Unable to connect with openfire using react-native-xmpp - ssl

I have a react-native Chat application which I am running on my android phone using USB debugging and I am using OPENFIRE as a chat server. For connecting with Openfire I am using library 'react-native-xmpp'. Below is the code for connection with OPENFIRE using react-native-xmpp --
import XMPP from 'react-native-xmpp';
var JID = 'admin#192.168.4.246';
XMPP.on('error', (message) => console.log('ERROR:' + message));
XMPP.on('loginError', (message) => console.log('LOGIN ERROR:' + message));
XMPP.on('login', (message) => console.log('LOGGED!'));
XMPP.on('connect', (message) => console.log('CONNECTED!'));
XMPP.connect('ramvallabh#192.168.4.246', 'root','RNXMPP.PLAIN','192.168.4.246',5222);
XMPP.message('Hello world!' , JID);
XMPP.disconnect();
The IP I used here is my local IP address.
I am trying to connect to port 5222 as a PLAIN connection. But I am getting an error saying
SSL/TLS required by the client but not or no longer supported by
server.
I checked the OPENFIRE configuration at port 5222. I disabled the encryption and enabled the encryption but not getting any difference in either case. I also tried to connect to port 5223 then the error says
javax.net.ssl.SSLHandshakeException:
java.security.cert.CertPathValidatorException: Trust anchor for
certification path not found.
I not uploaded much of code because I think the error either lies in the library or some networking concept that I don't understand.
Does anybody have any idea what may be going wrong here or any other better way to do it?

You are facing this error because in the java code of raect-native-xmpp, security mode is enabled by default. If you want to use PLAIN text authentication than you must turn this off.
Example: Suppose you react-native app name is TestApp then go to the following directory:
TestApp/node_modules/react-native-xmpp/android/src/main/java/rnxmpp/service
and go to Line 76 and replace with the below line:
Before:
.setSecurityMode(ConnectionConfiguration.SecurityMode.required);
After:
.setSecurityMode(ConnectionConfiguration.SecurityMode.disabled);

Related

Mautic & Amazon SES Integration issues

I installed Mautic in-house instance. I tried to integrate it with Amazon SES service. After all was set as needed (please find the attached screenshot below), I clicked "Test connection" button and got the following error:
Connection could not be established with host
email-smtp.eu-west-1.amazonaws.com [An attempt was made to access a
socket in a way forbidden by its access permissions. #10013] Log data:
++ Starting Mautic\EmailBundle\Swiftmailer\Transport\AmazonTransport !! Connection could not be established with host
email-smtp.eu-west-1.amazonaws.com [An attempt was made to access a
socket in a way forbidden by its access permissions. #10013] (code: 0)
++ Starting Mautic\EmailBundle\Swiftmailer\Transport\AmazonTransport
Can someone give a hand on this? What am I doing wrong?
Screenshot Mautic_Amazon-SES_Integration Settings
I had the same problem and fixed it by leaving the field "Port" empty (Mautic --> email settings --> Port). Apparently my server wasn't able to use port 25, and leaving this field empty made Mautic find the best port.

SSL error when using https FCM

I have implemented FCM for web using fcm documentation.
Everything'll be fine if I set url like : 'http://xxx' I have no error.
But when I set url : 'https://xxx..', I get error:
"Failed to register a ServiceWorker: An SSL certificate error occurred when fetching the script."
code: "messaging/failed-serviceworker-registration"
"Messaging: We are unable to register the default service worker. Failed to register a ServiceWorker: An SSL certificate error occurred when fetching the script. (messaging/failed-serviceworker-registration)."
Can anyone show me how to fix this error?
This is a general problem when wanting to test service workers in a local development environment without proper SSL certificates. It is not specific to Firebase Messaging but pertains to Service Workers in general.
Here is the solution I found when using Google Chrome: Testing Service workers locally with self-signed certificates
Unfortunately, I don't know yet how to circument the issue with other browsers, but probably there must be similar ways.
For Chrome, you need to start a new instance of Chrome, with some flags telling it to ignore SSL certificate errors for your local origin:
In Linux (and maybe Mac):
google-chrome --ignore-certificate-errors --unsafely-treat-insecure-origin-as-secure=https://127.0.0.1 --user-data-dir=/tmp/foo
The https://127.0.0.1 here is the location where your app (and service worker) is hosted locally. You might need to adjust this to use the appropriate port, if serving on a different port than the standard HTTPS port 443, e.g. https://127.0.0.1:3000, when serving your app over HTTPS on port 3000.
The --user-data-dir=/tmp/foo is necessary to start a new instance, with a new user profile, if another instance of Chrome is already running.
In Windows (might vary, depending on where your chrome.exe is):
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --ignore-certificate-errors --unsafely-treat-insecure-origin-as-secure=https://localhost:1123
Again, you might have to adjust the port.
Easier method that worked for me:
Just paste chrome://flags/#allow-insecure-localhost in your chrome browser, and Enable the setting that says something like "Allow invalid certificates for resources loaded from localhost."

