Language:
switch to room list switch to menu My folders
Go to page: First ... 28 29 30 31 [32] 33 34 35 36 37
[#] Sun Feb 25 2018 15:58:04 EST from bgerum @ Uncensored

Subject: Re: citadel refuses to start after OpenSuSE upgrade - now with Easyins

[Reply] [ReplyQuoted] [Headers] [Print]

 

Mon Feb 19 2018 16:48:14 EST from bgerum @ Uncensored Subject: Re: citadel refuses to start after OpenSuSE upgrade - cursor still in prog

 

Sun Feb 04 2018 16:22:10 EST from bgerum @ Uncensored Subject: Re: citadel refuses to start after OpenSuSE upgrade - cursor still in prog

 

Mon Jan 29 2018 18:34:53 EST from bgerum @ Uncensored Subject: Re: citadel refuses to start after OpenSuSE upgrade - cursor still in prog

 

Mon Jan 29 2018 13:35:33 EST from IGnatius T Foobar @ Uncensored Subject: Re: citadel refuses to start after OpenSuSE upgrade - cursor still in prog
thanks for the reply. Unfortunately it seems the last version supplied by
the
homueller SuSE repo which is linked in the citadel.org doku ist 824.


Is there another rpm source?

I'm not aware of another RPM source. You could switch to Easy Install, which works on all distributions, but you'll have to move your data files to another directory first.

I used the Easy Install a long time ago, but the RPM version ist much more integrated in the OpenSuSE environment, not only directory-wise but also regarding startscripts, updating etc.

Do you think you could give Mr. homueller a hint there are new citadel versions out there? 



Ok, I found another OpenSuSE rpm source:

https://download.opensuse.org/repositories/home:/stefjakobs:/citadel-testing

it does provide citadel-9.01-13.19.x86_64, I installed it although it is compiled for the tumbleweed version of OpenSuSE, not leap which is what i use.

however, my database upgrade problem still remains:

citserver[14575]: Checking directory access
citserver[14575]: Opening databases
citserver[14575]: bdb(): open_databases() starting
citserver[14575]: Compiled db: Berkeley DB 4.8.30: (March 31, 2016)
citserver[14575]:   Linked db: Berkeley DB 4.8.30: (October 21, 2013)
citserver[14575]: Calculated dbversion: 4008030
citserver[14575]:   Previous dbversion: 4008030
citserver[14575]: Linked zlib: 1.2.8
citserver[14575]: bdb(): Setting up DB environment
citserver[14575]: dbenv->open(dbenv, /var/lib/citadel/data/, 10899, 0)
citserver[14575]: DB: Finding last valid log LSN: file: 6494 offset 9355549
citserver[14575]: DB: Recovery starting from [6494][9355421]
citserver[14575]: DB: Recovery complete at Sun Feb  4 22:10:24 2018
citserver[14575]: DB: Maximum transaction ID 80000024 Recovery checkpoint [6494][9355549]
citserver[14575]: Starting up DB
citserver[14575]: Checking floor reference counts
citserver[14575]: bdb(): cursor still in progress on cdb 04: can't begin transaction during r/o cursor
citserver[14575]: citserver is stopping in order to prevent data loss. uid=0 gid=0 euid=0 egid=0


 


Hi Ignatius,
 
any help on this? In the meantime I fired up the old server, did a sendcommand "CULL" and retransfered all the data files ... still the same problem!
 
 
As, unfortunately citadel 9.01-13 seems to be regarded as positively ancient, too, I gave EasyInstall a try, still having in mind I will have to reconfigure all the startup scripting, let's encrypt SSL Cert updating, fetchmail with TLS/SSL etc..
But EasyInstall chokes up on libsieve:
 
2nd run:
 
Installation will now begin.
Command output will not be sent to the terminal.
To view progress, see the /tmp/citadel-install-log.txt file.

* libical does not need updating.
* libsieve does not need updating.
* Berkeley DB does not need updating.
* expat does not need updating.
* libcurl does not need updating.
* libcitadel does not need updating.
* Downloading Citadel...
* Installing Citadel...

Citadel Easy Install is aborting.

