-
Bug
-
Resolution: Unresolved
-
Blocker
-
None
-
Jenkins 2.285, jabber-plugin 1.41
After version 1.41 i receive this error on logs:
mar 10, 2021 2:37:42 PM ADVERTÊNCIA hudson.plugins.jabber.im.transport.JabberIMConnection createConnection
org.jivesoftware.smack.SmackException$SecurityRequiredByClientException: SSL/TLS required by client but not supported by serverCould not create IM connection
hudson.plugins.im.IMException: Connection failed
Revert to 1.39 resolve the problem.
[JENKINS-65226] Add preference for allowing insecure, i.e. no-TLS, XMPP connections
I changed the priority to maximum as I need to revert to version 1.39 that have security problems (passwords in plain text).
I enable the FINEST log and here is the result:
mar 31, 2021 3:28:35 PM INFORMAÇÕES hudson.plugins.jabber.im.transport.JabberIMConnectionProvider createConnection Creating XMPP JabberIMConnection mar 31, 2021 3:28:35 PM INFORMAÇÕES hudson.plugins.jabber.im.transport.JabberIMConnection connect Trying to connect XMPP connection mar 31, 2021 3:28:35 PM DETALHADO hudson.plugins.jabber.im.transport.JabberIMConnection creating new XMPP connection mar 31, 2021 3:28:35 PM INFORMAÇÕES hudson.plugins.jabber.im.transport.JabberIMConnection createConnection Trying to connect to XMPP on /spark.contmatic.com.br mar 31, 2021 3:28:35 PM MAIS DETALHADO hudson.plugins.jabber.im.transport.JabberConnectionDebugger OUT: <stream:stream xmlns='jabber:client' to='spark.contmatic.com.br' xmlns:stream='http://etherx.jabber.org/streams' version='1.0' xml:lang='pt-BR'> mar 31, 2021 3:28:35 PM MAIS DETALHADO hudson.plugins.jabber.im.transport.JabberConnectionDebugger IN : ?xml version='1.0' encoding='UTF-8'?> <stream:stream xmlns:stream="http://etherx.jabber.org/streams" xmlns="jabber:client" from= mar 31, 2021 3:28:35 PM MAIS DETALHADO hudson.plugins.jabber.im.transport.JabberConnectionDebugger IN : "spark.contmatic.com.br" id="6la3lduk6w" xml:lang="pt-BR" version="1.0"> mar 31, 2021 3:28:35 PM MAIS DETALHADO hudson.plugins.jabber.im.transport.JabberConnectionDebugger IN : <stream:features> <mechanisms xmlns="urn:ietf:params:xml:ns:xmpp-sasl"> <mechanism> PLAIN </mechanism> <mechanism> JIVE-SHAREDSECRET </mechanism> </mechanisms> <compression xmlns="http://jabber.org/features/compress"> <method> zlib </method> </compression> <ver xmlns="urn:xmpp:features:rosterver"/> <c xmlns="http://jabber.org/protocol/caps" hash="sha-1" node="https://www.igniterealtime.org/projects/openfire/" ver="UdIvp7SOMNUfQ+g8CXux1v6PlW4="/> </stream:features> mar 31, 2021 3:28:35 PM ADVERTÊNCIA hudson.plugins.jabber.im.transport.JabberIMConnection createConnection org.jivesoftware.smack.SmackException$SecurityRequiredByClientException: SSL/TLS required by client but not supported by server at org.jivesoftware.smack.AbstractXMPPConnection.connect(AbstractXMPPConnection.java:535) at hudson.plugins.jabber.im.transport.JabberIMConnection.createConnection(JabberIMConnection.java:394) at hudson.plugins.jabber.im.transport.JabberIMConnection.connect(JabberIMConnection.java:231) at hudson.plugins.jabber.im.transport.JabberIMConnectionProvider.createConnection(JabberIMConnectionProvider.java:75) at hudson.plugins.im.IMConnectionProvider.create(IMConnectionProvider.java:60) at hudson.plugins.im.IMConnectionProvider.access$500(IMConnectionProvider.java:17) at hudson.plugins.im.IMConnectionProvider$ConnectorRunnable.run(IMConnectionProvider.java:167) at java.lang.Thread.run(Thread.java:823)
Well, the exception's message seems to be correct: TLS is required but not offered by the server, which can been seen as
<starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'>
is missing from the <stream:features>
Florian Schmaus
