Ask / Submit
27

XMPP (other than google talk) does not work

asked 2013-12-28 19:09:32 +0300

garretraziel gravatar image

updated 2015-01-20 10:21:52 +0300

eric gravatar image

I don't know if it is only me or if this happened to everyone, but during initial setup, I set up XMPP account (other than my google account) that lies on server jabber.cz. It is shown in "Accounts" in Settings, but that's all. I don't have any online contancts shown anywhere (on People there are only contacts from google talk) and in "events" -> "show presence info", only google talk account is shown.

Is Jolla even able to use XMPP other than with google talk? Maybe it's associated with that my XMPP servers provides only self-signed certificate?

edit retag flag offensive close delete

Comments

my account @jabber.org works

ortylp ( 2013-12-28 19:13:37 +0300 )edit
1

I think it is because of self-signed certificates. I was not able to activate my Jabber account as well on the server that uses a self-signed certificate. Haven't tried with others though.

Hess ( 2013-12-28 19:21:11 +0300 )edit

Why you don't ask me ? I know it. :) Many things are near same as on N9, many things are Linux related .. :)

Kaacz ( 2013-12-28 22:00:45 +0300 )edit

Anyhow, Google Talk may stop working soon, because it will be replaced by Hangouts which doesn't support XMPP.

bennypr0fane ( 2014-02-17 01:31:04 +0300 )edit
1

I have the same issue on a duckgo.com account...

deedend ( 2014-07-24 16:35:05 +0300 )edit

6 Answers

Sort by » oldest newest most voted
21

answered 2014-01-12 14:00:53 +0300

lynxis gravatar image

updated 2014-01-15 00:27:25 +0300

You can add your CA or certificate for jabber without adding it to the system certificate chain.

$ mkdir -p /home/nemo/.config/telepathy/certs/
$ cp /home/nemo/Downloads/jabber-ca_or_cert.crt /home/nemo/.config/telepathy/certs/

I had to re-add my jabber account after this. Maybe a reboot will also apply the new certificate to the jabber client

Edit: To extract a server certificate, you can use openssl cmdline util. It will show you with some debug information all certificates. Cut & Copy these certificates (starts with '-----BEGIN CERTIFICATE-----' and ends '-----END CERTIFICATE-----') into an extra file and name it somewhat.crt

# # for servers which supports starttls
$ openssl s_client -connect jabber.ccc.de:5222 -starttls xmpp -showcerts
# # for server with a dedicated ssl port
$ openssl s_client -connect jabber.ccc.de:5223 -showcerts
edit flag offensive delete publish link more

Comments

how about START TLS and port 8222? I wonder how to get self-signed certs that way.

Nekron ( 2014-01-12 14:41:49 +0300 )edit
1

Nekron, try mc-tool update gabble/jabber/jabber_6 uint:port=8222 or you take a look into the source code

lynxis ( 2014-01-12 16:03:21 +0300 )edit

Does the '#' mean that I have to do the commands as root here?

jukey ( 2014-01-14 23:34:13 +0300 )edit
1

no. I will change it to $. all commands can be run as user nemo

lynxis ( 2014-01-15 00:26:55 +0300 )edit

One milione thanks for hint with telepathy certs dir .. it's work! :) For better modern security I use this simple script:

#! /bin/bash
# param "err" :  ignore ssl errors.

mc-tool list | grep "gabble/jabber/jabber_" | while read XmppAcount ;
do
  mc-tool update "$XmppAcount" bool:require-encryption=1 uint:port=5222 bool:old-ssl=false
  [ "$1" == "err" ] && mc-tool update "$XmppAcount" bool:ignore-ssl-errors=true
done

I don't use ignore-ssl. And after add certs to dir: ONLINE. :)

