[Pidgin] #14655: XMPP+SSL: nss: Handshake failed (-5938)

Pidgin trac at pidgin.im
Tue Oct 11 00:32:40 EDT 2011 

#14655: XMPP+SSL: nss: Handshake failed (-5938)
--------------------+-------------------------------------------------------
 Reporter:  kardan  |     Owner:  deryni
     Type:  defect  |    Status:  new   
Component:  XMPP    |   Version:  2.10.0
 Keywords:          |  
--------------------+-------------------------------------------------------
 '''XMPP connections to jabber.ccc.de (and others) fail.

 ssl required, port 5222:
 {{{
 (06:30:29) account: Connecting to account ACCOUNT.
 (06:30:29) connection: Connecting. gc = 0xb98a0018
 (06:30:29) proxy: No environment settings found, not using a proxy
 (06:30:29) dnssrv: querying SRV record for jabber.ccc.de: _xmpp-
 client._tcp.jabber.ccc.de
 (06:30:29) dnssrv: found 2 SRV entries
 (06:30:29) proxy: No environment settings found, not using a proxy
 (06:30:29) dnsquery: Performing DNS lookup for jabberd.jabber.ccc.de
 (06:30:29) proxy: No environment settings found, not using a proxy
 (06:30:29) dns: Wait for DNS child 12305 failed: Keine Kind-Prozesse
 (06:30:29) dns: Created new DNS child 12608, there are now 1 children.
 (06:30:29) dns: Successfully sent DNS request to child 12608
 (06:30:29) dns: Got response for 'jabberd.jabber.ccc.de'
 (06:30:29) dnsquery: IP resolved for jabberd.jabber.ccc.de
 (06:30:29) proxy: Attempting connection to 217.10.10.196
 (06:30:29) proxy: Connecting to jabberd.jabber.ccc.de:5222 with no proxy
 (06:30:29) proxy: Connection in progress
 (06:30:29) proxy: Connecting to jabberd.jabber.ccc.de:5222.
 (06:30:29) proxy: Connected to jabberd.jabber.ccc.de:5222.
 (06:30:29) jabber: Recv (171): <?xml version='1.0'?><stream:stream
 xmlns='jabber:client' xmlns:stream='http://etherx.jabber.org/streams'
 id='1458352364' from='jabber.ccc.de' version='1.0' xml:lang='en'>
 (06:30:29) jabber: Recv (410): <stream:features><starttls
 xmlns='urn:ietf:params:xml:ns:xmpp-tls'/><mechanisms
 xmlns='urn:ietf:params:xml:ns:xmpp-
 sasl'><mechanism>PLAIN</mechanism><mechanism>DIGEST-
 MD5</mechanism></mechanisms><c xmlns='http://jabber.org/protocol/caps'
 hash='sha-1' node='http://www.process-one.net/en/ejabberd/'
 ver='o8zQAtrb2wELMmZizvbnpvqp5cE='/><register
 xmlns='http://jabber.org/features/iq-register'/></stream:features>
 (06:30:30) jabber: Recv (50): <proceed xmlns='urn:ietf:params:xml:ns:xmpp-
 tls'/>
 (06:30:30) nss: subject=CN=jabber.ccc.de,O=Chaos Computer Club
 e.V.,L=Hamburg,ST=Hamburg,C=DE issuer=CN=CAcert Class 3
 Root,OU=http://www.CAcert.org,O=CAcert Inc.
 (06:30:30) nss: subject=CN=CAcert Class 3
 Root,OU=http://www.CAcert.org,O=CAcert Inc.
 issuer=E=support at cacert.org,CN=CA Cert Signing
 Authority,OU=http://www.cacert.org,O=Root CA
 (06:30:30) nss: subject=E=support at cacert.org,CN=CA Cert Signing
 Authority,OU=http://www.cacert.org,O=Root CA
 issuer=E=support at cacert.org,CN=CA Cert Signing
 Authority,OU=http://www.cacert.org,O=Root CA
 (06:30:30) certificate/x509/tls_cached: Starting verify for jabber.ccc.de
 (06:30:30) certificate/x509/tls_cached: Checking for cached cert...
 (06:30:30) certificate/x509/tls_cached: ...Found cached cert
 (06:30:30) nss/x509: Loading certificate from
 HOME/.purple/certificates/x509/tls_peers/jabber.ccc.de
 (06:30:30) certificate/x509/tls_cached: Peer cert matched cached
 (06:30:30) nss/x509: Exporting certificate to
 HOME/.purple/certificates/x509/tls_peers/jabber.ccc.de
 (06:30:30) util: Writing file
 HOME/.purple/certificates/x509/tls_peers/jabber.ccc.de
 (06:30:30) certificate: Successfully verified certificate for
 jabber.ccc.de
 (06:30:30) jabber: Recv (ssl)(171): <?xml version='1.0'?><stream:stream
 xmlns='jabber:client' xmlns:stream='http://etherx.jabber.org/streams'
 id='3769447603' from='jabber.ccc.de' version='1.0' xml:lang='en'>
 (06:30:30) jabber: Recv (ssl)(359): <stream:features><mechanisms
 xmlns='urn:ietf:params:xml:ns:xmpp-
 sasl'><mechanism>PLAIN</mechanism><mechanism>DIGEST-
 MD5</mechanism></mechanisms><c xmlns='http://jabber.org/protocol/caps'
 hash='sha-1' node='http://www.process-one.net/en/ejabberd/'
 ver='o8zQAtrb2wELMmZizvbnpvqp5cE='/><register
 xmlns='http://jabber.org/features/iq-register'/></stream:features>
 (06:30:30) sasl: sasl_state is -1, failing the mech and trying again
 (06:30:30) connection: Connection error on 0xb98a0018 (reason: 3
 description: Der Server benutzt keine der unterstützten
 Authentifizierungsmethoden)
 (06:30:30) account: Disconnecting account ACCOUNT (0xb93000b8)
 (06:30:30) connection: Disconnecting connection 0xb98a0018
 (06:30:30) connection: Destroying connection 0xb98a0018
 }}}

