infinit loop with "openssl s_client -connect xmpp-gmx.gmx.net:5222 -starttls xmpp"

Bug #654493 reported by Oleksij Rempel on 2010-10-04
24
This bug affects 4 people
Affects Status Importance Assigned to Milestone
OpenSSL
Invalid
Unknown
openssl (Ubuntu)
Undecided
Unassigned

Bug Description

Binary package hint: openssl

i try to check sertifikat of jabber server i use, with fallowing result:
openssl s_client -connect xmpp-gmx.gmx.net:5222 -starttls xmpp -debug

CONNECTED(00000003)
write to 0x258bf60 [0x7fff56396990] (121 bytes => 121 (0x79))
0000 - 3c 73 74 72 65 61 6d 3a-73 74 72 65 61 6d 20 78 <stream:stream x
0010 - 6d 6c 6e 73 3a 73 74 72-65 61 6d 3d 27 68 74 74 mlns:stream='htt
0020 - 70 3a 2f 2f 65 74 68 65-72 78 2e 6a 61 62 62 65 p://etherx.jabbe
0030 - 72 2e 6f 72 67 2f 73 74-72 65 61 6d 73 27 20 78 r.org/streams' x
0040 - 6d 6c 6e 73 3d 27 6a 61-62 62 65 72 3a 63 6c 69 mlns='jabber:cli
0050 - 65 6e 74 27 20 74 6f 3d-27 78 6d 70 70 2d 67 6d ent' to='xmpp-gm
0060 - 78 2e 67 6d 78 2e 6e 65-74 27 20 76 65 72 73 69 x.gmx.net' versi
0070 - 6f 6e 3d 27 31 2e 30 27-3e on='1.0'>
read from 0x258bf60 [0x2582e70] (8192 bytes => 238 (0xEE))
0000 - 3c 3f 78 6d 6c 20 76 65-72 73 69 6f 6e 3d 27 31 <?xml version='1
0010 - 2e 30 27 3f 3e 3c 73 74-72 65 61 6d 3a 73 74 72 .0'?><stream:str
0020 - 65 61 6d 20 78 6d 6c 6e-73 3d 27 6a 61 62 62 65 eam xmlns='jabbe
0030 - 72 3a 63 6c 69 65 6e 74-27 20 78 6d 6c 6e 73 3a r:client' xmlns:
0040 - 73 74 72 65 61 6d 3d 27-68 74 74 70 3a 2f 2f 65 stream='http://e
0050 - 74 68 65 72 78 2e 6a 61-62 62 65 72 2e 6f 72 67 therx.jabber.org
0060 - 2f 73 74 72 65 61 6d 73-27 20 69 64 3d 27 32 34 /streams' id='24
0070 - 34 32 33 35 33 33 38 37-27 20 66 72 6f 6d 3d 27 42353387' from='
0080 - 67 6d 78 2e 64 65 27 20-78 6d 6c 3a 6c 61 6e 67 gmx.de' xml:lang
0090 - 3d 27 65 6e 27 3e 3c 73-74 72 65 61 6d 3a 65 72 ='en'><stream:er
00a0 - 72 6f 72 3e 3c 68 6f 73-74 2d 75 6e 6b 6e 6f 77 ror><host-unknow
00b0 - 6e 20 78 6d 6c 6e 73 3d-27 75 72 6e 3a 69 65 74 n xmlns='urn:iet
00c0 - 66 3a 70 61 72 61 6d 73-3a 78 6d 6c 3a 6e 73 3a f:params:xml:ns:
00d0 - 78 6d 70 70 2d 73 74 72-65 61 6d 73 27 2f 3e 3c xmpp-streams'/><
00e0 - 2f 73 74 72 65 61 6d 3a-65 72 72 6f 72 3e /stream:error>
read from 0x258bf60 [0x2582e70] (8192 bytes => 16 (0x10))
0000 - 3c 2f 73 74 72 65 61 6d-3a 73 74 72 65 61 6d 3e </stream:stream>
read from 0x258bf60 [0x2582e70] (8192 bytes => 0 (0x0))
read from 0x258bf60 [0x2582e70] (8192 bytes => 0 (0x0))
read from 0x258bf60 [0x2582e70] (8192 bytes => 0 (0x0))
read from 0x258bf60 [0x2582e70] (8192 bytes => 0 (0x0))
read from 0x258bf60 [0x2582e70] (8192 bytes => 0 (0x0))
read from 0x258bf60 [0x2582e70] (8192 bytes => 0 (0x0))
read from 0x258bf60 [0x2582e70] (8192 bytes => 0 (0x0))
read from 0x258bf60 [0x2582e70] (8192 bytes => 0 (0x0))
read from 0x258bf60 [0x2582e70] (8192 bytes => 0 (0x0))
read from 0x258bf60 [0x2582e70] (8192 bytes => 0 (0x0))
read from 0x258bf60 [0x2582e70] (8192 bytes => 0 (0x0))
read from 0x258bf60 [0x2582e70] (8192 bytes => 0 (0x0))
read from 0x258bf60 [0x2582e70] (8192 bytes => 0 (0x0))

