You are not logged in.
(I posted this also in the Gajim board and they suggest that could be a system issue so I replicate here for further investigation)
https://dev.gajim.org/gajim/python-nbxmpp/-/issues/163
Hi all :-) I need some help to investigate those strange behavior of the latest installations of Gajim on several machines. The problem affect just the upload and download all together , encrypted or not. Those errors make unable to upload or download attachments . (consequently also the preview plugin do not work).
Text messages instead work always as expected , encrypted or not.
Why do the text , encrypted or not , work correctly and the attachment instead does not ?
If the certificate is not trusted how con happen the communication between the two chat (and encripted with OMEMO) ? I miss this stage ...
Firewall on-off do not make a change.
Different DNS do not make a change.
Different version of Gajim 1.9.5 (official from pacman or git from Aur or flatpack or manually compiled) do not make a change.
On the server there is Arch last update. Restart it do not make a change. (for now i cannot update Ejabberd but I will)
I tried to copy the Gajim .local/share/ folder from workstation01 to workstation02 but errors still are present.
I tried to delete and re-add the certificate to all the client that do not work , no change.
Https verification on/off do not make change.
I tried to disable secure connection on the account connection and also omemo in the chat in Gajim and still cant download and upload anything :-/ but still I can send texts (from the machines where persist the problem) , for the first two machine instead all work as always , doh !
I would say that maybe is an Arch fault problem but honestly now i'm lost. :-( Can you suggest some debugging or else ?
GTK Version: 3.24.43
GLib Version: 2.82.2
Pango Version: 1.54.0
PyGObject Version: 3.50.0
cairo Version: 1.18.2
pycairo Version: 1.27.0
python-nbxmpp Version: 5.0.4
libsoup Version: 3.6.1
[ws@workstation gajim-main]$ sudo pacman -U gajim-1.9.5-2-any.pkg.tar
loading packages...
resolving dependencies...
looking for conflicting packages...
Packages (1) gajim-1.9.5-2
Total Installed Size: 18.30 MiB
:: Proceed with installation? [Y/n]
(1/1) checking keys in keyring [#######################################################################################] 100%
(1/1) checking package integrity [#######################################################################################] 100%
(1/1) loading package files [#######################################################################################] 100%
(1/1) checking for file conflicts [#######################################################################################] 100%
(1/1) checking available disk space [#######################################################################################] 100%
:: Processing package changes...
(1/1) installing gajim [#######################################################################################] 100%
Optional dependencies for gajim
python-dbus: to have gajim-remote working [installed]
python-sentry_sdk: for Sentry error reporting to dev.gajim.org (users decide whether to send reports or not) [installed]
gspell: for spell checking support [installed]
libsecret: for GNOME Keyring or KDE support as password storage [installed]
gupnp-igd: for better NAT traversing [installed]
networkmanager: for network lose detection [installed]
geoclue2: share current location [installed]
gsound: Notification Sounds [installed]
libayatana-appindicator: for App Indicator on Wayland [installed]
farstream: for video and audio calls [installed]
gstreamer: for video and audio calls [installed]
gst-plugins-base: for video and audio calls [installed]
gst-plugins-ugly: for video and audio calls [installed]
gst-libav: for video and audio calls [installed]
gst-plugin-gtk: for video and audio calls [installed]
libxss: for idle time checking on X11 [installed]
python-gnupg: encrypting chat messages with OpenPGP [installed]
emoji-font: for emojis support [installed]
:: Running post-transaction hooks...
(1/3) Arming ConditionNeedsUpdate...
(2/3) Updating icon theme caches...
(3/3) Updating the desktop file MIME type cache...
[ws@workstation gajim-main]$ Server info :
Domain : ...
DNS : xmpp-client
IP/port : ....