A log file has been written to /tmp/citadel-install-log.txt
Reading this file may tell you what went wrong. If you
need to ask for help on the support forum, please post the
last screenful of text from this log.

Operating system: Linux 4.4.104-39-default( 4.4.104-39-default x86_64)
 
last lines of the install log:
 
checking for libical/ical.h... yes
checking for icaltimezone_set_tzid_prefix in -lical... yes
checking sieve2.h usability... yes
checking sieve2.h presence... yes
checking for sieve2.h... yes
checking for sieve2_license in -lsieve... no
configure: error: libsieve was not found and is required.  More info: http://www.citadel.org/doku.php/installation:start
Operating system: Linux 4.4.104-39-default( 4.4.104-39-default x86_64)

 



 



[#] Sun Feb 25 2018 20:05:54 EST from paxfettel @ Uncensored

Subject: raspberry pi install

[Reply] [ReplyQuoted] [Headers] [Print]

having trouble getting past login after following instructions here https://pimylifeup.com/raspberry-pi-email-server/ i have to click login multiple times then gets stuck with please wait  many thanks for any help i can get



[#] Sun Feb 25 2018 21:46:41 EST from IGnatius T Foobar @ Uncensored

Subject: Re: citadel refuses to start after OpenSuSE upgrade - now with Easyins

[Reply] [ReplyQuoted] [Headers] [Print]

 

checking for libical/ical.h... yes
checking for icaltimezone_set_tzid_prefix in -lical... yes
checking sieve2.h usability... yes
checking sieve2.h presence... yes
checking for sieve2.h... yes
checking for sieve2_license in -lsieve... no
configure: error: libsieve was not found and is required.  More info: http://www.citadel.org/doku.php/installation:start
Operating system: Linux 4.4.104-39-default( 4.4.104-39-default x86_64)

According to that log, it couldn't link to libsieve, even though libsieve had clearly been installed.  That is quite weird.

Can you attach the full log please?  We need to see what happened during the libsieve build.



[#] Mon Feb 26 2018 09:11:30 EST from Haven @ Uncensored

Subject: Re: Unable to connect pidgin to citadel server

[Reply] [ReplyQuoted] [Headers] [Print]

 

Sat Feb 24 2018 11:43:32 EST from bobdoe @ Uncensored Subject: Unable to connect pidgin to citadel server

I'd like to attempt reformulating the question in a more neutral way, if I got chance. Already read the proper questions faq.

I'm trying to connect Pidgin chat client to Citadel server.

Setup:
Citadel 917 installed through easy-install on Centos 7.4. Firewalld disabled.
Pidgin 2.12 running on Windows 10.

So I followed the corresponding documentation: http://www.citadel.org/doku.php/faq:everydayuse:jabber#configuring.a.jabber.client.to.access.citadel
But after that I get the following error: "The certificate for <server> could not be validated. The certificate chain presented is invalid".

Now, I noticed in latest pidgin build that there's seemingly no way to turn off SSL/TLS encryption anymore; at most there's the option "use old style SSL".

What I have tried and what I got:
--Use old style SSL:
   no certificate error, but Pidgin gets stuck in "Connecting..." forever.
--Export Citadel server's certificate with Firefox, name it after server's hostname (ip address), and manually adding it to Pidgin:
   still get the same previous "certificate chain is invalid" error
--Run "openssl s_client -connect <server>:<port> -starttls xmpp" in Centos server, and copying generated cert to Pidgin on Windows:
   still get the same previous "certificate chain is invalid" error
--Change Citadel XMPP port to 5223 as well as in Pidgin, and use old style SSL:
   Pidgin complains about not finding the server.

Finally I tried other XMPP clients such as Jitsi, Gajim and Spark. Long story short (unless I'm required to provide further details), they also expect to connect through SSL/TLS with no option to disable it.

Could anyone assist, please?
Or should I try finding a XMPP client with option to not use SSL/TLS at all?

Thanks.



 

Again, not a Citadel expert, but when I see the error "The certificate for <server> could not be validated. The certificate chain presented is invalid". this indicates an issue with the certificate chain. 

If this is a self signed certificate, then Pidgin doesn't support those anymore.   If this isn't a self signed certificate, please check the intermediate certificates are in place.    Usually when you buy a certificate you get a bundle, which includes your certificate, plus their certificate chain, just in case, so the cert can be verified by the issuing body.  

