Bug#854210: libnet-xmpp-perl: sendxmpp can't send message to hangouts (work fine for 1.02-5)

gregor herrmann gregoa at debian.org
Wed Jun 28 19:25:28 UTC 2017 

Control: reassign -1 sendxmpp 1.23-1.1
Control: severity -1 important
Control: retitle -1 sendxmpp: sendxmpp can't send message with TLS/SSL without passing -tls-ca-path

On Wed, 28 Jun 2017 00:09:12 +0200, Markus Gschwendt wrote:

> > > Maybe I miss something obvious, but IMHO the bug should 1/ be
> > > reassigned to sendxmpp itself. Then the question is if sendxmpp
> > > should
> > > be patches actually (if so it might need to depend on
> > > ca-certificates), or "just" document when
> > > -tls-ca-path="/etc/ssl/certs" needs to be passed.
> If people don't like to use SSL (which i would consider as a bad idea
> these days) they also don't want a dependency on ca-certificates. So it
> should be a 'reccomended package'.

I think that's not really an option, as what we are seeing here, and
that's the start of the bug report, is tjat there are servers which
enforce TLS/SSL.
(But maybe I'm wrong here.)
 
> > Ack, AFAICS Net::XMPP fixed a bug (ignoring the path to the certs)
> > and this triggered the necessity for sendxmpp to set it (by the user
> > or in the code). 
> I'd like to have the default set in Net::XMPP debian package to have it
> available in several applications which use this library.

I don't see a place of/for default values there, and I still think
it's the wrong place.

Net::XMPP::Connection offers a Connect() method (which is used by
sendxmpp [0]) which optionally offers to set some TLS/SSL parameters.
They can also be left out but saying "yes we want TLS/SSL but we
don't tell you were to find the certs", as sendxmpp does, breaks
later in the underlying XML::Stream.

Or in other words: I think sendxmpp is just using
Net::XMPP::Connection wrong.

> Maybe in sendxmpp too.

I'm still sure that it belongs there because it is sendxmpp which
sets tls-ca-path explicitly to an empty value which then causes
havoc.

BTW, in the meantime I think it belongs in line
80               $$cmdline{'tls-ca-path'} || $$config{'tls-ca-path'} || '/etc/ssl/certs',

Alternatively, just dropping the empty string seems to work too:
80               $$cmdline{'tls-ca-path'} || $$config{'tls-ca-path'},


Conclusion:
So far we only see problems with sendxmpp; sendxmpp is not broken
(manually setting the parameters works) but is sub-optimal: it would
profit from either setting a default path or not setting an empty
path (!). And the fix is easy as well.

Therefore I'm now reassigning the bug to sendxmpp and lowering the
severity.


Cheers,
gregor


[0]
Arguably a bad idea, as that's an internal module according to its
documentation but anyway.

-- 
 .''`.  https://info.comodo.priv.at/ - Debian Developer https://www.debian.org
 : :' : OpenPGP fingerprint D1E1 316E 93A7 60A8 104D  85FA BB3A 6801 8649 AA06
 `. `'  Member of VIBE!AT & SPI, fellow of the Free Software Foundation Europe
   `-   NP: Element of Crime: Moonlight
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 963 bytes
Desc: Digital Signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-perl-maintainers/attachments/20170628/0dc744e0/attachment.sig>

More information about the pkg-perl-maintainers mailing list