot help on
Sorry, but we cannot help on ejabberd 2.1.10. This version is from december 2011. We have to focus our energy on future version and we cannot dissipate our energy troubleshooting old release. Sorry about that.
Please, consider using ejabberd 15.04.