 

Link to an article about how SSL works: https://www.entrustdatacard.com/pages/ssl 

 



[#] Mon Feb 26 2018 10:45:59 EST from bobdoe @ Uncensored

Subject: Re: Unable to connect pidgin to citadel server

[Reply] [ReplyQuoted] [Headers] [Print]

 

Mon Feb 26 2018 09:11:30 AM EST from Haven @ Uncensored Subject: Re: Unable to connect pidgin to citadel server

 

Sat Feb 24 2018 11:43:32 EST from bobdoe @ Uncensored Subject: Unable to connect pidgin to citadel server

I'd like to attempt reformulating the question in a more neutral way, if I got chance. Already read the proper questions faq.

I'm trying to connect Pidgin chat client to Citadel server.

Setup:
Citadel 917 installed through easy-install on Centos 7.4. Firewalld disabled.
Pidgin 2.12 running on Windows 10.

So I followed the corresponding documentation: http://www.citadel.org/doku.php/faq:everydayuse:jabber#configuring.a.jabber.client.to.access.citadel
But after that I get the following error: "The certificate for <server> could not be validated. The certificate chain presented is invalid".

Now, I noticed in latest pidgin build that there's seemingly no way to turn off SSL/TLS encryption anymore; at most there's the option "use old style SSL".

What I have tried and what I got:
--Use old style SSL:
   no certificate error, but Pidgin gets stuck in "Connecting..." forever.
--Export Citadel server's certificate with Firefox, name it after server's hostname (ip address), and manually adding it to Pidgin:
   still get the same previous "certificate chain is invalid" error
--Run "openssl s_client -connect <server>:<port> -starttls xmpp" in Centos server, and copying generated cert to Pidgin on Windows:
   still get the same previous "certificate chain is invalid" error
--Change Citadel XMPP port to 5223 as well as in Pidgin, and use old style SSL:
   Pidgin complains about not finding the server.

Finally I tried other XMPP clients such as Jitsi, Gajim and Spark. Long story short (unless I'm required to provide further details), they also expect to connect through SSL/TLS with no option to disable it.

Could anyone assist, please?
Or should I try finding a XMPP client with option to not use SSL/TLS at all?

Thanks.



 

Again, not a Citadel expert, but when I see the error "The certificate for <server> could not be validated. The certificate chain presented is invalid". this indicates an issue with the certificate chain. 

If this is a self signed certificate, then Pidgin doesn't support those anymore.   If this isn't a self signed certificate, please check the intermediate certificates are in place.    Usually when you buy a certificate you get a bundle, which includes your certificate, plus their certificate chain, just in case, so the cert can be verified by the issuing body.  

 

Link to an article about how SSL works: https://www.entrustdatacard.com/pages/ssl 

 



Thanks.

Meanwhile I have already read several articles about general SSL and TLS. I also searched again in all citadel.org documents.
And yes, I already realized Citadel installs self-signed certificates by default (evident when accessing webcit through https).

I also tried with other XMPP clients such as Jitsi and Miranda. Their options regarding SSL are certainly different of Pidgin's, in the sense one can seemingly enable/disable SSL option. Yet, by following similar steps to those described in citadel's pidgin documentation, I still cannot connect to server. Jitsi complains about not finding the server, and Miranda gets stuck at attempting to conenct and not showing any contacts or groups.

Ignatius:
I'd be willing to offer apologies. But also, if you had chance, could you give some advise please? Is it that Citadel still needs further TLS compatibility?

I'm still trying stuff by myself, and searching for more TLS documents, but I'm fearing I'd reach my limit soon, and this feature would be very useful for the place here.

Thanks.



[#] Mon Feb 26 2018 12:28:50 EST from IGnatius T Foobar @ Uncensored

Subject: Re: Unable to connect pidgin to citadel server

[Reply] [ReplyQuoted] [Headers] [Print]

Citadel XMPP honors the 'starttls' command to upgrade a non-encrypted connection to an encrypted connection. I'm surprised to hear that there are clients which cannot be configured to ignore certificate trust errors, but if that is the case, there are a number of places offering free SSL certificates now, so you can try-before-you-buy.

