search

errbotio / errbot

Errbot is a chatbot, a daemon that connects to your favorite chat service and bring your tools and some fun into the conversation.
http://errbot.io
GNU General Public License v3.0
3.13k stars 615 forks source link

feat: Ability to set ssl version for xmpp conections #1377

Closed sijis closed 4 years ago

sijis commented 5 years ago

Added config option to set the ssl version for xmpp client when making connections to services.

This may address issue #1228

I'm really unable to fully test this as I do not have access to any xmpp service. Any validation from xmpp users would be greatly appreciated.

immanuelfodor commented 5 years ago

Okay, so I've set up a test XMPP errbot according to the official docs, and it can't connect to a server with TLSv1.2+ setting by default as expected:

08:46:22 DEBUG    sleekxmpp.features.featur Starting TLS
08:46:22 INFO     sleekxmpp.xmlstream.xmlst Negotiating TLS
08:46:22 INFO     sleekxmpp.xmlstream.xmlst Using SSL version: TLSv1
08:46:22 ERROR    sleekxmpp.xmlstream.xmlst CERT: Invalid certificate trust chain.
08:46:22 DEBUG    sleekxmpp.xmlstream.xmlst Event triggered: session_end
08:46:22 DEBUG    sleekxmpp.xmlstream.xmlst Event triggered: disconnected
08:46:22 INFO     errbot.core               Disconnect callback, deactivating all the plugins.
08:46:22 DEBUG    sleekxmpp.thirdparty.stat  ==== TRANSITION connected -> disconnected
08:46:22 ERROR    sleekxmpp.xmlstream.xmlst Can not read from closed socket.
08:46:22 DEBUG    sleekxmpp.xmlstream.xmlst reconnecting...

Here should come the part when I test your PR but how to do it?

sijis commented 5 years ago

Ya, I'm aware of the borked repos domain.

I would expect that I should see something different here: 08:46:22 INFO     sleekxmpp.xmlstream.xmlst Using SSL version: TLSv1. I'd expect TLSv2 or something.

immanuelfodor commented 5 years ago

Of course, this is the previous output, I asked for help how to apply the patch in the repo to the errbot installation to test your changes :) I got this far to be able to try out the original code but the errbot folder according to the official instructions doesn't contain the source code, only the config.py

sijis commented 5 years ago

Ahh. You probably want to follow this article https://help.github.com/en/articles/checking-out-pull-requests-locally.

Once in that branch is checked out, do a reinstall of errbot pip install . and that should have all my changes in that PR.

Let me know if that works.

derek-austin commented 5 years ago

Tried with ejabberd with no luck. If you want to replicate you can copy and paste it in two terminals.

Terminal for ejabberd

mkdir /tmp/fix_xmpp_tls
cd /tmp/fix_xmpp_tls
wget https://raw.githubusercontent.com/rroemhild/docker-ejabberd/master/examples/docker-compose/docker-compose.yml
docker-compose up
# docker-compose down  # When you want to clean

Terminal for ErrBot

# Use root to add example.com to /etc/hosts (remember to clean it afterwards)
echo 127.0.0.1 example.com | sudo tee -a /etc/hosts

cd /tmp/fix_xmpp_tls
pipenv shell
pip install git+https://github.com/sijis/errbot@fix/xmpp_tls sleekxmpp pyasn1 pyasn1-modules
mkdir data_dir
cat > config.py <<\EOF
import logging

BACKEND = 'XMPP'  # defaults to XMPP
BOT_DATA_DIR = '/tmp/fix_xmpp_tls/data_dir'
BOT_EXTRA_PLUGIN_DIR = None
PLUGINS_CALLBACK_ORDER = (None, )
BOT_LOG_FILE = BOT_DATA_DIR + '/err.log'
BOT_LOG_LEVEL = logging.DEBUG
BOT_LOG_SENTRY = False
SENTRY_DSN = ''
SENTRY_LOGLEVEL = BOT_LOG_LEVEL
BOT_IDENTITY = {
    'username': 'admin@example.com',  # The JID of the user you have created for the bot
    'password': 'password4321',       # The corresponding password for this user
    'server': ('127.0.0.1',5222), # server override
}

BOT_ADMINS = ('admin@example.com',)
BOT_ADMINS_NOTIFICATIONS = ('admin@example.com')

DIVERT_TO_PRIVATE = ()
DIVERT_TO_THREAD = ()
CHATROOM_RELAY = {}
REVERSE_CHATROOM_RELAY = {}
import ssl
XMPP_SSL_VERSION = ssl.PROTOCOL_TLSv1_2
EOF

errbot

See the errors

11:02:47 INFO     sleekxmpp.xmlstream.xmlst Using SSL version: TLSv1_2
11:02:47 DEBUG    sleekxmpp.xmlstream.xmlst Event triggered: socket_error
11:02:47 ERROR    sleekxmpp.xmlstream.xmlst Socket Error #2: No such file or directory
11:02:47 DEBUG    sleekxmpp.xmlstream.xmlst reconnecting...