added a comment - - edited Well, the exception's message seems to be correct: TLS is required but not offered by the server, which can been seen as
<starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'>
is missing from the <stream:features> Back to version 1.39, here is the log. The result is totally different:
mar 31, 2021 3:52:08 PM DETALHADO hudson.plugins.jabber.im.transport.JabberConnectionDebugger Connection XMPPTCPConnection[srv.spark@spark.contmatic.com.br/eo4h3ri7h] (1) authenticated mar 31, 2021 3:52:08 PM DETALHADO hudson.plugins.jabber.im.transport.JabberConnectionDebugger SENT: <iq xmlns='jabber:client' id='T3ylw-7' type='get'><query xmlns='jabber:iq:roster'></query></iq> mar 31, 2021 3:52:08 PM INFORMAÇÕES hudson.plugins.jabber.im.transport.JabberIMConnection setupSubscriptionMode Accepting all subscription requests mar 31, 2021 3:52:08 PM DETALHADO hudson.plugins.jabber.im.transport.JabberConnectionDebugger SENT: <presence xmlns='jabber:client' id='T3ylw-8'><c xmlns='http://jabber.org/protocol/caps' hash='sha-1' node='http://www.igniterealtime.org/projects/smack' ver='NfJ3flI83zSdUDzCEICtbypursw='/></presence> mar 31, 2021 3:52:08 PM DETALHADO hudson.plugins.jabber.im.transport.JabberConnectionDebugger SENT: <iq xmlns='jabber:client' id='T3ylw-9' type='get'><vCard xmlns='vcard-temp'/></iq> mar 31, 2021 3:52:08 PM DETALHADO hudson.plugins.jabber.im.transport.JabberConnectionDebugger RECV: <iq xmlns='jabber:client' to='srv.spark@spark.contmatic.com.br/eo4h3ri7h' id='T3ylw-7' type='result'><query xmlns='jabber:iq:roster' ver='1834345758'>............hide the rest of this return (too big).......... mar 31, 2021 3:52:09 PM INFORMAÇÕES hudson.plugins.jabber.im.transport.JabberIMConnection initNewConnection Connected to XMPP on spark.contmatic.com.br:5222/spark.contmatic.com.br mar 31, 2021 3:52:09 PM DETALHADO hudson.plugins.jabber.im.transport.JabberConnectionDebugger SENT: <presence xmlns='jabber:client' id='T3ylw-257' type='unavailable'><nick xmlns="http://jabber.org/protocol/nick">srv.spark</nick></presence> mar 31, 2021 3:52:13 PM DETALHADO hudson.plugins.jabber.im.transport.JabberConnectionDebugger RECV: <iq xmlns='jabber:client' to='srv.spark@spark.contmatic.com.br/eo4h3ri7h' from='spark.contmatic.com.br' id='703-22388' type='get'><query xmlns='jabber:iq:version'></query></iq> mar 31, 2021 3:52:13 PM DETALHADO hudson.plugins.jabber.im.transport.JabberConnectionDebugger SENT: <iq xmlns='jabber:client' to='spark.contmatic.com.br' id='703-22388' type='error'><error xmlns='jabber:client' type='modify'><not-acceptable xmlns='urn:ietf:params:xml:ns:xmpp-stanzas'/></error></iq>
Searching on google i found other applications with the same problem, like that:
Maybe you can understand what's happening reading this post and others. I search on google with the string "org.jivesoftware.smack.SmackException$SecurityRequiredByClientException" SSL
flow this server is a xmpp used by all employees on my organization. I am not the server administrator and I can't change anything on that. I think there are other people with the same situation so I think that plugin need something to keep the behavior of v1.39, trying to connect without SSL/TLS. This can be a configuration on Jenkins Management menu.
Florian Schmaus
added a comment - Thanks, but the interesting parts, that is, what is happening before the connection got authenticated, are missing.
I can only repeat what I wrote above, it appears your server does not offer TLS, while the jabber-plugin (currently) requires TLS. I can not explain exactly (yet) what is going on with 1.39, I won't rule out the possibility that you are on an insecure connection with that version.
