Problem using Jigasi from Ubuntu package

Hello Everyone,

i’m new here and with jitsi as well.

I setup a new ubuntu server (22.04 LTS) and installed jitsi with apt.
Worked flawlessly and made little tuning to the “meet.mydomain.de-config.js” file.

Now we wanted to use jisagi for outgoing calls in rooms.
i continued installing jisagi with apt.
I can see in our asterisk that the aor i configured for jisagi is been registered. But if i call a number it only shows “couldnt invite (or something similar)” and nothing happens on asterisk side.

In /var/log/jitsi/jigasi.log i can see
2022-07-05 14:04:23.323 INFORMATION: [67] org.jivesoftware.smack.AbstractXMPPConnection.notifyConnectionError: Connection was already disconnected when attempting to handle org.igniterealtime.jbosh.BOSHException: Could not obtain response
org.igniterealtime.jbosh.BOSHException: Could not obtain response
at org.igniterealtime.jbosh.ApacheHTTPResponse.awaitResponse(ApacheHTTPResponse.java:251)
at org.igniterealtime.jbosh.ApacheHTTPResponse.getBody(ApacheHTTPResponse.java:192)
at org.igniterealtime.jbosh.BOSHClient.processExchange(BOSHClient.java:1123)
at org.igniterealtime.jbosh.BOSHClient.processMessages(BOSHClient.java:999)
at org.igniterealtime.jbosh.BOSHClient.access$300(BOSHClient.java:100)
at org.igniterealtime.jbosh.BOSHClient$RequestProcessor.run(BOSHClient.java:1728)
at java.base/java.lang.Thread.run(Thread.java:829)
Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:131)
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:353)
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:296)
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:291)
at java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357)
at java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232)
at java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175)
at java.base/sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:392)
at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:443)
at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:421)
at java.base/sun.security.ssl.TransportContext.dispatch(TransportContext.java:183)
at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:172)
at java.base/sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1506)
at java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1416)
at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:456)
at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:427)
at org.apache.http.conn.ssl.SSLSocketFactory.createLayeredSocket(SSLSocketFactory.java:570)
at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:554)
at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:415)
at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:489)
at org.apache.http.conn.scheme.SchemeSocketFactoryAdaptor.connectSocket(SchemeSocketFactoryAdaptor.java:66)
at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:180)
at org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:144)
at org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:134)
at org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:605)
at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:440)
at org.apache.http.impl.client.AbstractHttpClient.doExecute(AbstractHttpClient.java:835)
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:83)
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:56)
at org.igniterealtime.jbosh.ApacheHTTPResponse.awaitResponse(ApacheHTTPResponse.java:235)
… 6 more
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at java.base/sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439)
at java.base/sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306)
at java.base/sun.security.validator.Validator.validate(Validator.java:264)
at java.base/sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:313)
at java.base/sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:222)
at java.base/sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:129)
at java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1341)
… 31 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at java.base/sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)
at java.base/sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)
at java.base/java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297)
at java.base/sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434)
… 37 more
2022-07-05 14:04:23.324 SCHWERWIEGEND: [66] net.java.sip.communicator.impl.protocol.jabber.ProtocolProviderServiceJabberImpl.connectAndLogin: Failed to connect to XMPP service for:ProtocolProviderServiceJabberImpl(Jabber:05bf5f62@meet.cerobear.de/05bf5f62)
org.jivesoftware.smack.SmackException$SmackMessageException: Timeout reached for the connection to null:-1.
at org.jivesoftware.smack.bosh.XMPPBOSHConnection.connectInternal(XMPPBOSHConnection.java:202)
at org.jivesoftware.smack.AbstractXMPPConnection.connect(AbstractXMPPConnection.java:526)
at net.java.sip.communicator.impl.protocol.jabber.ProtocolProviderServiceJabberImpl.connectAndLogin(ProtocolProviderServiceJabberImpl.java:1312)
at net.java.sip.communicator.impl.protocol.jabber.ProtocolProviderServiceJabberImpl.connectAndLogin(ProtocolProviderServiceJabberImpl.java:965)
at net.java.sip.communicator.impl.protocol.jabber.ProtocolProviderServiceJabberImpl.initializeConnectAndLogin(ProtocolProviderServiceJabberImpl.java:790)
at net.java.sip.communicator.impl.protocol.jabber.ProtocolProviderServiceJabberImpl.register(ProtocolProviderServiceJabberImpl.java:495)
at org.jitsi.jigasi.util.RegisterThread.run(RegisterThread.java:59)
2022-07-05 14:04:23.327 SCHWERWIEGEND: [66] JvbConference.registrationStateChanged#673: [ctx=16570298631071712328480] XMPP Connection failed. RegistrationStateChangeEvent[ oldState=Registering; newState=RegistrationState=Connection Failed; userRequest=false; reasonCode=6; reason=Timeout reached for the connection to null:-1.]
2022-07-05 14:04:33.139 SCHWERWIEGEND: [62] CallControlMucActivator$DialIqHandler.processIQInternal#634: [ctx=16570298631071712328480] Error processing RayoIq
java.lang.Exception: Fail to join muc!
at org.jitsi.jigasi.xmpp.CallControlMucActivator$WaitToJoinRoom.waitToJoinRoom(CallControlMucActivator.java:731)
at org.jitsi.jigasi.xmpp.CallControlMucActivator$DialIqHandler.setDialResponseAndRegisterHangUpHandler(CallControlMucActivator.java:666)
at org.jitsi.jigasi.xmpp.CallControlMucActivator$DialIqHandler.processIQInternal(CallControlMucActivator.java:623)
at org.jitsi.jigasi.xmpp.CallControlMucActivator$DialIqHandler.lambda$processIQ$0(CallControlMucActivator.java:582)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
at java.base/java.lang.Thread.run(Thread.java:829)
2022-07-05 14:04:53.167 WARNUNG: [11] org.jivesoftware.smackx.ping.PingManager.pingServerIfNecessary: XMPPBOSHConnection[not-authenticated] (1) was not authenticated