Full log

11:02:38 INFO     errbot.bootstrap          Found Storage plugin: Shelf.
11:02:38 INFO     errbot.bootstrap          Found Backend plugin: XMPP
11:02:38 DEBUG    errbot.storage            Opening storage 'repomgr'
11:02:38 DEBUG    errbot.storage.shelf      Open shelf storage /tmp/fix_xmpp_tls/data_dir/repomgr.db
11:02:38 DEBUG    sleekxmpp.xmlstream.resol Could not find dnspython package. Not all features will be available
11:02:38 DEBUG    errbot.core               ErrBot init.
11:02:38 DEBUG    errbot.backends.base      Backend init.
11:02:38 DEBUG    errbot.core               created a thread pool of size 10.
11:02:38 DEBUG    sleekxmpp.plugins.base    Loaded Plugin: RFC 6120: Stream Feature: STARTTLS
11:02:38 DEBUG    sleekxmpp.plugins.base    Loaded Plugin: RFC 6120: Stream Feature: Resource Binding
11:02:38 DEBUG    sleekxmpp.plugins.base    Loaded Plugin: RFC 3920: Stream Feature: Start Session
11:02:38 DEBUG    sleekxmpp.plugins.base    Loaded Plugin: RFC 6121: Stream Feature: Roster Versioning
11:02:38 DEBUG    sleekxmpp.plugins.base    Loaded Plugin: RFC 6121: Stream Feature: Subscription Pre-Approval
11:02:38 DEBUG    sleekxmpp.plugins.base    Loaded Plugin: RFC 6120: Stream Feature: SASL
11:02:38 DEBUG    sleekxmpp.plugins.base    Loaded Plugin: XEP-0030: Service Discovery
11:02:38 DEBUG    sleekxmpp.plugins.base    Loaded Plugin: XEP-0004: Data Forms
11:02:38 DEBUG    sleekxmpp.plugins.base    Loaded Plugin: XEP-0045: Multi-User Chat
11:02:38 DEBUG    sleekxmpp.plugins.base    Loaded Plugin: XEP-0199: XMPP Ping
11:02:38 DEBUG    sleekxmpp.plugins.base    Loaded Plugin: XEP-0203: Delayed Delivery
11:02:38 DEBUG    sleekxmpp.plugins.base    Loaded Plugin: XEP-0249: Direct MUC Invitations
11:02:38 DEBUG    MARKDOWN                  Successfuly imported extension module "markdown.extensions.smart_strong".
11:02:38 DEBUG    MARKDOWN                  Successfully loaded extension "markdown.extensions.smart_strong.SmartEmphasisExtension".
11:02:38 DEBUG    MARKDOWN                  Successfuly imported extension module "markdown.extensions.fenced_code".
11:02:38 DEBUG    MARKDOWN                  Successfully loaded extension "markdown.extensions.fenced_code.FencedCodeExtension".
11:02:38 DEBUG    MARKDOWN                  Successfuly imported extension module "markdown.extensions.footnotes".
11:02:38 DEBUG    MARKDOWN                  Successfully loaded extension "markdown.extensions.footnotes.FootnoteExtension".
11:02:38 DEBUG    MARKDOWN                  Successfuly imported extension module "markdown.extensions.attr_list".
11:02:38 DEBUG    MARKDOWN                  Successfully loaded extension "markdown.extensions.attr_list.AttrListExtension".
11:02:38 DEBUG    MARKDOWN                  Successfuly imported extension module "markdown.extensions.def_list".
11:02:38 DEBUG    MARKDOWN                  Successfully loaded extension "markdown.extensions.def_list.DefListExtension".
11:02:38 DEBUG    MARKDOWN                  Successfuly imported extension module "markdown.extensions.tables".
11:02:38 DEBUG    MARKDOWN                  Successfully loaded extension "markdown.extensions.tables.TableExtension".
11:02:38 DEBUG    MARKDOWN                  Successfuly imported extension module "markdown.extensions.abbr".
11:02:38 DEBUG    MARKDOWN                  Successfully loaded extension "markdown.extensions.abbr.AbbrExtension".