Florian Schmaus
added a comment - Thanks, but the interesting parts, that is, what is happening before the connection got authenticated, are missing.
I can only repeat what I wrote above, it appears your server does not offer TLS, while the jabber-plugin (currently) requires TLS. I can not explain exactly (yet) what is going on with 1.39, I won't rule out the possibility that you are on an insecure connection with that version. Well, I can't do anything on my side, as this can impact 500 employes that use a client that i don't know if support SSL, and even if my xmpp server version support ssl too. And, I said before I can't configure this as I am not the admin of xmpp server. I already have something notifying on slack but not all, because many employees are not using slack.
Florian Schmaus
added a comment - We could add an setting allowing insecure connections to the jabber-plugin.
Florian Schmaus
added a comment - We could add an setting allowing insecure connections to the jabber-plugin. 
Well, version 1.42 released. Since than, I can't receive any messages I see this on job console:
Jabber notifier plugin: IMPublisher: sending chat message, strategy ALL, targets: andre.crespo@XXXXXXXX.com
Jabber notifier plugin: Sending notification to: andre.crespo@sXXXXXXX.com
Jabber notifier plugin: [ERROR] not connected. Cannot send message to 'andre.crespo@XXXXXXX.com'
From time to time i have this on jenkins.log:
2021-03-31 14:58:52.711+0000 [id=61] WARNING h.p.i.IMConnectionProvider$ConnectorRunnable#run: Could not acquire semaphore for 240sec
2021-03-31 14:58:52.711+0000 [id=61] INFO h.p.j.i.t.JabberIMConnectionProvider#createConnection: Creating XMPP JabberIMConnection
2021-03-31 14:58:52.711+0000 [id=61] INFO h.p.j.i.t.JabberIMConnection#connect: Trying to connect XMPP connection
2021-03-31 14:58:52.713+0000 [id=61] INFO h.p.j.i.t.JabberIMConnection#createConnection: Trying to connect to XMPP on /XXXXXXXXX.com
2021-03-31 14:58:52.715+0000 [id=61] INFO o.j.s.t.r.RemoteXmppTcpConnectionEndpoints#resolveDomain: Could not resolve DNS SRV resource records for _xmpp-client._tcp.XXXXXXXXXX.com. Consider adding those.
2021-03-31 14:58:52.723+0000 [id=61] WARNING h.p.j.i.t.JabberIMConnection#createConnection: org.jivesoftware.smack.SmackException$SecurityRequiredByClientException: SSL/TLS required by client but not supported by server
at org.jivesoftware.smack.AbstractXMPPConnection.connect(AbstractXMPPConnection.java:535)
at hudson.plugins.jabber.im.transport.JabberIMConnection.createConnection(JabberIMConnection.java:394)
at hudson.plugins.jabber.im.transport.JabberIMConnection.connect(JabberIMConnection.java:231)
at hudson.plugins.jabber.im.transport.JabberIMConnectionProvider.createConnection(JabberIMConnectionProvider.java:75)
at hudson.plugins.im.IMConnectionProvider.create(IMConnectionProvider.java:60)
at hudson.plugins.im.IMConnectionProvider.access$500(IMConnectionProvider.java:17)
at hudson.plugins.im.IMConnectionProvider$ConnectorRunnable.run(IMConnectionProvider.java:167)
at java.lang.Thread.run(Thread.java:823)
2021-03-31 14:58:52.723+0000 [id=61] WARNING h.p.im.IMConnectionProvider#create: Could not create IM connection
hudson.plugins.im.IMException: Connection failed
at hudson.plugins.jabber.im.transport.JabberIMConnectionProvider.createConnection(JabberIMConnectionProvider.java:78)
at hudson.plugins.im.IMConnectionProvider.create(IMConnectionProvider.java:60)
at hudson.plugins.im.IMConnectionProvider.access$500(IMConnectionProvider.java:17)
at hudson.plugins.im.IMConnectionProvider$ConnectorRunnable.run(IMConnectionProvider.java:167)
at java.lang.Thread.run(Thread.java:823)
2021-03-31 14:58:52.723+0000 [id=61] INFO h.p.i.IMConnectionProvider$ConnectorRunnable#run: Reconnect failed. Next connection attempt in 8 minutes
Version 1.39 is working. I can login with the same user jenkins using on Spark client.