[DRE-maint] Bug#483974: xmpp4r failed connecting to gtalk possible due to bug in libopenssl-ruby1.8

darren darren.hoo at gmail.com
Fri Jun 6 16:06:38 UTC 2008 

2008/6/6 Lucas Nussbaum <lucas at lucas-nussbaum.net>:

> On 06/06/08 at 17:24 +0800, darren wrote:
> > 2008/6/6 Lucas Nussbaum <lucas at lucas-nussbaum.net>:
> >
> > > reassign 483974 libxmpp4r-ruby1.8
> > > severity 483974 wishlist
> > > retitle 483974 doesn't allow to connect to googletalk [fixed in
> git/svn]
> > > thanks
> > > On 04/06/08 at 23:30 +0800, darren wrote:
> > > > 2008/6/4 darren <darren.hoo at gmail.com>:
> > > > > 2008/6/4 Lucas Nussbaum <lucas at lucas-nussbaum.net>:
> > > > > On 01/06/08 at 23:40 +0800, darren wrote:
> > > > >> > Package: libopenssl-ruby1.8
> > > > >> > Version: 1.8.6.114-2
> > > > >> > Severity: normal
> > > > >> >
> > > > >> > I tried to connect to gtalk using xmpp4r,but failed,I tried to
> track
> > > > >> > down the problem,later found that it may be caused by this ruby
> > > libray.
> > > > >> > a simple test code to verify:
> > > > >> >
> > > > >> > ----------------
> > > > >> > require 'openssl'
> > > > >> > require 'socket'
> > > > >> >
> > > > >> >
> > > > >> > socket = TCPSocket.new("talk.google.com", 5223)
> > > > >> >
> > > > >> > ctx = OpenSSL::SSL::SSLContext.new('TLSv1')
> > > > >> >
> > > > >> > sslsocket = OpenSSL::SSL::SSLSocket.new(socket, ctx)
> > > > >> >
> > > > >> > begin
> > > > >> >   puts "Start connect"
> > > > >> >     sslsocket.connect
> > > > >> > rescue OpenSSL::SSL::SSLError => ssle
> > > > >> >     puts "------------------#{ssle.message}---------------"
> > > > >> > end
> > > > >> >
> > > > >> > puts "finished"
> > > > >> > -----------------
> > > > >> >
> > > > >> > It failed,but gave no reason,because ssle.message was empty.
> > > > >> > same code runs fine on a lenny machine.
> > > > >>
> > > > >> Hi darren,
> > > > >>
> > > > >> Can you still reproduce this? It works fine here. Maybe it was
> fixed
> > > on
> > > > >> Google's side?
> > > > >
> > > > > Thanks for you response
> > > > > Problem exists on my Debian Sid,But I tried it on a windows box
> with
> > > ruby
> > > > > 1.8.6,everything just goes fine,and xmpp4r works just fine too.
> > > > > So I suspect it to be a Linux or rather Debian related bug.I have
> also
> > > > > downloads ruby source code and compile myself,still the problem
> exists.
> > > > >
> > > >
> > > > sorry,I have forgotten to mention that I have upgrade ruby version to
> > > 1.8.7
> > > > in unstable, running the above code gives the message now,it is :
> > > >    SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read server
> hello A
> > > > I have googled around the error message for a long time ,just don't
> know
> > > how
> > > > to figure out what does the error code above means.
> > >
> > > Hi Darren,
> > >
> > > I spent some time on this (since I'm also XMPP4R's original developer,
> I
> > > had some special motivation :-)
> > >
> > > XMPP4R doesn't allow to connect to Google Talk, because it needs to
> > > support the old SSL protocol. I added support for that in SVN. See
> > >
> http://github.com/ln/xmpp4r/commit/bedd0a0a3a18c07ffee0806c52d0e5a95a57671d
> > > and
> > >
> http://github.com/ln/xmpp4r/commit/d232fdeec59b4f4517914608da95099349eaa418
> > >
> > > I'm reassigning this bug to libxmpp4r-ruby1.8, and lowering the
> severity
> > > to wishlist. It will be fixed when we make a new XMPP4R release and I
> > > update the Debian package.
> >
> > Thanks,it works for me now.Actullay I have also noticed the patch
> submitted
> > by  "姚春林"(a chinese name with three chinese charaters if you can not see
> > this correctly ) who is also chinese like me,but It's so old that I deem
> it
> > not related.
> >
> > I looked through the patch and found that it is not so friendly to the
> user
> > developper.
> > cl.connect("talk.l.google.com", 5223, true) # use port 5223 and SSL mode
> > I have to specify the host here which we can get by  resolving it from
> jid's
> > domain part, can we use an attr  like  use_old_ssl  as allow_ssl does?
> > just a suggestion.
>
> We could, if you send a patch :-)
>

Hi Lucas,
    I have forked xmpp4r on GitHub,There are many discussions about GitHub
on the xmpp4r-dev mailinglist,
   So I just gave it a try
   I've commited my code,but I can not find it changed on the code
browser,strange indeed.
   So I attached the diff

>
> > I am not very handy on tls/ssl,just get confused which is new and which
> is
> > deprecated ssl used by google,can you refer me to anything related?
>
> TLS over negociation on port 5222 is the recommended practice and is
> part of the XMPP standard.
>
I  found that gtalk actually accepts ssl connection  on port 5222

I just don't understand why the original code works on a windows box.

as to the code lines:
          sslsocket = OpenSSL::SSL::SSLSocket.new(@socket)
          sslsocket = OpenSSL::SSL::SSLSocket.new(@socket, ctx)

 what's the difference? I can not find any documentaion for this since "ri
OpenSSL::SSL" gives nothing.

direct SSL connection on 5223 is deprecated, used by google, and not
> part of the XMPP standard.
> --
> | Lucas Nussbaum
> | lucas at lucas-nussbaum.net   http://www.lucas-nussbaum.net/ |
> | jabber: lucas at nussbaum.fr             GPG: 1024D/023B3F4F |
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.alioth.debian.org/pipermail/pkg-ruby-extras-maintainers/attachments/20080607/ecd95e83/attachment.htm 
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: diff.txt
Url: http://lists.alioth.debian.org/pipermail/pkg-ruby-extras-maintainers/attachments/20080607/ecd95e83/attachment.txt

More information about the Pkg-ruby-extras-maintainers mailing list