I have some XMPP issues in openHAB2 here.
Everything works great when connecting to the XMPP using TLS. But as the certificate changes every 2 months (Letsencrypt) this is not an option because I manually have to change the fingerprint in the XMPP config every time. So I tried to connect via VPN to the XMPP server and define this interface as secure in the XMPP server config to allow plain connections. This does not work, the log looks like this:
2017-07-06 15:59:18.215 [WARN ] [rg.openhab.action.xmpp.internal.XMPP] - Could not send XMPP message as connection is not correctly initialized!
I debugged with the maintainer of the XMPP server software (which is Prosody btw) and we did not see any problems on the server side.
Is anybody else having these problems?
Generally I would like to ask to make this fingerprint thing optional as with the massive use of Letsencrypt certificates it does not make any sense at all - anymore. Also before it was not the best solution as also other certificates expire.
I just created two issues on Github about these issues described above:
I see the same message from time to time. I dug into the code and my impression is, that this is a secondary error message, caused by a previous error, such as
Could not establish connection to XMPP server ‘your-server-address-here’: null
Do you see any such errors? Also refer to Trouble connecting to an XMPP Server with error message "null"
Aparently, noone has been working on the XMPP actions for years. I am thinking about taking over the code and at least updating it to the latest release (4.2.3) of the underlying smack library, which contains important bug fixes.
Sorry, I was on holiday.
I see error messages like this one a lot:
2018-06-06 16:20:56.291 [ERROR] [hab.action.xmpp.internal.XMPPConnect] - Could not establish connection to XMPP server ‘jabber.hot-chilli.net:5222’: java.security.cert.CertificateException: Certificate not pinned. Use ‘CERTPLAIN:xxx’ to pin this certificate. But only pin the certificate if you are sure this is the correct certificate!
(I stripped out the certification here.)
With Letsencrypt the TLSPIN is totally useless…
If you can and want, a rewrite of the code would be really usefull. I cannot code Java but I am willing to test everything.
Martin, I greatly appreciate your offer. What I have done so far is that I updated the underlying XMPP library. I am still struggling with automated tests. Additional manual tests - besides those, which I have performed myself - will greatly help. I will keep you updated.