[Pidgin] #7367: "Old SSL" for XMPP doesn't work

Sun Oct 26 13:58:29 EDT 2008

#7367: "Old SSL" for XMPP doesn't work
--------------------+-------------------------------------------------------
 Reporter:  Lam     |        Owner:  deryni
     Type:  defect  |       Status:  new   
Milestone:          |    Component:  XMPP  
  Version:  2.5.2   |   Resolution:        
 Keywords:          |  
--------------------+-------------------------------------------------------
Changes (by datallah):

  * owner:  lschiere => deryni
  * component:  unclassified => XMPP

Old description:

> In XMPP, I can't connect to ejabberd server jabster.pl if I force it to
> use old SSL on port 443 (which for many people is a must, unfortunately).
> It just hangs pretending to be still connecting. Debug window shows:
>
> (10:26:46) certificate: Successfully verified certificate for jabster.pl
> (10:26:46) jabber: Sending (ssl): <?xml version='1.0' ?>
> (10:26:46) jabber: Sending (ssl): <stream:stream to='jabster.pl'
> xmlns='jabber:client' xmlns:stream='http://etherx.jabber.org/streams'
> version='1.0'>
> (10:26:46) jabber: Recv (ssl)(531): <?xml version='1.0'?><stream:stream
> xmlns='jabber:client' xmlns:stream='http://etherx.jabber.org/streams'
> id='1830867428' from='jabster.pl' version='1.0'
> xml:lang='pl'><stream:features><starttls xmlns='urn:ietf:params:xml:ns
> :xmpp-tls'/><compression
> xmlns='http://jabber.org/features/compress'><method>zlib</method></compression><mechanisms
> xmlns='urn:ietf:params:xml:ns:xmpp-sasl'><mechanism>DIGEST-
> MD5</mechanism><mechanism>PLAIN</mechanism></mechanisms><register
> xmlns='http://jabber.org/features/iq-register'/></stream:features>
> (10:26:46) jabber: Sending (ssl): <starttls xmlns='urn:ietf:params:xml:ns
> :xmpp-tls'/>
> (10:26:46) jabber: Recv (ssl)(50): <proceed xmlns='urn:ietf:params:xml:ns
> :xmpp-tls'/>
>
> I don't understand why does it send starttls if it's already going
> through SSL. This may me a problem, as when I disable the non-working
> account that's theoretically still trying to connect (or the server drops
> inactive connection after two minutes), it says:
>
> (10:34:15) account: Disconnecting account 0x90a6270
> (10:34:15) connection: Disconnecting connection 0xa5853a8
> (10:34:15) jabber: Sending (ssl): </stream:stream>
> (10:34:15) jabber: XML parser error for JabberStream 0xa5362c8: Domain 1,
> code 5, level 3: Extra content at the end of the document
>
> On the other hand, it _always_ says "extra content" when I disconnect
> perfectly working GTalk connection, so it's probably not connected.
>
> This is on Fedora 9 and uses NSS, not GnuTLS, if that makes anything
> different.

New description:

 In XMPP, I can't connect to ejabberd server jabster.pl if I force it to
 use old SSL on port 443 (which for many people is a must, unfortunately).
 It just hangs pretending to be still connecting. Debug window shows:

 {{{
 (10:26:46) certificate: Successfully verified certificate for jabster.pl
 (10:26:46) jabber: Sending (ssl): <?xml version='1.0' ?>
 (10:26:46) jabber: Sending (ssl): <stream:stream to='jabster.pl'
 xmlns='jabber:client' xmlns:stream='http://etherx.jabber.org/streams'
 version='1.0'>
 (10:26:46) jabber: Recv (ssl)(531): <?xml version='1.0'?><stream:stream
 xmlns='jabber:client' xmlns:stream='http://etherx.jabber.org/streams'
 id='1830867428' from='jabster.pl' version='1.0'
 xml:lang='pl'><stream:features><starttls xmlns='urn:ietf:params:xml:ns
 :xmpp-tls'/><compression
 xmlns='http://jabber.org/features/compress'><method>zlib</method></compression><mechanisms
 xmlns='urn:ietf:params:xml:ns:xmpp-sasl'><mechanism>DIGEST-
 MD5</mechanism><mechanism>PLAIN</mechanism></mechanisms><register
 xmlns='http://jabber.org/features/iq-register'/></stream:features>
 (10:26:46) jabber: Sending (ssl): <starttls xmlns='urn:ietf:params:xml:ns
 :xmpp-tls'/>
 (10:26:46) jabber: Recv (ssl)(50): <proceed xmlns='urn:ietf:params:xml:ns
 :xmpp-tls'/>
 }}}

 I don't understand why does it send starttls if it's already going through
 SSL. This may me a problem, as when I disable the non-working account
 that's theoretically still trying to connect (or the server drops inactive
 connection after two minutes), it says:

 {{{
 (10:34:15) account: Disconnecting account 0x90a6270
 (10:34:15) connection: Disconnecting connection 0xa5853a8
 (10:34:15) jabber: Sending (ssl): </stream:stream>
 (10:34:15) jabber: XML parser error for JabberStream 0xa5362c8: Domain 1,
 code 5, level 3: Extra content at the end of the document
 }}}

 On the other hand, it _always_ says "extra content" when I disconnect
 perfectly working GTalk connection, so it's probably not connected.

 This is on Fedora 9 and uses NSS, not GnuTLS, if that makes anything
 different.

--

Comment:

 The "extra content" message isn't a problem.

-- 
Ticket URL: <http://developer.pidgin.im/ticket/7367#comment:1>
Pidgin <http://pidgin.im>
Pidgin