# Pidgin Interface with Jabber



## rtwingfield (Mar 20, 2011)

Feeling reasonably sure that the jabberd router and it's clients are properly configured, I'm trying to configure the Pidgin client to coorporate with the jabberd's c2s.xml client.

Tags within the jabberd's c2s client's c2s.xml (configuration file) are internally documented as follows:

```
<!-- Port to bind to, or 0 to disable unencrypted access to the
         server (default: 5222) -->
    <port>5222</port>

    <!-- Older versions of jabberd support encrypted client connections
         via an additional listening socket on port 5223. If you want
         this (required to allow pre-STARTTLS clients to do SSL),
         uncomment this -->
    <!-- 
    <ssl-port>5223</ssl-port>
    -->
```
This is mysterious, and I cannot find well written documentation . . .anywhere.  What is "_old style_" SSL?

I have "uncommented" the <ssl-port>5223</ssl-port> tag (also tried changing port 5223 to 443 in the <ssl-port> tag); regardless, the only way that I can get the Pidgin client to authenticate or verify the SSL certificate is to specify port 443 in the Pidgin user's definition (this I have learned from other _Googled-up_ forums); never-the-less, Pidgin's "Debug Window" displays that in addition to the (apparently successful) certification validation, that writing occurs to the /root/.purple/ . . .accounts.xml, status.xml, prefs.xml, and blist.xml files.  (Apache v2.2 is quite happy running on port 443 with SSL.)

The Pidgin _user-entry_ panel has a little check box that implies "Create this new account on the server" . . .but checking it has no effect on the MySQL tables on the server.  Actually, I'm at a total loss to understand what is wrong.  There are no error log entries, no fatal dumps, just nothing.  Eventually, in the Pidgin's "Buddy List" panel, a message displays "rtwingfield@archaxis.net/ disconnected" followed by "Server closed the connection" . . .I suppose because the (jabberd) server detected no activity.  This behaviour is the same whether initiated from the console attached to the FreeBSD server box, or from a Pidgin client running on a Windoze box on the LAN.

I have tried various combinations of port assignments here and there, but so far, no luck.  Does this sound familiar to anyone?

Also, how does this play with DNS and the named?


----------



## mix_room (Mar 21, 2011)

1) Which jabber daemon are you using? 

You want to connect to port 5222, that is the default XMPP port. 

2) Why do you believe that the server is properly configured? Does it work with other clients? 

3) Enable logging - it really helps, usually the error will be there somewhere.


----------



## rtwingfield (Mar 21, 2011)

I'm using Jabber v2.2.11.

I appreciate your comment regarding the default port 5222.  NOTE that I'm referring to the port specification in the Pidgin client configuration.  In my previous post (this thread), I mentioned that I've _Googled up_ some suggestions to use (or try) other ports as well as 443, but 443 is the only port that seems to work with the certification validation.  It is my understanding that port 5222 is for unencrypted traffic, and that 5223 is the default SSL port.  The Pidgin configuration process is ambiguous and refers to using "old style SSL" on port 5223.

Regarding logs, yes, I have logs enabled . . .individual output (both stdout and stderr) to separate files per the router and its clients, sm, s2s, and c2s.  (see my thread, Jabberd 2.2.11 Installation and . . .)  As I mentioned, there is nothing in the logs; other than this information from the Pidgin "Debug Window":

```
[14:07:56) proxy: Connected to archaxis.net:443.
(14:07:56) nss: subject=E=Ron.Wingfield@Archaxis.net,CN=archaxis.net,
O=Archaxis Network Services,
L=Little Rock,ST=Arkansas,C=US issuer=E=Ron.Wingfield@Archaxis.net,
CN=archaxis.net,O=Archaxis Network Services,L=Little Rock,ST=Arkansas,C=US
(14:07:56) certificate/x509/tls_cached: Starting verify for archaxis.net
(14:07:56) certificate/x509/tls_cached: Checking for cached cert...
(14:07:56) certificate/x509/tls_cached: ...Found cached cert
(14:07:56) nss/x509: Loading certificate from /root/.purple/certificates/x509/tls_peers/archaxis.net
(14:07:56) certificate/x509/tls_cached: Peer cert matched cached
(14:07:56) nss/x509: Exporting certificate to /root/.purple/certificates/x509/tls_peers/archaxis.net
(14:07:56) util: Writing file /root/.purple/certificates/x509/tls_peers/archaxis.net
(14:07:56) certificate: Successfully verified certificate for archaxis.net
(14:07:56) jabber: Sending (ssl) (rtwingfield@archaxis.net/): <?xml version='1.0' ?>
(14:07:56) jabber: Sending (ssl) (rtwingfield@archaxis.net/): 
<stream:stream to='archaxis.net' xmlns='jabber:client' 
xmlns:stream='http://etherx.jabber.org/streams' version='1.0'>
(14:08:01) util: Writing file accounts.xml to directory /root/.purple
(14:08:01) util: Writing file /root/.purple/accounts.xml

[I]. . .so far, so good, but about five minutes later:[/I]

(14:12:56) connection: Connection error on 0x2abc4bc0 
(reason: 0 description: Server closed the connection)
(14:12:56) account: Disconnecting account rtwingfield@archaxis.net/ (0x2abed400)
(14:12:56) connection: Disconnecting connection 0x2abc4bc0
(14:12:56) jabber: Sending (ssl) (rtwingfield@archaxis.net/): </stream:stream>
(14:12:56) connection: Destroying connection 0x2abc4bc0
(14:13:02) util: Writing file accounts.xml to directory /root/.purple
(14:13:02) util: Writing file /root/.purple/accounts.xml

. . .and for example from the [file]c2s[/file] log:

Mon Mar 21 15:05:02 2011 [notice] attempting connection to router at 127.0.0.1, port=5347
Mon Mar 21 15:05:06 2011 [notice] connection to router established
Mon Mar 21 15:05:06 2011 [notice] [0.0.0.0, port=5222] listening for connections
Mon Mar 21 15:05:06 2011 [notice] [0.0.0.0, port=5223] listening for SSL connections
Mon Mar 21 15:05:06 2011 [notice] ready for connections
```

As you can see, the SSL connection is established via port 443, but as I mentioned before, beyond that point, nothing else happens and eventually the server drops the connection as if it never heard anything else from the Pidgin client.

When you ask, 





> Does it work with other clients?


 are you asking if it works with a user-client other than Pidgin?  No, I haven't.

At this point, I don't know if this is a problem with Jabber or Pidgin.


----------



## mix_room (Mar 22, 2011)

I run the XMPP protocol over port 5222. My understanding is that port 5222 supports both SSL and unencrypted communication. SSL is standard, but plaintext can be forced. 

I run ejabberd, and it seems to work decently. I remember that I had some problems getting it to run, but not what they were. 

Reading your other logs, it seems as though you had a problem with the server. The part about the router not being able to connect, or you not being able to connect to the router look like the place to proceed. 

There should be plenty of open XMPP servers around which you could use to test if the problem is with your installation of Pidgin.


----------