Citadel Server and WebCit both follow the same procedure for auto-generating a certificate at startup if you haven't supplied one:

1. If there is no private key, one is generated.
2. A certificate signing request (CSR) is generated using that key.
3. If there is no public certificate, a self-signed certificate is generated using the key and CSR.

If you are applying to a certificate authority for a "real" certificate, the generated key will be fine to use, but the CSR will probably have incorrect information in it. Here's a quick rundown of what you need to do, for Citadel or any other software which needs an SSL certificate.

1. Generate a key with a command like:
openssl genrsa -out citadel.key 2048

2. Generate a certificate signing request:
openssl req -new -key citadel.key -out citadel.csr
Answer all prompts carefully!

3. Submit your CSR to the certificate authority of your choice. When they supply your signed certificate, they will likely indicate to you that there are one or more intermediate certificates that must be included. Create a file called "citadel.cer" containing your server's certificate, followed by the intermediate certificate(s).

4. Restart citserver. Connect to it and see if it works.

WebCit is the same way, except the filenames are webcit.[key|csr|cer] instead of citadel.[key|csr|cer]. It's probably easier to test with WebCit first, since you can easily verify it with your web browser, and then copy the files over to Citadel after testing.
You can and should use the same key/cert for both programs.

In the future we will be looking into implementing the Let's Encrypt framework to automatically obtain and install free SSL certificates, but that is some way off at this point. In the mean time I'm pleased to see that the number of options for trial and short term SSL certificates at no cost has increrased.

[#] Mon Feb 26 2018 12:31:46 EST from EDIS @ Uncensored

Subject: Server migration?

[Reply] [ReplyQuoted] [Headers] [Print]

I'm trying to use the replication feature to migrate from one server to another, but I can't find ANY documentation on the feature. How do I use it? Thanks!



[#] Mon Feb 26 2018 12:49:46 EST from EDIS @ Uncensored

Subject: Server Migration

[Reply] [ReplyQuoted] [Headers] [Print]

Hi there!

I'm trying to migrate a citadel server from one server to another. I was trying to use the replication utility, but couldn't find any real documentation on it.

 

I can re-configure the useres and such if I need to, I just need to move all the emails over.

 

Thanks in advance for your help!



[#] Mon Feb 26 2018 12:51:57 EST from bobdoe @ Uncensored

Subject: Re: Unable to connect pidgin to citadel server

[Reply] [ReplyQuoted] [Headers] [Print]

 

Mon Feb 26 2018 12:28:50 PM EST from IGnatius T Foobar @ Uncensored Subject: Re: Unable to connect pidgin to citadel server
Citadel XMPP honors the 'starttls' command to upgrade a non-encrypted connection to an encrypted connection. I'm surprised to hear that there are clients which cannot be configured to ignore certificate trust errors, but if that is the case, there are a number of places offering free SSL certificates now, so you can try-before-you-buy.

Citadel Server and WebCit both follow the same procedure for auto-generating a certificate at startup if you haven't supplied one:

1. If there is no private key, one is generated.
2. A certificate signing request (CSR) is generated using that key.
3. If there is no public certificate, a self-signed certificate is generated using the key and CSR.

If you are applying to a certificate authority for a "real" certificate, the generated key will be fine to use, but the CSR will probably have incorrect information in it. Here's a quick rundown of what you need to do, for Citadel or any other software which needs an SSL certificate.

1. Generate a key with a command like:
openssl genrsa -out citadel.key 2048

2. Generate a certificate signing request:
openssl req -new -key citadel.key -out citadel.csr
Answer all prompts carefully!

3. Submit your CSR to the certificate authority of your choice. When they supply your signed certificate, they will likely indicate to you that there are one or more intermediate certificates that must be included. Create a file called "citadel.cer" containing your server's certificate, followed by the intermediate certificate(s).

4. Restart citserver. Connect to it and see if it works.

WebCit is the same way, except the filenames are webcit.[key|csr|cer] instead of citadel.[key|csr|cer]. It's probably easier to test with WebCit first, since you can easily verify it with your web browser, and then copy the files over to Citadel after testing.
You can and should use the same key/cert for both programs.