Kaacz ( 2014-02-06 02:04:35 +0300 )edit
12

answered 2013-12-28 20:11:12 +0300

Hess gravatar image

I managed to connect by ignoring the SSL errors using mc-tool. Went to the terminal and:

mc-tool update gabble/jabber/jabber_xx bool:ignore-ssl-errors=true

Replace xx with your id (check mc-tool list) , found at https://twitter.com/Nokius/status/414788716683886592

However, ability to add my certs to Jolla would be better.

edit flag offensive delete publish link more

Comments

2

This solves the problem, but not in the way I would like it to be solved. Thanks!

garretraziel ( 2013-12-28 20:14:43 +0300 )edit
3

It is same problem as on N9. I make some research in mc-tool and ag-tool. Jolla create all account as old-ssl on port 5223. I have Jabber server with TLS 5222 only. This is may be changed by mc-tool or ag-tool.

Kaacz ( 2013-12-28 21:56:19 +0300 )edit
2

jabber.cz is not selfigned, but use cert signed by unknown CA for Jolla. And we don't able add Ca-cert. :(

Kaacz ( 2013-12-28 21:59:28 +0300 )edit
2

Thanks Hess - this solution worked for me. But I must say that this error about self-signed certificate should have been visible in the UI. I'm quite sure that a lot of first wave users are running their jabber servers with self-signed certificates.

jemm ( 2013-12-29 20:02:43 +0300 )edit

Great answer, thanks!

thisisme ( 2014-01-03 13:25:18 +0300 )edit
12

answered 2014-02-02 00:23:42 +0300

ckaktus gravatar image

Sailfish should at least give an error message. For a long time I thought it's an missing feature. Or better an certificate manager to handle issues like this.

edit flag offensive delete publish link more

Comments

4

as long as sailfish just silently refuses to connect to any secure jabber-server this is a missing feature.

jabgoe ( 2014-03-07 00:23:27 +0300 )edit
3

answered 2014-01-12 14:45:52 +0300

Andy Branson gravatar image

For those running their own servers, it's best to get a certificate from StartCom. They're free, and recognized by all XMPP clients and servers because they used to provide certs through xmpp.net. No more self-signing headaches...

edit flag offensive delete publish link more

Comments

Hi there, you sound like you know what you're doing with Jabber, are you able to explain why my friend's jabber server won't show up? He's not very good with computers so he can't help..

Antti Branninen ( 2015-07-15 19:56:00 +0300 )edit
0

answered 2013-12-28 19:22:48 +0300

Did you tried to reboot after adding the account ? There is a bug about this, that the list of accounts is not refreshed when being added. My dukgo account works here.

edit flag offensive delete publish link more

Comments

Yep. I have rebooted several times since that. I think that it's probably caused by self-signed certificate.

garretraziel ( 2013-12-28 19:25:04 +0300 )edit

Sfiet_Konstantin, what exactly did you have to do in order to get your dukgo account to work? I had it working just fine about a year ago, but now with my second jolla and updated sailfishos, it just doesn't show up except for in accounts view. i already tried importing dukgo certificate, but perhaps i failed.

edgar ( 2015-08-13 12:54:54 +0300 )edit
0

answered 2015-07-14 14:33:45 +0300

pan tau gravatar image

i had to provide password and also ignore ssl errors, there is no difference if i set wrong password in UI -

mc-tool update gabble/jabber/jabber_25 string:password=SOMEPASS
mc-tool update gabble/jabber/jabber_25 bool:ignore-ssl-errors=yes

without this, mc-tool dump shows no password string at all and FALSE for ssl errors even this were checked in UI settings

edit flag offensive delete publish link more

Comments

is the command with mc-tool still needed on own certs and possible ssl errors? Because there is (now) an option "ignore ssl errors"? I still can't get connected, no errors, no messages, no presence...

lazart ( 2016-07-15 16:47:38 +0300 )edit
Login/Signup to Answer

Question tools

Follow
13 followers

Stats

Asked: 2013-12-28 19:09:32 +0300

Seen: 4,113 times

Last updated: Jul 14 '15