Bug#1050336: libnet-xmpp-perl: unable to StartTLS, without any feedback
Cyril Brulebois
kibi at debian.org
Wed Aug 23 12:23:55 BST 2023
Package: libnet-xmpp-perl
Version: 1.05-1.1
Severity: serious
Justification: cannot perform basic authentication
Hi,
I have a few scripts around that use Net::XMPP to send notifications
when this or that happens, and all of them broke after upgrading from
bullseye to bookworm. This is definitely not related to changes on the
server side (which I control and didn't change), and other existing
hosts still on bullseye still work fine.
The error manifests itself like this:
AuthIQAuth requires a resource arguement at /local/wrapper.pm line 42.
Tracking it down, it appears AuthSend uses AuthSASL on bullseye (OK)
and AuthIQAuth on bookworm (KO). The latter is the fallback:
,---[ Net/XMPP/Protocol.pm ]---
| sub AuthSend
| {
[…]
| if($self->{STREAM}->GetStreamFeature($self->GetStreamID(),"xmpp-sasl"))
| {
| return $self->AuthSASL(%args);
| }
| return $self->AuthIQAuth(%args);
| }
`---
The GetStreamID isn't happy because it tries to pick the ID part of the
SESSION, which is missing.
Diving into the connection implementation, I managed to confirm that the
connection is established at first, giving me a $self->{SESSION} set,
but that goes away later on:
,---[ Net/XMPP/Connection.pm ]---
| sub Connect
| {
| if ($self->{SESSION})
| {
| $self->{DEBUG}->Log1("Connect: connection made");
|
| my $weak = $self;
| weaken $weak;
| $self->{STREAM}->SetCallBacks(node=>sub{ $weak->CallBack(@_) });
| $self->{CONNECTED} = 1;
| $self->{RECONNECTING} = 0;
|
| if (exists($self->{SESSION}->{version}) &&
| ($self->{SESSION}->{version} ne ""))
| {
| my $tls = $self->GetStreamFeature("xmpp-tls");
| if (defined($tls) && $self->{SERVER}->{tls})
| {
| $self->{SESSION} =
| $self->{STREAM}->StartTLS(
| $self->{SESSION}->{id},
| $self->{SERVER}->{timeout},
| );
Here be dragons.
| }
| elsif (defined($tls) && ($tls eq "required"))
| {
| $self->SetErrorCode("The server requires us to use TLS, but you did not specify that\nTLS was an option.");
| return;
| }
| }
|
| return 1;
| }
| else
| {
| $self->SetErrorCode($self->{STREAM}->GetErrorCode());
| return;
| }
`---
I also confirmed (yay for print-debugging) that the xmpp-tls branch is
entered, the StartTLS() fails for some reason (or at least returns
nothing at all), and $self->{SESSION} gets reset. The rest explodes.
There are only minor differences between the package in bullseye and
bookworm (mostly packaging metadata), so it looks to me something
external (undetermined at the moment) triggered this problem during
the upgrade. I thought I'd file my findings then think a little more
about a game plan.
Cheers,
--
Cyril Brulebois (kibi at debian.org) <https://debamax.com/>
D-I release manager -- Release team member -- Freelance Consultant
More information about the pkg-perl-maintainers
mailing list