Problem using Jigasi from Ubuntu package

Is the full chain of certs correctly setup? Test it with some online checker …

Yes, that should be the case.
I merged all crt files to a single one.

i storted them here /etc/prosody/certs and changed the corresponding lines in /etc/prosody/conf.d/meet.domain.de.cfg.lua

I get this
java.security.cert.CertificateException: Hostname verification of certificate failed. Certificate does not authenticate auth.meet.domain.de
at org.jivesoftware.smack.tcp.XMPPTCPConnection.proceedTLSReceived(XMPPTCPConnection.java:766)
at org.jivesoftware.smack.tcp.XMPPTCPConnection.access$1400(XMPPTCPConnection.java:131)
at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.parsePackets(XMPPTCPConnection.java:990)
at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.access$700(XMPPTCPConnection.java:916)
at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader$1.run(XMPPTCPConnection.java:939)
at java.base/java.lang.Thread.run(Thread.java:829)
JVB 2022-07-06 07:12:04.864 INFORMATION: [93] org.jivesoftware.smack.java7.XmppHostnameVerifier.verify: Certificate does not match hostname
java.security.cert.CertificateException: No subject alternative DNS name matching auth.meet.domain.de found. Tried: .domain.de,.domain.com,domain.com,domain.de,
at org.jivesoftware.smack.java7.XmppHostnameVerifier.matchDns(XmppHostnameVerifier.java:159)
at org.jivesoftware.smack.java7.XmppHostnameVerifier.match(XmppHostnameVerifier.java:105)
at org.jivesoftware.smack.java7.XmppHostnameVerifier.verify(XmppHostnameVerifier.java:71)
at org.jivesoftware.smack.tcp.XMPPTCPConnection.proceedTLSReceived(XMPPTCPConnection.java:762)
at org.jivesoftware.smack.tcp.XMPPTCPConnection.access$1400(XMPPTCPConnection.java:131)
at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.parsePackets(XMPPTCPConnection.java:990)
at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.access$700(XMPPTCPConnection.java:916)
at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader$1.run(XMPPTCPConnection.java:939)
at java.base/java.lang.Thread.run(Thread.java:829)

Looks like it doenst work with a wildcard cert

For that, do you have this set?

Right. have this set all the time. I allready set up a second server. Same problem. Tried with our Wildcard Cert and with self signed cert.
With and Without ALWAYS Trust option.
I dont get whats wrong with this…

I tried to Dial in to a pre default room. This works!
So only dial out seems to be problematic…

To clarify…for dialing out i go to “invite person” and use the featue there.
I read in old docs and threads that there should be a “+” sign in the toolbar, but that is not available for me.

This auth thing is about jigasi joining the brewery room so jicofo can discover it for dial out.
Which jigasi version do you use?

That was broken at some point and was fixed in fix: Enabling CertificateService.PNAME_ALWAYS_TRUST with xmpp. · jitsi/jigasi@e501b84 · GitHub

So the fix is in jigasi_1.1-253-gae4b5a4-1

if i run
apt-get -s install jigasi
i get
jigasi ist schon die neueste Version (1.1-259-g25c51d6-1)

Hum, this is strange if you have ALWAYS_TRUST_MODE_ENABLED=true … I have been fixing in testing that recently.

Some news… i have switched the certificate in nginx (never did before) with our wildcard certificate.
Now its working !!! Dont know why…the certificates in prosody are still the selfsigned certs.

But i cant hear or talk on the sip client.

Maybe i should leave only one or two codecs available.

