pythonpython-3.xsslencryptionsleekxmpp

SleekXMPP: "Certificate has expired."


I'm currently trying to use the sleekxmpp module in Python3.5 to connect to jabber.at, an XMPP service. Jabber.at's SSL certificates are issued by Let's Encrypt.

The problem I'm having is, when I try to log in to my jabber.at account using sleekxmpp, I get the following error:

INFO     Negotiating TLS
INFO     Using SSL version: TLSv1
ERROR    Certificate has expired.

I've tried to resolve this issue on Ubuntu 16.04, Manjaro GNOME 17, and Windows 10, with a fresh installation of Python, sleekxmpp, and all of sleekxmpp's dependencies, on each of those machines. It didn't make a difference.

On each of my machines, I have the Let's Encrypt Authority X3 certificate installed, yet sleekxmpp still thinks the certificate is expired, even though the certificate is valid until 2022. Frustratingly, I'm able to log in to my XMPP account using Pidgin, and the certificate automatically saved by Pidgin (which you can find under ~/.purple/ in Linux) is exactly the same as the one I downloaded directly from Let's Encrypt.

I've tried manually changing the ssl version in sleekxmpp.xmlstream.xmlstream.py:125 to ssl.PROTOCOL_SSLv23, but that didn't work, either. I've also tried manually specifying the path to the Let's Encrypt .crt file in sleekxmpp.xmlstream.xmlstream.py:140, but I still have the same issue.

I should note that I do have dnspython, pyasn1, and pyasn1_modules installed on each machine. While I can successfully log into my jabber.at account by either uninstalling pyasn1, or explicitly ignoring certificates by setting sleekxmpp.xmlstream.xmlstream.py:140 to None, that isn't a solution in my case - I must encrypt my connection.

Is there anything I can do? I've been at this for days now, and I haven't been able to find any helpful solutions on Google.

I appreciate any help!


Solution

  • After over a month, I was able to find a solution to my own problem.

    It turns out that this issue is caused by a regression in SleekXMPP, introduced in version 1.3.3:

    GitHub: Regression from 1.3.1

    It was only recently addressed, but as of now, there is no official release with the fix. The short-term solution to this problem is to uninstall SleekXMPP, and re-install SleekXMPP, specifying version 1.3.1:

    sudo pip3 uninstall sleekxmpp
    sudo pip3 install sleekxmpp==1.3.1
    

    Reverting to version 1.3.1 solves this issue for me. Perhaps this will no longer be an issue in SleekXMPP 1.3.4.