In the future we will be looking into implementing the Let's Encrypt framework to automatically obtain and install free SSL certificates, but that is some way off at this point. In the mean time I'm pleased to see that the number of options for trial and short term SSL certificates at no cost has increrased.

Thanks very much for answering.

As I previously mentioned, I have already reviewed -more than once- the documents at citadel.org site, so I was already well aware of what you just explained. Sorry if I didn't mention it earlier.

Just wanted to mention this before keeping trying a few more possible stuff. Somewhere in Pidgin site I had read it can actually handle self-signed or untrusted certificates just well; it just didn't say how to. I was about to search again there but the site is currently down...

From the docs and what you just explained, I'd guess Citadel currently lacks self-signed certificate support at least for XMPP...



[#] Mon Feb 26 2018 12:58:55 EST from EDIS @ Uncensored

Subject: Re: Server Migration

[Reply] [ReplyQuoted] [Headers] [Print]

Note: i've seen the page that says not to use the replication function for this. The other suggested methods don't seem to have worked.



[#] Mon Feb 26 2018 16:09:59 EST from IGnatius T Foobar @ Uncensored

Subject: Re: Unable to connect pidgin to citadel server

[Reply] [ReplyQuoted] [Headers] [Print]

From the docs and what you just explained, I'd guess Citadel currently lacks self-signed certificate support at least for XMPP...

Well ... not quite.  It's not really an issue specific to XMPP, or even to Citadel.

Any server that supports SSL/TLS, on any protocol which uses it, is just going to supply whatever certificate you've installed on it.  The server does not care whether the client chooses to trust it.   It's the client's decision whether to trust the server certificate or not.  The server cannot choose to "support" any specific type of certificate.  Only the client can do that.



[#] Mon Feb 26 2018 16:11:08 EST from IGnatius T Foobar @ Uncensored

Subject: Re: Server Migration

[Reply] [ReplyQuoted] [Headers] [Print]

 

Note: i've seen the page that says not to use the replication function for this. The other suggested methods don't seem to have worked.

If you're going from like-to-like architecture (for example, 64-bit Intel on both sides) it's best to just copy the data files over.

 



[#] Mon Feb 26 2018 16:45:41 EST from bgerum @ Uncensored

Subject: Re: citadel refuses to start after OpenSuSE upgrade - now with Easyins

[Reply] [ReplyQuoted] [Headers] [Print]

 

Sun Feb 25 2018 21:46:41 EST from IGnatius T Foobar @ Uncensored Subject: Re: citadel refuses to start after OpenSuSE upgrade - now with Easyins

 

checking for libical/ical.h... yes
checking for icaltimezone_set_tzid_prefix in -lical... yes
checking sieve2.h usability... yes
checking sieve2.h presence... yes
checking for sieve2.h... yes
checking for sieve2_license in -lsieve... no
configure: error: libsieve was not found and is required.  More info: http://www.citadel.org/doku.php/installation:start
Operating system: Linux 4.4.104-39-default( 4.4.104-39-default x86_64)

According to that log, it couldn't link to libsieve, even though libsieve had clearly been installed.  That is quite weird.

Can you attach the full log please?  We need to see what happened during the libsieve build.

 

unfortunately the 2nd try has overwritten the original log. I also did some updates overnight... but attached you find the current EasyInstall Log

 



 



citadel-install-log.txt (text/plain, 13387 bytes) [View| Download]
[#] Mon Feb 26 2018 21:04:35 EST from bobdoe @ Uncensored

Subject: Re: Unable to connect pidgin to citadel server

[Reply] [ReplyQuoted] [Headers] [Print]

 

Mon Feb 26 2018 04:09:59 PM EST from IGnatius T Foobar @ Uncensored Subject: Re: Unable to connect pidgin to citadel server

From the docs and what you just explained, I'd guess Citadel currently lacks self-signed certificate support at least for XMPP...

Well ... not quite.  It's not really an issue specific to XMPP, or even to Citadel.

Any server that supports SSL/TLS, on any protocol which uses it, is just going to supply whatever certificate you've installed on it.  The server does not care whether the client chooses to trust it.   It's the client's decision whether to trust the server certificate or not.  The server cannot choose to "support" any specific type of certificate.  Only the client can do that.