SCHWERWIEGEND: [175] net.java.sip.communicator.util.UtilActivator.uncaughtException: An uncaught exception occurred in thread=Thread[FMJ Thread: net.sf.fmj.media.ProcessEngine@100f7c51[ net.sf.fmj.media.ProcessEngine@100f7c51 ] ( realizeThread),9,system], and message was: no jng722 in java.library.path: [/usr/share/jigasi/lib]
java.lang.UnsatisfiedLinkError: no jng722 in java.library.path: [/usr/share/jigasi/lib]
at java.base/java.lang.ClassLoader.loadLibrary(ClassLoader.java:2673)
at java.base/java.lang.Runtime.loadLibrary0(Runtime.java:830)
at java.base/java.lang.System.loadLibrary(System.java:1873)
at org.jitsi.impl.neomedia.codec.audio.g722.JNIEncoder.(JNIEncoder.java:17)
at org.jitsi.impl.neomedia.codec.audio.g722.JNIEncoderImpl.doOpen(JNIEncoderImpl.java:67)
at org.jitsi.impl.neomedia.codec.AbstractCodec2.open(AbstractCodec2.java:412)
at net.sf.fmj.media.BasicFilterModule.doRealize(BasicFilterModule.java:83)
at net.sf.fmj.media.PlaybackEngine.buildTrackFromGraph(PlaybackEngine.java:579)
at net.sf.fmj.media.ProcessEngine$ProcGraphBuilder.buildTrackFromGraph(ProcessEngine.java:262)
at net.sf.fmj.media.ProcessEngine$ProcGraphBuilder.buildCustomGraph(ProcessEngine.java:239)
at net.sf.fmj.media.ProcessEngine$ProcGraphBuilder.buildGraph(ProcessEngine.java:252)
at net.sf.fmj.media.ProcessEngine$ProcTControl.buildTrack(ProcessEngine.java:688)
at net.sf.fmj.media.PlaybackEngine.doRealize1(PlaybackEngine.java:1135)
at net.sf.fmj.media.ProcessEngine.doRealize(ProcessEngine.java:1197)
at net.sf.fmj.media.RealizeWorkThread.process(BasicController.java:1145)
at net.sf.fmj.media.StateTransitionWorkThread.run(BasicController.java:1224)
2022-07-06 12:01:40.841 SCHWERWIEGEND: [181] net.java.sip.communicator.util.UtilActivator.uncaughtException: An uncaught exception occurred in thread=Thread[FMJ Thread: net.sf.fmj.media.ProcessEngine@4f729af0[ net.sf.fmj.media.ProcessEngine@4f729af0 ] ( realizeThread),9,system], and message was: no jng722 in java.library.path: [/usr/share/jigasi/lib]
java.lang.UnsatisfiedLinkError: no jng722 in java.library.path: [/usr/share/jigasi/lib]
at java.base/java.lang.ClassLoader.loadLibrary(ClassLoader.java:2673)
at java.base/java.lang.Runtime.loadLibrary0(Runtime.java:830)
at java.base/java.lang.System.loadLibrary(System.java:1873)
at org.jitsi.impl.neomedia.codec.audio.g722.JNIDecoder.(JNIDecoder.java:17)
at org.jitsi.impl.neomedia.codec.audio.g722.JNIDecoderImpl.doOpen(JNIDecoderImpl.java:85)
at org.jitsi.impl.neomedia.codec.AbstractCodec2.open(AbstractCodec2.java:412)
at net.sf.fmj.media.BasicFilterModule.doRealize(BasicFilterModule.java:83)
at net.sf.fmj.media.PlaybackEngine.buildTrackFromGraph(PlaybackEngine.java:579)
at net.sf.fmj.media.ProcessEngine$ProcGraphBuilder.buildTrackFromGraph(ProcessEngine.java:262)
at net.sf.fmj.media.ProcessEngine$ProcGraphBuilder.buildCustomGraph(ProcessEngine.java:239)
at net.sf.fmj.media.ProcessEngine$ProcGraphBuilder.buildGraph(ProcessEngine.java:252)
at net.sf.fmj.media.ProcessEngine$ProcTControl.buildTrack(ProcessEngine.java:688)
at net.sf.fmj.media.PlaybackEngine.doRealize1(PlaybackEngine.java:1135)
at net.sf.fmj.media.ProcessEngine.doRealize(ProcessEngine.java:1197)
at net.sf.fmj.media.RealizeWorkThread.process(BasicController.java:1145)
at net.sf.fmj.media.StateTransitionWorkThread.run(BasicController.java:1224)
2022-07-06 12:01:50.829 INFORMATION: [157] net.java.sip.communicator.service.protocol.media.TransportManager.sendHolePunchPacket: Send NAT hole punch packets
2022-07-06 12:01:50.841 SCHWERWIEGEND: [172] InDataSourceDesc$1.run#151: Failed to connect to inDataSource ReceiveStreamPushBufferDataSource with hashCode 383466274
java.io.IOException: Couldn’t realize transcoding processor.

I’m stuck again :unamused:

Could not initialize class org.jitsi.impl.neomedia.codec.audio.g722.JNIDecoder

Which java version are you using? It should be java 11.

My Java Version
java --version
openjdk 11.0.15 2022-04-19
OpenJDK Runtime Environment (build 11.0.15+10-Ubuntu-0ubuntu0.22.04.1)
OpenJDK 64-Bit Server VM (build 11.0.15+10-Ubuntu-0ubuntu0.22.04.1, mixed mode, sharing)

And it seems like commenting out Codecs doesnt do anything.
As well as the propertie OVERRIDE_ENCODINGS.

I’m sorry for all the hassle.

This sounds like a bug …
Can you install the latest jigasi from the unstable repo and try that?

I guess i could, with a new VM.

But i will wait for a new debian / ubuntu release or try with a new vm in the future.

I just did another test with latest 1.1-266-g49d267d-1 and with 1.1-259-g25c51d6-1 on a new VM ubuntu 22.04 and everything is working fine.

Can you clean the logs and restart jigasi and upload the logs here?

jicofo.log (28.0 KB)
jigasi.log (56.2 KB)
jvb.log (2.0 MB)
prosody.log (8.6 KB)

I deleted the logs, rebooted the server and made one incomming and one outgoing call. Both had no audio. on last test i had one / two way audio with incoming calls. Our Asterisk and jitsi are on the same Network. i tested with local phones.

What are the jigasi logs if you change this and restart jigasi:

net.java.sip.communicator.impl.protocol.sip.acc1403273890647.Encodings.G722/8000=0

jigasi.log (57.3 KB)
sip-communicator.properties.txt (14.4 KB)

Here my new log and my current config from /etc/jitsi/jigasi/

Short update…i now understand how to use the encoding settings…i tested all codecs that our asterisk supprots (aLaw, uLaw, gsm, g722).
G722 → jigasi log failure as written above.

All other codecs seems to work fine. No warning, no errors, but no audio.
Only warning on asterisk side i get is “no sample for xxxx” (depends on which codec i use). But that shouldnt be a problem.

Still not working.
Set up a new Server. Ths time with Debian. Installed directly debian nightly package.
Standard configuration, just added doamin and SIP username, password and server.

get certifiacte error, just like the beginning.
Added “Always trust”, no difference…Great :-\

seems like i need to add our wildcard certificate to nginx to get rid of this error.
I can’t generate lets encrypt certs, because its just for inhouse use.

Edit:
With my cert in nginx the errors are gone, but same problem as with ubuntu. No audio. With g722 warning like described.

I get a feeling with lets encrypt cets it might work…i just cant use my cert with prosody because it doesnt accept it, it needs the subdomain as an alias.

I might try with lets encrypt sometime…