unknown SSL error -12218 (SSL_ENCRYPTION_FAILURE) while launching upwork application on debian stretch

Recently I've been installing upwork application on my debian system.It has installed fine.But when I try to launch it from cli typing: upwork
a bunch of errors happen.
[1008/213534:ERROR:browser_main_loop.cc(173)] Running without the SUID sandbox! See https://code.google.com/p/chromium/wiki/LinuxSUIDSandboxDevelopment for more information on developing with the sandbox on.
[1008/213535:ERROR:renderer_main.cc(200)] Running without renderer sandbox
[1008/213542:ERROR:renderer_main.cc(200)] Running without renderer sandbox
[1008/213542:WARNING:channel.cc(549)] Failed to send message to ack remove remote endpoint (local ID 1, remote ID 1)
[1008/213542:WARNING:channel.cc(549)] Failed to send message to ack remove remote endpoint (local ID 2147483648, remote ID 2)
[1008/213542:ERROR:channel.cc(300)] RawChannel read error (connection broken)
[1008/213542:ERROR:renderer_main.cc(200)] Running without renderer sandbox
[1008/213543:WARNING:channel.cc(549)] Failed to send message to ack remove remote endpoint (local ID 1, remote ID 1)
[1008/213543:WARNING:nss_ssl_util.cc(370)] Unknown SSL error -12218 (SSL_ERROR_ENCRYPTION_FAILURE) mapped to net::ERR_SSL_PROTOCOL_ERROR
[1008/213600:WARNING:nss_ssl_util.cc(370)] Unknown SSL error -12218 (SSL_ERROR_ENCRYPTION_FAILURE) mapped to net::ERR_SSL_PROTOCOL_ERROR
[1008/213600:WARNING:nss_ssl_util.cc(370)] Unknown SSL error -12218 (SSL_ERROR_ENCRYPTION_FAILURE) mapped to net::ERR_SSL_PROTOCOL_ERROR
[1008/214550:WARNING:channel.cc(549)] Failed to send message to ack remove remote endpoint (local ID 1, remote ID 1)
[
How to overcome this errors?
After online searching the decision was found on upwork site forum
unknown ssl error
The problem was how to use the 2 versions of libnss3 packet simultaneously.Libnss3 goes as a security related packet so instead of downgrading it on the system you can simply download the old version of libnss3 compatible with upwork app and then dynamically add a path to this old version to the linker when you need to use upwork app, while the system will have the newest one.

How to run Web-RTC on Elastix?

I would like to have a softphone on my browser. to do this, I'm following this tutorial:
http://www.neomano.com/2015/12/probando-webrtc-en-elastix-4/
because I need to create a ssl cert, I made it by using this data:
Country name:US
state provins
...
hostname:172.17.5.112
email...
after creating, when I want to login on sipml5 I got this message :
fails to connect server
on asterisk side I got this message :
tcptls.c:379
tcpyls_streem_close:ssl_shutdown
my OS is centOS 7 .
Not sure, but as far as remember you need first to go to link where your server is listening for TLS connection something like 172.17.5.112:8089 in your browser, then you need to click that you accept that your certificate is not trusted(because you are using self-signed certificate) and after this trick, call should work.

Worklight 6.0 application using SSL

Worklight 6.0.0, targeting iPad.
I have a simple demonstration application, no authentication at present. I am demonstrating use of reverse proxy. So I am building my application using the Build for Remote Server workaround and can see in xcode the correct server specification. I have some adapter calls, but for a particular demo scenario I also want to make an explicit call to
WL.Client.connect( ... );
If I use an http connection I see a request like this:
http://192.168.0.19/MyApp/apps/services/api/Work01/ipad/init
and it works just fine. If instead I use an SSL connection, as expected I see this
https://192.168.0.19:443/Infrabel01/apps/services/api/Work01/ipad/init
And I get the following error.
> [ERROR ] FWLSE0059E: Login into realm 'NullLoginModule' failed. The
> environment 'ipad' supports multiple versions, therefore you must
> request it with a version parameter.. [project Infrabel01] The
> environment 'ipad' supports multiple versions, therefore you must
> request it with a version parameter. [ERROR ]
> FWLSE0117E: Error code: 4, error description: AUTHENTICATION_ERROR,
> error message: An Error occurred while performing authentication using loginModule
> NullLoginModule, User Identity Not available. [project Infrabel01]
> [project Infrabel01]
That "request it with a version parameter" is intriguing. Is there some extra parameter I need to pass? Or is the overall implication that connecting over SSL requires authentication?
I had the same problem.
I have solved it by using the real IP address of the server in the WL app instead of using localhost:
When the emulator is running your app, press the Menu button.
Select to change your server URL
Remove "localhost" and use the IP address.
Accept and try again.
This fixed my problem.
Please make sure your Worklight server or proxy server is enabled SSL with certificate which signed by a trust public CA like Verisign. Worklight not support private CA certificate.