Not logged in. · Lost password · Register
Forum: MatriX RSS
Avatar
Kernighan #1
Member since Apr 2014 · 5 posts
Group memberships: Members
Show profile · Link to this post
Subject: TLS connection error.
Hi Alex, thanks for your amazing library.
Can you help me to fix this error!
First, my xml log on login, after i get error "Tls negotiation failed."
<stream:stream xmlns:stream="http://etherx.jabber.org/streams" xmlns="jabber:client" to="empirech.com" version="1.0" >
<stream:stream xmlns:stream="http://etherx.jabber.org/streams" xmlns="jabber:client" from="empirech.com" id="38cd0479-121e-46c9-89cb-5dd3e6b8ff22" version="1.0" xml:lang="en" >
<stream:features xmlns:stream="http://etherx.jabber.org/streams">
  <ver xmlns="urn:xmpp:features:rosterver" />
  <starttls xmlns="urn:ietf:params:xml:ns:xmpp-tls">
    <required />
  </starttls>
  <mechanisms xmlns="urn:ietf:params:xml:ns:xmpp-sasl" />
  <compression xmlns="http://jabber.org/features/compress">
    <method>zlib</method>
  </compression>
</stream:features>
<starttls xmlns="urn:ietf:params:xml:ns:xmpp-tls" />
<proceed xmlns="urn:ietf:params:xml:ns:xmpp-tls" />

Inner exception: A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider

client = new XmppClient(ownJid, XPath.XmppDomain, Self.User.Id.ToString(CultureInfo.InvariantCulture), Self.User.Password)
 {
   StartTls = true,
   Resource = ownJid.Resource,
   AutoRoster = true,
  };

So, on server side i enabled tls encryption, but if i start on client side tls i get error described above, without encryption all work perfect.
Avatar
Alex #2
Member since Feb 2003 · 4322 posts · Location: Germany
Group memberships: Administrators, Members
Show profile · Link to this post
To me it looks like your TLS certificate is not valid.
Windows phone validates the certificate, and unlike on the full. Net framework there is no way to accept a invalid or self signed cert on Windows Phone.
When you create a test account for us on you server we can try to debug this.

Alex
Avatar
Kernighan #3
Member since Apr 2014 · 5 posts
Group memberships: Members
Show profile · Link to this post
When you create a test account for us on you server we can try to debug this.
If you want, i can add you in skype and we can to debug on teamviewer.

My skype: Mr.Kernighan or you can get me your skype i'll add you.
Avatar
Alex #4
Member since Feb 2003 · 4322 posts · Location: Germany
Group memberships: Administrators, Members
Show profile · Link to this post
When your server is public on the Internet I can debug this also without an account. Because TLS negotiation is before authentication.
I can do this next week  I am traveling right now.
Have you tried to connect without TLS?

Alex
Avatar
Kernighan #5
Member since Apr 2014 · 5 posts
Group memberships: Members
Show profile · Link to this post
Ye, without tls is good but if i enable tls not work.
Avatar
Alex #6
Member since Feb 2003 · 4322 posts · Location: Germany
Group memberships: Administrators, Members
Show profile · Link to this post
had a chance to connect to your server.
Your TLS/SSL certificate is not signed by a trusted CA.

To be able to connect to your server from Windows Phone you have to install a proper certificate issued by a CA which is trusted on the phone. OR yo have to add your CA to the trusted CAs on the phone.

See also:
https://xmpp.net/result.p…?domain=empirech.com&type=c…

Alex
Avatar
Kernighan #7
Member since Apr 2014 · 5 posts
Group memberships: Members
Show profile · Link to this post
Hi Alex, can you help me a little bit. I don't found any info about how to enable in WP8 certificates or how to add it to support tls.
Can you describe more about it if you can? Thanks a lot.
Avatar
Alex #8
Member since Feb 2003 · 4322 posts · Location: Germany
Group memberships: Administrators, Members
Show profile · Link to this post
you don't have to change anything on WP.
You have to install a valid SSL certificate on your server, then it should be fine.
As you can see also on xmpp.net your SSL certificate is not trusted.

As I said before on Windows Phone there is no way to initiate a secure connection when the certificate in invalid or untrusted. Windows Phone does all the certificate handling and denies the connection. On the Desktop with the full .NET framework you can ignore the SSL warning and proceed which is not possible on Windows Phone.
Avatar
Kernighan #9
Member since Apr 2014 · 5 posts
Group memberships: Members
Show profile · Link to this post
Ok, thanks, now i inderstand the problem. On server i have self signed certificate.
Avatar
Alex #10
Member since Feb 2003 · 4322 posts · Location: Germany
Group memberships: Administrators, Members
Show profile · Link to this post
Quote by Kernighan:
Ok, thanks, now i inderstand the problem. On server i have self signed certificate.
correct. And when you get a certificate signed by a CA you have to make sure that the CA is also trusted by Windows Phone. But this should be no problem with all well known CAs.

Alex
Close Smaller – Larger + Reply to this post:
Verification code: VeriCode Please enter the word from the image into the text field below. (Type the letters only, lower case is okay.)
Smileys: :-) ;-) :-D :-p :blush: :cool: :rolleyes: :huh: :-/ <_< :-( :'( :#: :scared: 8-( :nuts: :-O
Special characters:
Forum: MatriX RSS