Yes, already just realized.

So I did some more tests, with 2 versions of Pidgin: current 2.12.0 one; and 2.7.3, which was the last one having the same options as screenshots illustrated here
http://www.citadel.org/doku.php/faq:everydayuse:jabber#configuring.a.jabber.client.to.access.citadel
I tried this old build as well to see if having the option to disable SSL could make a difference.

Setup, just for review:
Citadel 917 installed from easy-install on Centos 7.4, both firewalld and selinux disabled
Server's ip: 10.0.1.5
Testing user: user123
Pidgin clients running on Windows 10

 

So, summarizing again what I tried and what I got:
--Use old style SSL, either with port 5222 and 5223 (both Pidgin versions):
   no certificate error, but Pidgin gets stuck in "Connecting..." forever according to its debug window.
--Export Citadel server's certificate with Firefox, name it after server's hostname (ip address), and manually adding it to Pidgin
--Run "openssl s_client -connect 10.0.1.5:5222 -starttls xmpp" in Centos server, and copying generated cert to Pidgin on Windows (filename is ip address):
   I need to correct myself in these 2. It seems last time I had messed up server. It fixed and I could try for real this time.
   This time Pidgin accepted the certificate. But now a new problem arouse. I posted Pidgin's 2.12.0 debug window output here https://pastebin.com/Kr2dAr81 .

In Pidgin 2.12.0 line 67 "connection: purple_connection_error_reason called with NULL description" was the killer one marked in red.
Log for Pidgin 2.7.3 was virtually the same, except that lines 66 and 67 were not there; killer error was the "Don't know howto do 'set'!".
But the interesting thing is, this "set" error is present in both logs.

Just in case I posted in Pidgin forums. To my surprise, they pointed at the "set" error:
"The software you're using is lacking some basic core XMPP stuff in its implementation, namely something like this https://tools.ietf.org/html/rfc6120#page-95 "

Think this could be a bug?

Thanks again.



[#] Mon Feb 26 2018 23:58:15 EST from warbaby @ Uncensored

Subject: Re: Unable to connect pidgin to citadel server

[Reply] [ReplyQuoted] [Headers] [Print]

What we really need is a Lua module to authenticate Prosody thru the Citadel API.  Prosody supports lots of XEP specs, and has a fairly active community.  It's lightweight, and can run just fine along Citadel on small VPS.  I've used it for years. We just need to hook them up.

Even if you were to get your SSL sorted out, you'll immediately want some XMPP feature that Citadel doesn't support, and may not ever.. so, it's easier to write the authentication than waste more time testing old versions of pidgin.  If a few of us got together, we could have it done in a few days, if not hours.  All XMPP clients are junk btw.  

I spent some time with auth_imap a while ago, but don't recall what happened.  It may work.  Take a look at the other auth modules.  They are only ~75-100 loc.

https://modules.prosody.im/type_auth.html

 

Mon Feb 26 2018 09:04:35 PM EST from bobdoe @ Uncensored Subject: Re: Unable to connect pidgin to citadel server

 

Mon Feb 26 2018 04:09:59 PM EST from IGnatius T Foobar @ Uncensored Subject: Re: Unable to connect pidgin to citadel server

From the docs and what you just explained, I'd guess Citadel currently lacks self-signed certificate support at least for XMPP...

Well ... not quite.  It's not really an issue specific to XMPP, or even to Citadel.

Any server that supports SSL/TLS, on any protocol which uses it, is just going to supply whatever certificate you've installed on it.  The server does not care whether the client chooses to trust it.   It's the client's decision whether to trust the server certificate or not.  The server cannot choose to "support" any specific type of certificate.  Only the client can do that.



Yes, already just realized.

So I did some more tests, with 2 versions of Pidgin: current 2.12.0 one; and 2.7.3, which was the last one having the same options as screenshots illustrated here
http://www.citadel.org/doku.php/faq:everydayuse:jabber#configuring.a.jabber.client.to.access.citadel
I tried this old build as well to see if having the option to disable SSL could make a difference.

