amazon-web-servicesreact-nativexmppejabberd
Failing to Connect to Ejabberd Server using react-native-xmpp
I'm trying to create a basic chat app using react-native-xmpp and Ejabberd, but I'm getting a certificate error. Here is the full console output:
Pressed
[Fri Aug 21 2020 04:40:01.140] LOG react-native-xmpp: Message: "Testing..." being sent to user: user@ec2-3-14-27-95.us-east-2.compute.amazonaws.com
[Fri Aug 21 2020 04:40:01.360] LOG react-native-xmpp: Error: java.security.cert.CertificateException: Hostname verification of certificate failed. Certificate does not authenticate ec2-3-14-27-95.us-east-2.compute.amazonaws.com
[Fri Aug 21 2020 04:40:01.366] LOG react-native-xmpp: Disconnected, error: Hostname verification of certificate failed. Certificate does not authenticate ec2-3-14-27-95.us-east-2.compute.amazonaws.com
I can log onto the Ejabberd web admin panel no problem and the server launches with no issues, but it doesn't seem to like accepting XMPP connections. Here is my client code:
var XMPP = require('react-native-xmpp');
class App extends Component {
test() {
console.log('Pressed');
var user = 'admin@ec2-3-14-27-95.us-east-2.compute.amazonaws.com';
var password = 'password';
var to = 'user@ec2-3-14-27-95.us-east-2.compute.amazonaws.com';
XMPP.trustHosts(['ec2-3-14-27-95.us-east-2.compute.amazonaws.com']);
XMPP.connect(user, password);
XMPP.message('Testing...', to);
}
render() {
return (
<View style={styles.center}>
<Button title="Button" onPress={this.test} />
</View>
);
}
}
The code is hideous, but right now I just want to make sure I can establish and maintain a connection.
EDIT:
Error dialog from Gajim:
Certificate details from Gajim:
ejabberd.yml:
###
###' ejabberd configuration file
###
### The parameters used in this configuration file are explained at
###
### https://docs.ejabberd.im/admin/configuration
###
### The configuration file is written in YAML.
### *******************************************************
### ******* !!! WARNING !!! *******
### ******* YAML IS INDENTATION SENSITIVE *******
### ******* MAKE SURE YOU INDENT SECTIONS CORRECTLY *******
### *******************************************************
### Refer to http://en.wikipedia.org/wiki/YAML for the brief description.
###
hosts:
- "ec2-3-14-27-95.us-east-2.compute.amazonaws.com"
loglevel: 4
log_rotate_size: 10485760
log_rotate_date: ""
log_rotate_count: 1
log_rate_limit: 100
certfiles:
- "/opt/ejabberd/conf/server.pem"
## - "/etc/letsencrypt/live/localhost/fullchain.pem"
## - "/etc/letsencrypt/live/localhost/privkey.pem"
ca_file: "/opt/ejabberd/conf/cacert.pem"
listen:
-
port: 5222
ip: "::"
module: ejabberd_c2s
max_stanza_size: 262144
shaper: c2s_shaper
access: c2s
starttls_required: true
-
port: 5269
ip: "::"
module: ejabberd_s2s_in
max_stanza_size: 524288
-
port: 5443
ip: "::"
module: ejabberd_http
tls: true
request_handlers:
"/admin": ejabberd_web_admin
"/api": mod_http_api
"/bosh": mod_bosh
"/captcha": ejabberd_captcha
"/upload": mod_http_upload
"/ws": ejabberd_http_ws
"/oauth": ejabberd_oauth
-
port: 5280
ip: "::"
module: ejabberd_http
request_handlers:
"/admin": ejabberd_web_admin
-
port: 1883
ip: "::"
module: mod_mqtt
backlog: 1000
s2s_use_starttls: optional
acl:
local:
user_regexp: ""
loopback:
ip:
- 127.0.0.0/8
- ::1/128
- ::FFFF:127.0.0.1/128
admin:
user:
- "admin@ec2-3-14-27-95.us-east-2.compute.amazonaws.com"
access_rules:
local:
allow: local
c2s:
deny: blocked
allow: all
announce:
allow: admin
configure:
allow: admin
muc_create:
allow: local
pubsub_createnode:
allow: local
trusted_network:
allow: loopback
api_permissions:
"console commands":
from:
- ejabberd_ctl
who: all
what: "*"
"admin access":
who:
access:
allow:
acl: loopback
acl: admin
oauth:
scope: "ejabberd:admin"
access:
allow:
acl: loopback
acl: admin
what:
- "*"
- "!stop"
- "!start"
"public commands":
who:
ip: 127.0.0.1/8
what:
- status
- connected_users_number
shaper:
normal: 1000
fast: 50000
shaper_rules:
max_user_sessions: 10
max_user_offline_messages:
5000: admin
100: all
c2s_shaper:
none: admin
normal: all
s2s_shaper: fast
max_fsm_queue: 10000
acme:
contact: "mailto:admin@ec2-3-14-27-95.us-east-2.compute.amazonaws.com"
ca_url: "https://acme-v01.api.letsencrypt.org"
modules:
mod_adhoc: {}
mod_admin_extra: {}
mod_announce:
access: announce
mod_avatar: {}
mod_blocking: {}
mod_bosh: {}
mod_caps: {}
mod_carboncopy: {}
mod_client_state: {}
mod_configure: {}
mod_disco: {}
mod_fail2ban: {}
mod_http_api: {}
mod_http_upload:
put_url: https://@HOST@:5443/upload
mod_last: {}
mod_mam:
## Mnesia is limited to 2GB, better to use an SQL backend
## For small servers SQLite is a good fit and is very easy
## to configure. Uncomment this when you have SQL configured:
## db_type: sql
assume_mam_usage: true
default: never
mod_mqtt: {}
mod_muc:
access:
- allow
access_admin:
- allow: admin
access_create: muc_create
access_persistent: muc_create
access_mam:
- allow
default_room_options:
allow_subscription: true # enable MucSub
mam: false
mod_muc_admin: {}
mod_offline:
access_max_user_messages: max_user_offline_messages
mod_ping: {}
mod_privacy: {}
mod_private: {}
mod_proxy65:
access: local
max_connections: 5
mod_pubsub:
access_createnode: pubsub_createnode
plugins:
- flat
- pep
force_node_config:
## Avoid buggy clients to make their bookmarks public
storage:bookmarks:
access_model: whitelist
mod_push: {}
mod_push_keepalive: {}
mod_register:
## Only accept registration requests from the "trusted"
## network (see access_rules section above).
## Think twice before enabling registration from any
## address. See the Jabber SPAM Manifesto for details:
## https://github.com/ge0rg/jabber-spam-fighting-manifesto
ip_access: trusted_network
mod_roster:
versioning: true
mod_s2s_dialback: {}
mod_shared_roster: {}
mod_stream_mgmt:
resend_on_timeout: if_offline
mod_vcard: {}
mod_vcard_xupdate: {}
mod_version:
show_os: false
### Local Variables:
### mode: yaml
### End:
### vim: set filetype=yaml tabstop=8
Solution
You are still using the example certificate provided by the ejabberd installer. It is self-signed, and has no validity, so the error message is to be expected.
If you want that error to go away, either don't use encryption, or better: obtain a certificate signed by a certification authority.