Comments (5)
For testing purposes, I removed the cross-signed "ISRG Root X1" root CA from my certificate file which is used by ejabberd. This means, my certificate file now only includes the server and the intermediate certificate ("R3"). This gives me an "A" rating here, the certificate is now accepted and there is no error visible anymore when ejabberd is connecting to the ChatSecure push server:
2021-10-24 16:29:31.744 [info] <0.544.0>@ejabberd_s2s_out:init:280 Outbound s2s connection started: sieber.systems -> pubsub.chatsecure.org
2021-10-24 16:29:33.053 [info] <0.544.0>@ejabberd_s2s_out:handle_auth_success:216 (tls|<0.544.0>) Accepted outbound s2s EXTERNAL authentication sieber.systems -> pubsub.chatsecure.org (45.55.5.246)
2021-10-24 16:29:35.001 [info] <0.545.0>@ejabberd_s2s_in:handle_auth_success:181 (tls|<0.545.0>) Accepted inbound s2s EXTERNAL authentication pubsub.chatsecure.org -> sieber.systems (::ffff:45.55.5.246)
But: notifications are still not working. I'll guess there are more problems with the ChatSecure push server, because notifications from my server are working fine with other apps like Monal or Siskin.
Bottom line: it seems that users of servers with Let'sEncrypt certificates will now have to switch to another XMPP client app. Thanks for your help.
from chatsecure-ios.
Did you regenerate the cert after Sep 30?
Also read https://blog.windfluechter.net/2021/09/29/letsencrypt-ca-chain-issues-with-ejabberd/
from chatsecure-ios.
Thanks for your answer. Yes, my server certificate was automatically renewed on Oct 02.
The link you've provided got me a little further. I've used https://xmpp.net/ to test my server: my certificate is issued by the (valid) "ISRG Root X1" root CA which is cross-signed with the old root CA "DST Root CA X3" which expired on Sept 30.
All modern browsers already trusts the "ISRG Root X1" by default. Shouldn't the ChatSecure push server do the same? It seems to me that it only trusts the old "DST Root CA X3". If I see that correctly, it is currently not possible to use push notifications with Let'sEncrypt certificates on ChatSecure.
(Disabling the "DST Root CA X3" on my server as recommended here did not make any difference)
from chatsecure-ios.
It should by it might not, that's the issue, the push server needs some sort of update.
from chatsecure-ios.
Just updated cert store and disabled DST Root CA X3
. Can you check again?
p.s. this is a dupe of #1250, closing this in favor of the first reported issue
from chatsecure-ios.
Related Issues (20)
- Why public/open access level specified with swift classes?
- Push notification problem with pubsub.chatsecure.cat - prosody 0.11.9 (SASL EXTERNAL failed) HOT 18
- Some unstability issues on iOS 15.1 HOT 3
- regarding creating new account in chat secure HOT 1
- Secure HOT 2
- Broke OTR session on folding ChatSecure Messenger HOT 1
- trying to understand why push notifications is failing HOT 5
- README doesn't explain that this isn't maintained any more
- Hope to better protect privacy HOT 1
- Pending Approval on recipient chat HOT 1
- Secure hijacked iphone se
- Push notification / ejabberd 23.04 to chatsecure 5.0.4 (171) HOT 2
- How can we enable logs for yap db queries
- unable to open configuration settings file HOT 1
- There is no XCFramework found HOT 2
- Omemo Message Delivery failed HOT 1
- iOS OTR encryption failure
- ChatSecure installation issue HOT 5
- Chat
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from chatsecure-ios.