Type : START TLS
TLS version 1.3
Cipher Suite : TLS_AES_256_GCM_SHA384
No proxy
Server Software: ejabberd 23.10.0
XEP-0045: Multi-User Chat: Available
XEP-0054: vcard-temp: Available
XEP-0077: In-Band Registration: Available
XEP-0163: Personal Eventing Protocol: Available
XEP-0163: #publish-options: Available
XEP-0191: Blocking Command: Available (urn:xmpp:blocking)
XEP-0198: Stream Management: Available (urn:xmpp:sm:3)
XEP-0258: Security Labels in XMPP: Not available (urn:xmpp:sec-label:0)
XEP-0280: Message Carbons: Available (urn:xmpp:carbons:2)
XEP-0313: Message Archive Management: Available
XEP-0363: HTTP File Upload: Available (urn:xmpp:http:upload:0)
Certificate for
opendimensions.ddns.net
Issued to
Common Name (CN): opendimensions.ddns.net
Organization (O):
Subject Alt Names:
Serial Number: 0B:9B:D7:50:20:9A:17:53:21:1F
45:13:DA:2F:76:23:9E:EB:FD:A5
Issued by
Common Name (CN): opendimensions.ddns.net
Organization (O):
Validity
Issued on: lun 10 mag 2021, 02:17:10 UTC
Expires on: gio 8 mag 2031, 02:17:10 UTC
SHA-1:
90:2E:4A:65:56:34:DA:E5:AB:D9
D5:7B:7E:6A:15:49:5F:32:4F:5B
SHA-256:
A2:2C:41:EC:B2:BB:16:7E
3F:89:DE:AC:59:96:4E:FD
56:D1:83:AE:E4:B2:18:89
C6:77:5D:DA:61:C2:5C:48
Public Key: RSA 4096 Bit
XEP-0398: Avatar Conversion: Available
XEP-0411: Bookmarks Conversion: Available
XEP-0402: Bookmarks Compat: Available
XEP-0402: Bookmarks Compat PEP: Available Some log error :
30/11/2024 14:22:52 (E) nbxmpp.http | Request(127714962120832): g-tls-error-quark: Unacceptable TLS certificate (2)
30/11/2024 14:22:52 (W) gajim.c.m.httpupload | (opendimensions.ddns.net) Component does not provide maximum file size
30/11/2024 14:22:56 (W) gajim.c.preview | TLS verification failed: ['The signing certificate authority is not known'] (0x01)
30/11/2024 14:22:56 (W) gajim.c.preview | TLS verification failed: ['The signing certificate authority is not known'] (0x01)
30/11/2024 14:22:56 (E) nbxmpp.http | Request(127714959316224): g-tls-error-quark: Unacceptable TLS certificate (2)
30/11/2024 14:22:56 (W) gajim.c.preview | Download failed: https://opendimensions.ddns.net:5443/upload/daniele/oQ9GS1N2iv3rLP45rUWR7LiHDgciOYtmfjpqUvQb/jnwM3azBRYyIgRsv0lKmcg.jpg - <HTTPRequestError.UNKNOWN: 0>
30/11/2024 14:22:56 (E) nbxmpp.http | Request(127714448353600): g-tls-error-quark: Unacceptable TLS certificate (2)
30/11/2024 14:22:56 (W) gajim.c.preview | Download failed: https://opendimensions.ddns.net:5443/upload/daniele/LofXrgDinPjUxkexyYKd5jHpsAXswhLm86ZXYKjZ/yo57HwWnSDKqzIClhal5tQ.jpg - <HTTPRequestError.UNKNOWN: 0>
30/11/2024 14:22:56 (W) gajim.c.preview | TLS verification failed: ['The signing certificate authority is not known'] (0x01)
30/11/2024 14:22:56 (E) nbxmpp.http | Request(127714446563008): g-tls-error-quark: Unacceptable TLS certificate (2)
30/11/2024 14:22:56 (W) gajim.c.preview | Download failed: https://opendimensions.ddns.net:5443/upload/giostark/Ly3ZVzF4h1eN1yVKFvor5xpx7GvMGvLUlFQIKlgl/11aOIjeIRkaR8L8rVDrL2g.jpg - <HTTPRequestError.UNKNOWN: 0>
30/11/2024 14:24:06 (E) nbxmpp.connection | (opendimensions.ddns.net) Read Error: g-io-error-quark: Error receiving data: Connection reset by peer (44)
30/11/2024 14:30:34 (E) nbxmpp.connection | (opendimensions.ddns.net) Read Error: g-io-error-quark: Error receiving data: Connection reset by peer (44)
30/11/2024 14:31:37 (E) nbxmpp.connection | (opendimensions.ddns.net) Read Error: g-io-error-quark: Error receiving data: Connection reset by peer (44)
30/11/2024 14:33:50 (E) nbxmpp.connection | (opendimensions.ddns.net) Read Error: g-io-error-quark: Error receiving data: Connection reset by peer (44)
30/11/2024 14:40:07 (E) nbxmpp.connection | (opendimensions.ddns.net) Read Error: g-io-error-quark: Error receiving data: Connection reset by peer (44)The debug during the attempt to download the attachments sent from other devices.
https://paste.c-net.org/ManpowerSmooch
Last edited by giostark (2024-12-11 10:18:49)
Offline
I figured out that probably I have added in the past the certificate manually:
https://wiki.archlinux.org/title/User:G … ertificate
Currently Arch Linux uses p11-kit from Fedora, which has more features (e.g. explicit distrusts) than the older scripts from Debian. To import a trust anchor using p11-kit, do:
Run trust anchor --store myCA.crt as root.
The certificate will be written to /etc/ca-certificates/trust-source/myCA.p11-kit and the "legacy" directories automatically updated. This seems the only way that can have generated in /etc/ca-certificates/trust-source/ the opendimensions.ddns.net.p11-kit file.
Last edited by giostark (2024-12-11 10:42:53)
Offline
Someone have idea how is possible that texts work properly (encrypted with omemo too) and the attachment do not? If the encryption do not succeeded at all I should not be able to communicate anything , right ?
Offline