Setup, just for review:
Citadel 917 installed from easy-install on Centos 7.4, both firewalld and selinux disabled
Server's ip: 10.0.1.5
Testing user: user123
Pidgin clients running on Windows 10

 

So, summarizing again what I tried and what I got:
--Use old style SSL, either with port 5222 and 5223 (both Pidgin versions):
   no certificate error, but Pidgin gets stuck in "Connecting..." forever according to its debug window.
--Export Citadel server's certificate with Firefox, name it after server's hostname (ip address), and manually adding it to Pidgin
--Run "openssl s_client -connect 10.0.1.5:5222 -starttls xmpp" in Centos server, and copying generated cert to Pidgin on Windows (filename is ip address):
   I need to correct myself in these 2. It seems last time I had messed up server. It fixed and I could try for real this time.
   This time Pidgin accepted the certificate. But now a new problem arouse. I posted Pidgin's 2.12.0 debug window output here https://pastebin.com/Kr2dAr81 .

In Pidgin 2.12.0 line 67 "connection: purple_connection_error_reason called with NULL description" was the killer one marked in red.
Log for Pidgin 2.7.3 was virtually the same, except that lines 66 and 67 were not there; killer error was the "Don't know howto do 'set'!".
But the interesting thing is, this "set" error is present in both logs.

Just in case I posted in Pidgin forums. To my surprise, they pointed at the "set" error:
"The software you're using is lacking some basic core XMPP stuff in its implementation, namely something like this https://tools.ietf.org/html/rfc6120#page-95 "

Think this could be a bug?

Thanks again.



 



[#] Tue Feb 27 2018 12:43:28 EST from bobdoe @ Uncensored

Subject: Re: Unable to connect pidgin to citadel server

[Reply] [ReplyQuoted] [Headers] [Print]

I dared to take a look at Citadel source code out of curiosity.
By all means I'm no dev and I may have dared too much for myself, but... could it be there might be something missing in this part?
http://code.citadel.org/?p=citadel.git;a=blob;f=citadel/modules/xmpp/serv_xmpp.c;h=3248a11cb39bbbf98b1281ec78082c10d3da3774;hb=HEAD#l177

In general, can this be fixed?



[#] Wed Feb 28 2018 00:00:10 EST from Zhouyang @ Uncensored

Subject: Fix crashes when some external APIs fail

[Reply] [ReplyQuoted] [Headers] [Print]

Hi,

I'm a PhD student. I analyzed the Citadel source code and found some potential API bugs that may cause crashes. These crashes are mainly caused by insufficient error handling of API functions like chown or fopen.

I think it's unsafe to assume the library function would be correct. It would be better if we could handle the error properly. Attached please find the patch against the current development version. Hopefully, it can solve these potential bugs.

 

Best,

Zhouyang



api_bugs_citadel-trunk.patch (text/x-patch, 3236 bytes) [ View | Download ]
[#] Wed Feb 28 2018 02:36:33 EST from dnsserver @ Uncensored

[Reply] [ReplyQuoted] [Headers] [Print]

Hi,

I am Md.Moniruzzaman,I want to try install and configure Citadel mail server. But I can't understand the system of citadel.How I can install and configure citadel server in Open-suse.If any one give sequential instruction than i will got the system.

Thank you. 



[#] Wed Feb 28 2018 03:59:08 EST from dnsserver @ Uncensored

[Reply] [ReplyQuoted] [Headers] [Print]

Hi,

I want to try install and configure Citadel mail server. But I can't understand the system of citadel.How I can install and configure citadel server in Open-suse.If any one give sequential instruction than i will got the system.

Thank you. 



[#] Wed Feb 28 2018 09:32:34 EST from warbaby @ Uncensored

Subject: Re: Unable to connect pidgin to citadel server

[Reply] [ReplyQuoted] [Headers] [Print]

 

Prosody is an XMPP server, not a client. 



Tue Feb 27 2018 10:58:00 AM EST from bobdoe @ Uncensored Subject: Re: Unable to connect pidgin to citadel server

 

Mon Feb 26 2018 11:58:15 PM EST from warbaby @ Uncensored Subject: Re: Unable to connect pidgin to citadel server

What we really need is a Lua module to authenticate Prosody thru the Citadel API.  Prosody supports lots of XEP specs, and has a fairly active community.  It's lightweight, and can run just fine along Citadel on small VPS.  I've used it for years. We just need to hook them up.