11:02:38 DEBUG    MARKDOWN                  Successfully loaded extension "markdown.extensions.extra.ExtraExtension".
11:02:39 DEBUG    MARKDOWN                  Successfuly imported extension module "markdown.extensions.smart_strong".
11:02:39 DEBUG    MARKDOWN                  Successfully loaded extension "markdown.extensions.smart_strong.SmartEmphasisExtension".
11:02:39 DEBUG    MARKDOWN                  Successfuly imported extension module "markdown.extensions.fenced_code".
11:02:39 DEBUG    MARKDOWN                  Successfully loaded extension "markdown.extensions.fenced_code.FencedCodeExtension".
11:02:39 DEBUG    MARKDOWN                  Successfuly imported extension module "markdown.extensions.footnotes".
11:02:39 DEBUG    MARKDOWN                  Successfully loaded extension "markdown.extensions.footnotes.FootnoteExtension".
11:02:39 DEBUG    MARKDOWN                  Successfuly imported extension module "markdown.extensions.attr_list".
11:02:39 DEBUG    MARKDOWN                  Successfully loaded extension "markdown.extensions.attr_list.AttrListExtension".
11:02:39 DEBUG    MARKDOWN                  Successfuly imported extension module "markdown.extensions.def_list".
11:02:39 DEBUG    MARKDOWN                  Successfully loaded extension "markdown.extensions.def_list.DefListExtension".
11:02:39 DEBUG    MARKDOWN                  Successfuly imported extension module "markdown.extensions.tables".
11:02:39 DEBUG    MARKDOWN                  Successfully loaded extension "markdown.extensions.tables.TableExtension".
11:02:39 DEBUG    MARKDOWN                  Successfuly imported extension module "markdown.extensions.abbr".
11:02:39 DEBUG    MARKDOWN                  Successfully loaded extension "markdown.extensions.abbr.AbbrExtension".
11:02:39 DEBUG    MARKDOWN                  Successfully loaded extension "markdown.extensions.extra.ExtraExtension".
11:02:39 DEBUG    MARKDOWN                  Successfully loaded extension "errbot.rendering.ansiext.AnsiExtension".
11:02:39 DEBUG    errbot.storage            Opening storage 'core'
11:02:39 DEBUG    errbot.storage.shelf      Open shelf storage /tmp/fix_xmpp_tls/data_dir/core.db
11:02:39 DEBUG    errbot.core               Initializing backend storage
11:02:39 DEBUG    errbot.storage            Opening storage 'xmpp_backend'
11:02:39 DEBUG    errbot.storage.shelf      Open shelf storage /tmp/fix_xmpp_tls/data_dir/xmpp_backend.db
11:02:39 DEBUG    errbot.plugin_manager     New entries added to sys.path:
11:02:39 DEBUG    errbot.plugin_manager     /home/user/.local/share/virtualenvs/fix_xmpp_tls-wuarO-Sf/lib/python3.7/site-packages/errbot/core_plugins
11:02:39 DEBUG    errbot.plugins.Flows      Logger for plugin initialized...
11:02:39 DEBUG    errbot.plugins.Backup     Logger for plugin initialized...
11:02:39 DEBUG    errbot.plugins.TextCmds   Logger for plugin initialized...
11:02:39 DEBUG    errbot.plugins.ACLs       Logger for plugin initialized...
11:02:39 DEBUG    errbot.plugins.Utils      Logger for plugin initialized...
11:02:39 INFO     errbot                    webhooks:  Flag to bind /echo to echo
11:02:39 DEBUG    errbot.plugins.Webserver  Logger for plugin initialized...
11:02:39 DEBUG    errbot.plugins.Health     Logger for plugin initialized...
11:02:39 DEBUG    errbot.plugins.Help       Logger for plugin initialized...
11:02:39 DEBUG    errbot.plugins.CommandNot Logger for plugin initialized...
11:02:39 DEBUG    errbot.plugins.ChatRoom   Logger for plugin initialized...