ProblemType: Bug
DistroRelease: Ubuntu 10.10
Package: openssl 0.9.8o-1ubuntu4
Uname: Linux 2.6.36-rc4-00134-g03a7ab0 x86_64
Architecture: amd64
Date: Mon Oct 4 12:39:43 2010
InstallationMedia: Ubuntu 10.10 "Maverick Meerkat" - Alpha amd64 (20100803.1)
ProcEnviron:
 LANG=de_DE.utf8
 SHELL=/bin/bash
SourcePackage: openssl

Oleksij Rempel (olerem) wrote :
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in openssl (Ubuntu):
status: New → Confirmed
andi5 (andi5) wrote :

Indeed, s_client seems to support only poor man's xmpp.
You can still use it if you temporarily rewrite gmx.de (or any xmpp-gmx.gmx.net hosted domain) to the ip address of xmpp-gmx.gmx.net in /etc/hosts and use "-connect gmx.net:5222".

(1) openssl does not detect the error situation at all and ends in an endless loop loop.
(2) it should use -servername as to attribute of the stream if tls extensions are enabled.

Neustradamus (neustradamus) wrote :

n°2638 : s_client -servername BLAH not honoured with -starttls xmpp
http://rt.openssl.org/Ticket/Display.html?user=guest&pass=guest&id=2638

n°2640 : [PATCH] support xmpp servers in starttls
http://rt.openssl.org/Ticket/Display.html?id=2640&user=guest&pass=guest

Daniel Llewellyn (diddledan) wrote :

this seems to be an upstream issue, as my macports compiled copy also suffers the same problem.

Changed in openssl:
status: Unknown → New
carloslp (carloslp) wrote :

The patch 2/4 of this series of patches http://rt.openssl.org/Ticket/Display.html?id=2860 fixes this issue.

[openssl.org #2860] [PATCH 2/4] Fix infinite loop on s_client starttls xmpp

If you want to apply only the patch 2/4 instead of the full serie you will have to refresh it.

carloslp (carloslp) wrote :

Here is the link for guest access: http://rt.openssl.org/Ticket/Display.html?id=2860&user=guest&pass=guest

And here is the link to that patch in question http://rt.openssl.org/Ticket/Attachment/34622/18511/

carloslp (carloslp) wrote :

Attached here the path

The attachment "0002-Fix-infinite-loop-on-s_client-starttls-xmpp.patch" of this bug report has been identified as being a patch. The ubuntu-reviewers team has been subscribed to the bug report so that they can review the patch. In the event that this is in fact not a patch you can resolve this situation by removing the tag 'patch' from the bug report and editing the attachment so that it is not flagged as a patch. Additionally, if you are member of the ubuntu-reviewers team please also unsubscribe the team from this bug report.

[This is an automated message performed by a Launchpad user owned by Brian Murray. Please contact him regarding any issues with the action taken in this bug report.]

tags: added: patch
Daniel Llewellyn (diddledan) wrote :

attempt to fix upstream but link

Changed in openssl:
status: New → Invalid
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.