Up to Discussions in Openfire Support
17 Replies Last post: Dec 10, 2007 10:28 AM by Melvin  
Gaston Dombiak Jiver
Gaston Dombiak
3,749 posts since
Sep 26, 2001
Currently Being Moderated

Dec 6, 2007 7:26 PM

Openfire 3.4.2 has been released

We are pleased to announce the release of Openfire 3.4.2!  This is a maintenance release that also includes nice improvements such as better certificate management and support for Entity Capabilities. Performance has been improved too therefore the Connection Manager module has been updated. A complete list of changes can be found here.

 

The SparkWeb client included in the Enterprise edition has been updated too. Lots of improvements has been made and it now has support for group chat. You can use the SparkWeb client from here.

 

Download Openfire from here.

Download Openfire Enterprise from here.

Download Connection Manager from here

Enjoy!

 

Openfire Team

Tags: openfire, update, release
wroot KeyContributor
wroot
3,192 posts since
Jan 24, 2005
Currently Being Moderated
Dec 7, 2007 1:47 AM in response to: Gaston Dombiak
Re: Openfire 3.4.2 has been released

MySQL driver downgraded?

 

As i will be absent at work for a long time i wonder is it worth to upgrade today. What exactly will MINA upgrade give?

Report Abuse
Philipp Wollermann Bronze
Philipp Wollermann
6 posts since
Dec 7, 2007
Currently Being Moderated
Dec 7, 2007 3:46 AM in response to: Gaston Dombiak
Re: Openfire 3.4.2 has been released

I just installed Openfire 3.4.2 from scratch but found a problem which did not occur in 3.4.1. In the setup it asks for the admin-username and password. I enter admin@mydomain.de, but I can't login when the setup is finished. I looked in the database and saw, that the wrong user with the wrong password was saved in the table jiveUser (both user and plainPassword were 'admin'). I just changed both to the values I entered in the setup and I could login.

Report Abuse
Mark Jayz Bronze
Mark Jayz
9 posts since
Dec 7, 2007
Currently Being Moderated
Dec 7, 2007 11:07 AM in response to: Gaston Dombiak
Re: Openfire 3.4.2 has been released

I just upgraded to 3.4.2 (mainly for the certificate management improvements) and discovered the following issue:

 

1) I created two selfsigned certificates via the openfire webinterface

2) I restarted openfire via the webinterface

3) openfire asked me to enter some data in order to create a csr

4) I entered the requested data

5) I restarted openfire again

 

6) Now i should be able to fetch the csr, but instead openfire ask me again to enter some data for the csr????

 

i checked /opt/openfire/resources/security

 

the files have been changed (timestamp), but obviously openfire isn't recognizing it?!?

any idea on howto fix that and get a csr?

 

best,

 

Mark

Report Abuse
Philipp Wollermann Bronze
Philipp Wollermann
6 posts since
Dec 7, 2007
Currently Being Moderated
Dec 7, 2007 11:17 AM in response to: Mark Jayz
Re: Openfire 3.4.2 has been released

What was the "some data" Openfire wanted you to enter? In my install the CSRs are immediately shown without any action on my part and the field where to enter data is the one where the response from the certification authority should get entered!

Report Abuse
Mark Jayz Bronze
Mark Jayz
9 posts since
Dec 7, 2007
Currently Being Moderated
Dec 7, 2007 11:29 AM in response to: Philipp Wollermann
Re: Openfire 3.4.2 has been released

Openfire keeps telling me the following:

 

"The issuer information for the certificates should be updated before sending the Certificate Signing Request (CSR) to a Certificate Authority (CA). Click here to update the issuer information."

 

When I click on "here", openfire ask me to enter:

 

"Complete the following information of the certificate issuer. This information will be stored in the certificates pending to be sent to the Certificate Authority. The Certificate Authority will validate the information in order to sign the certificates."

 

Name: xmpp.myserver.com

Organizational Unit: xmpp.myserver.com

Organization: xmpp.myserver.com

City: MyCity

State: MyState

Country Code: AU

 

Then I click on "Update information"

 

On the next page openfire tells me "the certificates have been changed - click here to restart".

When I now restart openfire and come back to the certificate management it still tells me:

 

"The issuer information for the certificates should be updated before sending the Certificate Signing Request (CSR) to a Certificate Authority (CA). Click here to update the issuer information."

Report Abuse
Gaston Dombiak Jiver
Gaston Dombiak
3,749 posts since
Sep 26, 2001
Currently Being Moderated
Dec 7, 2007 11:42 AM in response to: Mark Jayz
Re: Openfire 3.4.2 has been released

Hey Mark,

 

Do you see any error in the log files? Does the user running the Openfire server have permission to modify the files located under resources\security? Could you execute 'keytool -list -v -keystore keystore' under resources\security and paste the results?

