Bug #977

avatar

Connection to XMPP server with SHA2 certificate signature fails on mono 2.6 even when certificate verify is disabled

Added by Jan Krajdl 3768 days ago. Updated 3481 days ago.

Status:New Start:08/10/2014
Priority:Normal Due date:
Assigned to:- % Done:

0%

Category:Other
Target version:-
Complexity:

Found in Version:

Votes: 0

Description

I have problem with connection to my XMPP server. XMPP server has TLS enabled and using certificate with SHA2 signature (SHA 256 or SHA 512). Also I'm using mono 2.6 for compatibility with native windows frontend and mono 2.6 can't recognize SHA2. But even when I have disabled certificate verification in XMPP account settings it still fails with exception on engine side and I am unable to connect to server. XMPP server still can handle unencrypted connection. I'm attaching engine console out when this error occurres.

x509_error.txt (5.6 KB) Jan Krajdl, 08/10/2014 02:12 PM

History

Updated by Mirco Bauer 3766 days ago

avatar

Looks like Mono requires that it understands the certificate regardless of the validation part. This won't fix this issue but you could workaround it by using stunnel.

Updated by Mirco Bauer 3481 days ago

avatar
  • Category changed from Engine XMPP (Jabber) to Other
  • Assigned to deleted (Oliver Schneider)

This issue isn't XMPP specific actually, but an issue with Smuxi in general, but really Mono.

Updated by Mirco Bauer 3481 days ago

avatar

You can upgrade your Mono to a newer version if you use Mono on Windows as well.

Updated by Jan Krajdl 3481 days ago

avatar

Yeah, but mono in Windows has some issues too... don't remember exactly what it was but remember something that I couldn't quit it (always needed kill from OS) and it also wouldn't reconnect automatically (this combination I hated because I usually has smuxi running all the time and just suspend computer). I finally forced XMPP server to listen on another port with unencrypted connections and connect smuxi without encryption - as both are running on same server it's not security issue and it's working fine. But maybe for someone else who has to have Windows ( :-) ) and doesn't have own XMPP server it can be really anoying...

Also available in: Atom PDF