Even if you were to get your SSL sorted out, you'll immediately want some XMPP feature that Citadel doesn't support, and may not ever.. so, it's easier to write the authentication than waste more time testing old versions of pidgin.  If a few of us got together, we could have it done in a few days, if not hours.  All XMPP clients are junk btw.  

I spent some time with auth_imap a while ago, but don't recall what happened.  It may work.  Take a look at the other auth modules.  They are only ~75-100 loc.

https://modules.prosody.im/type_auth.html

 

Mon Feb 26 2018 09:04:35 PM EST from bobdoe @ Uncensored Subject: Re: Unable to connect pidgin to citadel server

 

Mon Feb 26 2018 04:09:59 PM EST from IGnatius T Foobar @ Uncensored Subject: Re: Unable to connect pidgin to citadel server

From the docs and what you just explained, I'd guess Citadel currently lacks self-signed certificate support at least for XMPP...

Well ... not quite.  It's not really an issue specific to XMPP, or even to Citadel.

Any server that supports SSL/TLS, on any protocol which uses it, is just going to supply whatever certificate you've installed on it.  The server does not care whether the client chooses to trust it.   It's the client's decision whether to trust the server certificate or not.  The server cannot choose to "support" any specific type of certificate.  Only the client can do that.



Yes, already just realized.

So I did some more tests, with 2 versions of Pidgin: current 2.12.0 one; and 2.7.3, which was the last one having the same options as screenshots illustrated here
http://www.citadel.org/doku.php/faq:everydayuse:jabber#configuring.a.jabber.client.to.access.citadel
I tried this old build as well to see if having the option to disable SSL could make a difference.

Setup, just for review:
Citadel 917 installed from easy-install on Centos 7.4, both firewalld and selinux disabled
Server's ip: 10.0.1.5
Testing user: user123
Pidgin clients running on Windows 10

 

So, summarizing again what I tried and what I got:
--Use old style SSL, either with port 5222 and 5223 (both Pidgin versions):
   no certificate error, but Pidgin gets stuck in "Connecting..." forever according to its debug window.
--Export Citadel server's certificate with Firefox, name it after server's hostname (ip address), and manually adding it to Pidgin
--Run "openssl s_client -connect 10.0.1.5:5222 -starttls xmpp" in Centos server, and copying generated cert to Pidgin on Windows (filename is ip address):
   I need to correct myself in these 2. It seems last time I had messed up server. It fixed and I could try for real this time.
   This time Pidgin accepted the certificate. But now a new problem arouse. I posted Pidgin's 2.12.0 debug window output here https://pastebin.com/Kr2dAr81 .

In Pidgin 2.12.0 line 67 "connection: purple_connection_error_reason called with NULL description" was the killer one marked in red.
Log for Pidgin 2.7.3 was virtually the same, except that lines 66 and 67 were not there; killer error was the "Don't know howto do 'set'!".
But the interesting thing is, this "set" error is present in both logs.

Just in case I posted in Pidgin forums. To my surprise, they pointed at the "set" error:
"The software you're using is lacking some basic core XMPP stuff in its implementation, namely something like this https://tools.ietf.org/html/rfc6120#page-95 "

Think this could be a bug?

Thanks again.



 



To clarify:
I only tested the old 2.7.3 version of Pidgin in order to temporarily put the SSL variable out of here (i.e., unchecking the option) and see if it made a difference. For some reason it still asked for the SSL certificate, *but* gave the option to accept the "unknown" certificate, which latest version 2.12.0 no longer allows by default.
As I also mentioned, I however managed to sort the SSL thing in latest Pidgin 2.12.0 release.
So in the end, SSL seems to no longer be the issue here, both leading to a different common error:
"Don't know howto do 'set'!"

I was also about to try Prosody client, but then I read they discontinued Windows builds, and unfortunately Windows clients are needed here in the place.

By the way, I forgot to mention, I *did do* searches around internet about this "set" error, and found little to no good hits. Then I posted in the Pidgin boards and got that response.



 



Go to page: First ... 28 29 30 31 [32] 33 34 35 36 37