 

Thanks,

 

  -- Gato

Report Abuse
Mark Jayz Bronze
Mark Jayz
9 posts since
Dec 7, 2007
Currently Being Moderated
Dec 7, 2007 11:54 AM in response to: Gaston Dombiak
Re: Openfire 3.4.2 has been released

Hi Gato,

 

thanks for stepping in.

According to the timestamp, the files get changed every time I update the Information which openfire requests me to enter.

Also openfire is currently running as root So it should have the rights to change the files

 

#keytool -list -v -keystore keystore
Enter keystore password:  

*****************  WARNING WARNING WARNING  *****************
* The integrity of the information stored in your keystore  *
* has NOT been verified!  In order to verify its integrity, *
* you must provide your keystore password.           &nbs p;      *
*****************  WARNING WARNING WARNING  *****************

Keystore type: jks
Keystore provider: SUN

Your keystore contains 2 entries

Alias name: xmpp.mydomain.com_rsa
Creation date: Dec 7, 2007
Entry type: keyEntry
Certificate chain length: 1
Certificate[1]:
Owner: C=AT, ST=myState, L=myTown, O=xmpp.mydomain.com, OU=xmpp.mydomain.com, CN=xmpp.mydomain.com
Issuer: C=AT, ST=myState, L=myTown, O=xmpp.mydomain.com, OU=xmpp.mydomain.com, CN=xmpp.mydomain.com
Serial number: <bla>
Valid from: Fri Dec 07 17:58:29 CET 2007 until: Sat Nov 10 17:58:29 CET 2012
Certificate fingerprints:
      MD5:  <bla>
      SHA1: <bla>


*******************************************
*******************************************


Alias name: xmpp.mydomain.com_dsa
Creation date: Dec 7, 2007
Entry type: keyEntry
Certificate chain length: 1
Certificate[1]:
Owner: C=AT, ST=myState, L=myTown, O=xmpp.mydomain.com, OU=xmpp.mydomain.com, CN=xmpp.mydomain.com
Issuer: C=AT, ST=myState, L=myTown, O=xmpp.mydomain.com, OU=xmpp.mydomain.com, CN=xmpp.mydomain.com
Serial number: <bla>
Valid from: Fri Dec 07 17:58:35 CET 2007 until: Sat Nov 10 17:58:35 CET 2012
Certificate fingerprints:
      MD5:  <bla>
      SHA1: <bla>


*******************************************
*******************************************

 

Report Abuse
Gaston Dombiak Jiver
Gaston Dombiak
3,749 posts since
Sep 26, 2001
Currently Being Moderated
Dec 7, 2007 11:56 AM in response to: Mark Jayz
Re: Openfire 3.4.2 has been released

Hey Mark,

 

The certificates were updated with the issuer information but for some reason Openfire is failing to recognize that a CSR can be generated. I also noticed that you are getting a "WARNING WARNING WARNING" message that I never saw which suggests me that you are using another JVM provider (but not SUN's one). Would you mind send me your keystore file so I can debug the problem here? You can generate new certs and send them to me so there is no security problem.

 

Thanks,

 

  -- Gato

Report Abuse
Mark Jayz Bronze
Mark Jayz
9 posts since
Dec 7, 2007
Currently Being Moderated
Dec 7, 2007 12:06 PM in response to: Gaston Dombiak
Re: Openfire 3.4.2 has been released

Hi Gato,

 

the WARNING is always shown, when you dont enter the keystore password (no idea what the default password is

I am on Debian Etch.

 

should i append the keystore here?

 

best,

 

Mark

Report Abuse
Gaston Dombiak Jiver
Gaston Dombiak
3,749 posts since
Sep 26, 2001
Currently Being Moderated
Dec 7, 2007 12:28 PM in response to: Mark Jayz
Re: Openfire 3.4.2 has been released

Hey Mark,

 

the WARNING is always shown, when you dont enter the keystore password (no idea what the default password is

I am on Debian Etch.

 

No idea that you could still see the list of certs even without a password. That is crazy. BTW, the default password is changeit.

should i append the keystore here?

 

You can send them to me by email (gaston at jivesoftware dot com).

 

Thanks,

 

  -- Gato

Report Abuse
Mark Jayz Bronze
Mark Jayz
9 posts since
Dec 7, 2007
Currently Being Moderated
Dec 7, 2007 12:36 PM in response to: Gaston Dombiak
Re: Openfire 3.4.2 has been released

hrgz.

now THATS really strange.

 

I just updated the data again (entered some "bogus-data")

 

myTown, myState, xmpp.mydomain.com etc.

and guess what... NOW openfire shows the csr and the form-boxes to enter the results signed by the ca.