In /etc/jitsi/jigasi/sip-communicator.properties i configured

net.java.sip.communicator.impl.protocol.jabber.acc-xmpp-1.ALLOW_NON_SECURE=true
org.jitsi.jigasi.xmpp.acc.ALLOW_NON_SECURE=true

i’m really lost what else i could do…because of all the config options, components, domains, etc etc.

Regards,
Chris

You need a valid certificate for your deployment, you can use let’s encrypt.

Thx for your reply. So does this mean it doesnt work with self signed certs?
I didnt mentioned, i tested with our bought domain wildcard (*.domain.de) cert.
But this didnt worked.

Is the full chain of certs correctly setup? Test it with some online checker …

Yes, that should be the case.
I merged all crt files to a single one.

i storted them here /etc/prosody/certs and changed the corresponding lines in /etc/prosody/conf.d/meet.domain.de.cfg.lua

I get this
java.security.cert.CertificateException: Hostname verification of certificate failed. Certificate does not authenticate auth.meet.domain.de
at org.jivesoftware.smack.tcp.XMPPTCPConnection.proceedTLSReceived(XMPPTCPConnection.java:766)
at org.jivesoftware.smack.tcp.XMPPTCPConnection.access$1400(XMPPTCPConnection.java:131)
at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.parsePackets(XMPPTCPConnection.java:990)
at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.access$700(XMPPTCPConnection.java:916)
at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader$1.run(XMPPTCPConnection.java:939)
at java.base/java.lang.Thread.run(Thread.java:829)
JVB 2022-07-06 07:12:04.864 INFORMATION: [93] org.jivesoftware.smack.java7.XmppHostnameVerifier.verify: Certificate does not match hostname
java.security.cert.CertificateException: No subject alternative DNS name matching auth.meet.domain.de found. Tried: .domain.de,.domain.com,domain.com,domain.de,
at org.jivesoftware.smack.java7.XmppHostnameVerifier.matchDns(XmppHostnameVerifier.java:159)
at org.jivesoftware.smack.java7.XmppHostnameVerifier.match(XmppHostnameVerifier.java:105)
at org.jivesoftware.smack.java7.XmppHostnameVerifier.verify(XmppHostnameVerifier.java:71)
at org.jivesoftware.smack.tcp.XMPPTCPConnection.proceedTLSReceived(XMPPTCPConnection.java:762)
at org.jivesoftware.smack.tcp.XMPPTCPConnection.access$1400(XMPPTCPConnection.java:131)
at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.parsePackets(XMPPTCPConnection.java:990)
at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.access$700(XMPPTCPConnection.java:916)
at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader$1.run(XMPPTCPConnection.java:939)
at java.base/java.lang.Thread.run(Thread.java:829)

Looks like it doenst work with a wildcard cert

For that, do you have this set?