 connecting via old ssl:
 {{{
 (06:16:31) account: Connecting to account ACCOUNT.
 (06:16:31) connection: Connecting. gc = 0xb98ab830
 (06:16:31) dnsquery: Performing DNS lookup for jabber.ccc.de
 (06:16:31) dns: Wait for DNS child 12165 failed: Keine Kind-Prozesse
 (06:16:31) dns: Created new DNS child 12175, there are now 1 children.
 (06:16:31) dns: Successfully sent DNS request to child 12175
 (06:16:31) dns: Got response for 'jabber.ccc.de'
 (06:16:31) dnsquery: IP resolved for jabber.ccc.de
 (06:16:31) proxy: Attempting connection to 217.10.10.194
 (06:16:31) proxy: Connecting to jabber.ccc.de:5222 with no proxy
 (06:16:31) proxy: Connection in progress
 (06:16:31) proxy: Connecting to jabber.ccc.de:5222.
 (06:16:31) proxy: Connected to jabber.ccc.de:5222.
 (06:16:31) '''nss: Handshake failed  (-5938)'''
 (06:16:31) connection: Connection error on 0xb98ab830 (reason: 5
 description: SSL-Verhandlung gescheitert)
 (06:16:31) account: Disconnecting account ACCOUNT (0xb93000b8)
 (06:16:31) connection: Disconnecting connection 0xb98ab830
 (06:16:31) connection: Destroying connection 0xb98ab830
 }}}

 Please see http://forums.freebsd.org/showthread.php?t=26077 for reference.

 Could be a server misconfiguration: https://support.process-
 one.net/browse/EJAB-1125

 Thanks for your precious time!

-- 
Ticket URL: <http://developer.pidgin.im/ticket/14655>
Pidgin <http://pidgin.im>
Pidgin

More information about the Tracker mailing list