 

very strange.

anyway i'll send you the keystore files.

Report Abuse
Mark Jayz Bronze
Mark Jayz
9 posts since
Dec 7, 2007
Currently Being Moderated
Dec 7, 2007 12:46 PM in response to: Gaston Dombiak
Re: Openfire 3.4.2 has been released

I think, i tracked the problem down.

 

When one of the fields:

Name, Organizational Unit, Organization

 

contain a value thats EQUAL to the servers domain-name > openfire always shows the "csr-data collection" dialog again

 

if all fields are NOT EQUAL to the servers domain-name > openfire shows the csr and allows the entry of the CA signed data

 

i'll test further if its just one special field (name OR organizational unit OR organization) or if it applies to all fields.

Report Abuse
Mark Jayz Bronze
Mark Jayz
9 posts since
Dec 7, 2007
Currently Being Moderated
Dec 7, 2007 12:55 PM in response to: Gaston Dombiak
Re: Openfire 3.4.2 has been released

okay. i tested all combinations now.

 


if($Name==$openfireDomainName)
 { echo "csr loop error"; } 
else
 { echo "everything works just fine"; }

 

Report Abuse
remote Bronze
remote
17 posts since
Apr 9, 2006
Currently Being Moderated
Dec 7, 2007 2:03 PM in response to: Gaston Dombiak
Re: Openfire 3.4.2 has been released

 

For a couple rooms I'm not able to set permissions.

Room Administration:

User Permissions:

 

 

Exception:

java.lang.StringIndexOutOfBoundsException: String index out of range: -1

at java.lang.String.substring(Unknown Source)

at org.jivesoftware.openfire.admin.muc_002droom_002daffiliations_jsp._jspService(m uc_002droom_002daffiliations_jsp.java:323)

at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:97)

at javax.servlet.http.HttpServlet.service(HttpServlet.java:802)

at org.mortbay.jetty.servlet.ServletHolder.handle(ServletHolder.java:487)

at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.ja va:1093)

at com.opensymphony.module.sitemesh.filter.PageFilter.parsePage(PageFilter.java:11 8)

at com.opensymphony.module.sitemesh.filter.PageFilter.doFilter(PageFilter.java:52)

at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.ja va:1084)

at org.jivesoftware.util.LocaleFilter.doFilter(LocaleFilter.java:65)

at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.ja va:1084)

at org.jivesoftware.util.SetCharacterEncodingFilter.doFilter(SetCharacterEncodingF ilter.java:41)

at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.ja va:1084)

at org.jivesoftware.admin.PluginFilter.doFilter(PluginFilter.java:69)

at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.ja va:1084)

at org.jivesoftware.admin.AuthCheckFilter.doFilter(AuthCheckFilter.java:98)

at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.ja va:1084)

at org.mortbay.jetty.servlet.ServletHandler.handle(ServletHandler.java:360)

at org.mortbay.jetty.security.SecurityHandler.handle(SecurityHandler.java:216)

at org.mortbay.jetty.servlet.SessionHandler.handle(SessionHandler.java:181)

at org.mortbay.jetty.handler.ContextHandler.handle(ContextHandler.java:712)

at org.mortbay.jetty.webapp.WebAppContext.handle(WebAppContext.java:405)

at org.mortbay.jetty.handler.ContextHandlerCollection.handle(ContextHandlerCollect ion.java:211)

at org.mortbay.jetty.handler.HandlerCollection.handle(HandlerCollection.java:114)

at org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:139)

at org.mortbay.jetty.Server.handle(Server.java:313)

at org.mortbay.jetty.HttpConnection.handleRequest(HttpConnection.java:506)

at org.mortbay.jetty.HttpConnection$RequestHandler.headerComplete(HttpConnection.j ava:830)

at org.mortbay.jetty.HttpParser.parseNext(HttpParser.java:514)

at org.mortbay.jetty.HttpParser.parseAvailable(HttpParser.java:211)

at org.mortbay.jetty.HttpConnection.handle(HttpConnection.java:381)

at org.mortbay.io.nio.SelectChannelEndPoint.run(SelectChannelEndPoint.java:396)

at org.mortbay.thread.BoundedThreadPool$PoolThread.run(BoundedThreadPool.java:442)

 

 

Thanks for your time & Take Care!

 

 

 

 

Report Abuse
jaylakes Bronze
jaylakes
34 posts since
Feb 28, 2006
Currently Being Moderated
Dec 7, 2007 2:27 PM in response to: Gaston Dombiak
Re: Openfire 3.4.2 has been released

 

2 things.