Right. have this set all the time. I allready set up a second server. Same problem. Tried with our Wildcard Cert and with self signed cert.
With and Without ALWAYS Trust option.
I dont get whats wrong with this…

I tried to Dial in to a pre default room. This works!
So only dial out seems to be problematic…

To clarify…for dialing out i go to “invite person” and use the featue there.
I read in old docs and threads that there should be a “+” sign in the toolbar, but that is not available for me.

This auth thing is about jigasi joining the brewery room so jicofo can discover it for dial out.
Which jigasi version do you use?

That was broken at some point and was fixed in fix: Enabling CertificateService.PNAME_ALWAYS_TRUST with xmpp. · jitsi/jigasi@e501b84 · GitHub

So the fix is in jigasi_1.1-253-gae4b5a4-1

if i run
apt-get -s install jigasi
i get
jigasi ist schon die neueste Version (1.1-259-g25c51d6-1)

Hum, this is strange if you have ALWAYS_TRUST_MODE_ENABLED=true … I have been fixing in testing that recently.

Some news… i have switched the certificate in nginx (never did before) with our wildcard certificate.
Now its working !!! Dont know why…the certificates in prosody are still the selfsigned certs.

But i cant hear or talk on the sip client.

Maybe i should leave only one or two codecs available.

SCHWERWIEGEND: [175] net.java.sip.communicator.util.UtilActivator.uncaughtException: An uncaught exception occurred in thread=Thread[FMJ Thread: net.sf.fmj.media.ProcessEngine@100f7c51[ net.sf.fmj.media.ProcessEngine@100f7c51 ] ( realizeThread),9,system], and message was: no jng722 in java.library.path: [/usr/share/jigasi/lib]
java.lang.UnsatisfiedLinkError: no jng722 in java.library.path: [/usr/share/jigasi/lib]
at java.base/java.lang.ClassLoader.loadLibrary(ClassLoader.java:2673)
at java.base/java.lang.Runtime.loadLibrary0(Runtime.java:830)
at java.base/java.lang.System.loadLibrary(System.java:1873)
at org.jitsi.impl.neomedia.codec.audio.g722.JNIEncoder.(JNIEncoder.java:17)
at org.jitsi.impl.neomedia.codec.audio.g722.JNIEncoderImpl.doOpen(JNIEncoderImpl.java:67)
at org.jitsi.impl.neomedia.codec.AbstractCodec2.open(AbstractCodec2.java:412)
at net.sf.fmj.media.BasicFilterModule.doRealize(BasicFilterModule.java:83)
at net.sf.fmj.media.PlaybackEngine.buildTrackFromGraph(PlaybackEngine.java:579)
at net.sf.fmj.media.ProcessEngine$ProcGraphBuilder.buildTrackFromGraph(ProcessEngine.java:262)
at net.sf.fmj.media.ProcessEngine$ProcGraphBuilder.buildCustomGraph(ProcessEngine.java:239)
at net.sf.fmj.media.ProcessEngine$ProcGraphBuilder.buildGraph(ProcessEngine.java:252)
at net.sf.fmj.media.ProcessEngine$ProcTControl.buildTrack(ProcessEngine.java:688)
at net.sf.fmj.media.PlaybackEngine.doRealize1(PlaybackEngine.java:1135)
at net.sf.fmj.media.ProcessEngine.doRealize(ProcessEngine.java:1197)
at net.sf.fmj.media.RealizeWorkThread.process(BasicController.java:1145)
at net.sf.fmj.media.StateTransitionWorkThread.run(BasicController.java:1224)
2022-07-06 12:01:40.841 SCHWERWIEGEND: [181] net.java.sip.communicator.util.UtilActivator.uncaughtException: An uncaught exception occurred in thread=Thread[FMJ Thread: net.sf.fmj.media.ProcessEngine@4f729af0[ net.sf.fmj.media.ProcessEngine@4f729af0 ] ( realizeThread),9,system], and message was: no jng722 in java.library.path: [/usr/share/jigasi/lib]