 

 

 

 

1. The start script works great. In fact, it's taking far less time for it to initialize now.

 

 

2. THE RPM WORKED PERFECTLY!!!!!

 

 

I've been suffering through backing up configs and security stores before every upgrade for over a year now. I'd been begging and pleading for an RPM that would respect configs and security files and just plain install.

 

 

 

 

root@ma-deuce jlakin# yum update openfire-3.4.2-1.i386.rpm

server:eGroupWare         100% |=========================|  951 B    00:00    

livna            &nb sp;        100% |=========================| 2.1 kB    00:00    

fedora            &n bsp;       100% |=========================| 2.1 kB    00:00    

updates            & nbsp;      100% |=========================| 2.3 kB    00:00    

Setting up Update Process

Examining openfire-3.4.2-1.i386.rpm: openfire - 3.4.2-1.i386

Marking openfire-3.4.2-1.i386.rpm as an update to openfire - 3.4.0-1.i386

Resolving Dependencies

--&gt; Running transaction check

---&gt; Package openfire.i386 0:3.4.2-1 set to be updated

--&gt; Finished Dependency Resolution

 

Dependencies Resolved

 

=============================================================================

Package                  Arch       Version          Repository        Size

=============================================================================

Updating:

openfire           &nbsp ;    i386       3.4.2-1          openfire-3.4.2-1.i386.rpm  108 M

 

Transaction Summary

=============================================================================

Install      0 Package(s)        

Update       1 Package(s)        

Remove       0 Package(s)        

 

Total download size: 108 M

Is this ok y/N: y

Downloading Packages:

Running rpm_check_debug

Running Transaction Test

Finished Transaction Test

Transaction Test Succeeded

Running Transaction

  Updating  : openfire           &nbsp ;         ######################### 1/2

Shutting down openfire:

  Cleanup   : openfire           &nbsp ;         ######################### 2/2

 

Updated: openfire.i386 0:3.4.2-1

Complete!

root@ma-deuce jlakin# service openfire start

Starting openfire:

root@ma-deuce jlakin# netstat -pan | grep 9091

tcp        0      0 :::9091                      :::*            &nb sp;           LISTEN      9711/java          

root@ma-deuce jlakin#

 

 

 

 

THANK YOU!!!!!

 

 

Report Abuse
Adam Walter Bronze
Adam Walter
4 posts since
Oct 23, 2007
Currently Being Moderated
Dec 7, 2007 3:52 PM in response to: Gaston Dombiak
Re: Openfire 3.4.2 has been released

I have Windows server 2003 running Openfire 3.3.3 and even though I stop the service and quit. I still get an error saying that openfire is still running.  I cannot get to the admin console but the spark client still connects.  Am I missing a service or process?

Report Abuse
Melvin Bronze
Melvin
3 posts since
Dec 10, 2007
Currently Being Moderated
Dec 10, 2007 10:31 AM in response to: Gaston Dombiak
Re: Openfire 3.4.2 has been released

After upgrading to 3.4.2 the webinterface doesn't work.

 

First some information about a problem with the previous version which could be important: When I upgraded from 3.3.3 to 3.4.0 I also had a little problem with the webinterface; when trying to login using the secure(port: 9091) interface it wouldn't login. But when using the unsecure interface(port: 9090) it did work. After being logged in, it was possible to change to the secure interface.

 

 

But back to the problem I have with this version. I upgraded to the new version (3.4.2) using the tarball. As I can see everything did work, but the webinterface doesn't work. When I go the webinterface it changes url from index.jsp to login.jsp, but I don't get any content on my screen. In the error.log file this message can be found:

 

 

 

 

2007.12.10 15:04:44 org.jivesoftware.util.log.util.CommonsLogFactory$1.fatal(CommonsLogFactory.java :99) Exception initializing page context

java.lang.NoClassDefFoundError: javax/servlet/jsp/el/ExpressionEvaluator

at java.lang.ClassLoader.defineClass1(Native Method)

at java.lang.ClassLoader.defineClass(Unknown Source)

at java.security.SecureClassLoader.defineClass(Unknown Source)

at java.net.URLClassLoader.defineClass(Unknown Source)

at java.net.URLClassLoader.access$100(Unknown Source)

at java.net.URLClassLoader$1.run(Unknown Source)

at java.security.AccessController.doPrivileged(Native Method)

at java.net.URLClassLoader.findClass(Unknown Source)

at java.lang.ClassLoader.loadClass(Unknown Source)

at sun.misc.Launcher$AppClassLoader.loadClass(Unknown Source)

at java.lang.ClassLoader.loadClass(Unknown Source)

at java.lang.ClassLoader.loadClass(Unknown Source)

at java.lang.ClassLoader.loadClassInternal(Unknown