java.lang.UnsatisfiedLinkError: no jng722 in java.library.path: [/usr/share/jigasi/lib]
at java.base/java.lang.ClassLoader.loadLibrary(ClassLoader.java:2673)
at java.base/java.lang.Runtime.loadLibrary0(Runtime.java:830)
at java.base/java.lang.System.loadLibrary(System.java:1873)
at org.jitsi.impl.neomedia.codec.audio.g722.JNIDecoder.(JNIDecoder.java:17)
at org.jitsi.impl.neomedia.codec.audio.g722.JNIDecoderImpl.doOpen(JNIDecoderImpl.java:85)
at org.jitsi.impl.neomedia.codec.AbstractCodec2.open(AbstractCodec2.java:412)
at net.sf.fmj.media.BasicFilterModule.doRealize(BasicFilterModule.java:83)
at net.sf.fmj.media.PlaybackEngine.buildTrackFromGraph(PlaybackEngine.java:579)
at net.sf.fmj.media.ProcessEngine$ProcGraphBuilder.buildTrackFromGraph(ProcessEngine.java:262)
at net.sf.fmj.media.ProcessEngine$ProcGraphBuilder.buildCustomGraph(ProcessEngine.java:239)
at net.sf.fmj.media.ProcessEngine$ProcGraphBuilder.buildGraph(ProcessEngine.java:252)
at net.sf.fmj.media.ProcessEngine$ProcTControl.buildTrack(ProcessEngine.java:688)
at net.sf.fmj.media.PlaybackEngine.doRealize1(PlaybackEngine.java:1135)
at net.sf.fmj.media.ProcessEngine.doRealize(ProcessEngine.java:1197)
at net.sf.fmj.media.RealizeWorkThread.process(BasicController.java:1145)
at net.sf.fmj.media.StateTransitionWorkThread.run(BasicController.java:1224)
2022-07-06 12:01:50.829 INFORMATION: [157] net.java.sip.communicator.service.protocol.media.TransportManager.sendHolePunchPacket: Send NAT hole punch packets
2022-07-06 12:01:50.841 SCHWERWIEGEND: [172] InDataSourceDesc$1.run#151: Failed to connect to inDataSource ReceiveStreamPushBufferDataSource with hashCode 383466274
java.io.IOException: Couldn’t realize transcoding processor.

I’m stuck again :unamused:

Could not initialize class org.jitsi.impl.neomedia.codec.audio.g722.JNIDecoder

Which java version are you using? It should be java 11.

My Java Version
java --version
openjdk 11.0.15 2022-04-19
OpenJDK Runtime Environment (build 11.0.15+10-Ubuntu-0ubuntu0.22.04.1)
OpenJDK 64-Bit Server VM (build 11.0.15+10-Ubuntu-0ubuntu0.22.04.1, mixed mode, sharing)

And it seems like commenting out Codecs doesnt do anything.
As well as the propertie OVERRIDE_ENCODINGS.

I’m sorry for all the hassle.

This sounds like a bug …
Can you install the latest jigasi from the unstable repo and try that?

I guess i could, with a new VM.

But i will wait for a new debian / ubuntu release or try with a new vm in the future.

I just did another test with latest 1.1-266-g49d267d-1 and with 1.1-259-g25c51d6-1 on a new VM ubuntu 22.04 and everything is working fine.

Can you clean the logs and restart jigasi and upload the logs here?

jicofo.log (28.0 KB)
jigasi.log (56.2 KB)
jvb.log (2.0 MB)
prosody.log (8.6 KB)

I deleted the logs, rebooted the server and made one incomming and one outgoing call. Both had no audio. on last test i had one / two way audio with incoming calls. Our Asterisk and jitsi are on the same Network. i tested with local phones.

What are the jigasi logs if you change this and restart jigasi:

net.java.sip.communicator.impl.protocol.sip.acc1403273890647.Encodings.G722/8000=0