11:02:39 DEBUG    errbot.plugins.Plugins    Logger for plugin initialized...
11:02:39 DEBUG    errbot.plugins.VersionChe Logger for plugin initialized...
11:02:39 DEBUG    errbot.bootstrap          Start serving commands from the xmpp backend.
11:02:39 DEBUG    sleekxmpp.xmlstream.xmlst Waiting 2.0070348305383776 seconds before connecting.
11:02:41 DEBUG    sleekxmpp.xmlstream.xmlst Connecting to 127.0.0.1:5222
11:02:41 DEBUG    sleekxmpp.xmlstream.xmlst Event triggered: connected
11:02:41 DEBUG    sleekxmpp.thirdparty.stat  ==== TRANSITION disconnected -> connected
11:02:41 DEBUG    sleekxmpp.xmlstream.xmlst Starting HANDLER THREAD
11:02:41 DEBUG    sleekxmpp.xmlstream.xmlst Loading event runner
11:02:41 DEBUG    sleekxmpp.xmlstream.xmlst SEND (IMMED): <stream:stream to='example.com' xmlns:stream='http://etherx.jabber.org/streams' xmlns='jabber:client' xml:lang='en' version='1.0'>
11:02:41 DEBUG    sleekxmpp.xmlstream.xmlst RECV: <stream:stream id="16712131599345633281" version="1.0" xml:lang="en" from="example.com">
11:02:41 DEBUG    sleekxmpp.xmlstream.xmlst RECV: <stream:features xmlns="http://etherx.jabber.org/streams"><starttls xmlns="urn:ietf:params:xml:ns:xmpp-tls"><required /></starttls></stream:features>
11:02:41 DEBUG    sleekxmpp.xmlstream.xmlst SEND (IMMED): <starttls xmlns="urn:ietf:params:xml:ns:xmpp-tls"><required /></starttls>
11:02:41 DEBUG    sleekxmpp.xmlstream.xmlst RECV: <proceed xmlns="urn:ietf:params:xml:ns:xmpp-tls" />
11:02:41 DEBUG    sleekxmpp.features.featur Starting TLS
11:02:41 INFO     sleekxmpp.xmlstream.xmlst Negotiating TLS
11:02:41 INFO     sleekxmpp.xmlstream.xmlst Using SSL version: TLSv1_2
11:02:41 DEBUG    sleekxmpp.xmlstream.xmlst Event triggered: socket_error
11:02:41 ERROR    sleekxmpp.xmlstream.xmlst Socket Error #2: No such file or directory
11:02:41 DEBUG    sleekxmpp.xmlstream.xmlst reconnecting...
11:02:41 DEBUG    sleekxmpp.xmlstream.xmlst Event triggered: session_end
11:02:41 DEBUG    sleekxmpp.xmlstream.xmlst SEND (IMMED): </stream:stream>
11:02:41 INFO     sleekxmpp.xmlstream.xmlst Waiting for </stream:stream> from server
11:02:45 DEBUG    sleekxmpp.xmlstream.xmlst Event triggered: disconnected
11:02:45 INFO     errbot.core               Disconnect callback, deactivating all the plugins.
11:02:45 DEBUG    sleekxmpp.thirdparty.stat  ==== TRANSITION connected -> disconnected
11:02:45 DEBUG    sleekxmpp.xmlstream.xmlst connecting...
11:02:45 DEBUG    sleekxmpp.xmlstream.xmlst Waiting 1.7960361586447962 seconds before connecting.
11:02:47 DEBUG    sleekxmpp.xmlstream.xmlst Connecting to 127.0.0.1:5222
11:02:47 DEBUG    sleekxmpp.xmlstream.xmlst Event triggered: connected
11:02:47 DEBUG    sleekxmpp.thirdparty.stat  ==== TRANSITION disconnected -> connected
11:02:47 DEBUG    sleekxmpp.xmlstream.xmlst SEND (IMMED): <stream:stream to='example.com' xmlns:stream='http://etherx.jabber.org/streams' xmlns='jabber:client' xml:lang='en' version='1.0'>
11:02:47 DEBUG    sleekxmpp.xmlstream.xmlst RECV: <stream:stream id="3348786925417571841" version="1.0" xml:lang="en" from="example.com">
11:02:47 DEBUG    sleekxmpp.xmlstream.xmlst RECV: <stream:features xmlns="http://etherx.jabber.org/streams"><starttls xmlns="urn:ietf:params:xml:ns:xmpp-tls"><required /></starttls></stream:features>
11:02:47 DEBUG    sleekxmpp.xmlstream.xmlst SEND (IMMED): <starttls xmlns="urn:ietf:params:xml:ns:xmpp-tls"><required /></starttls>
11:02:47 DEBUG    sleekxmpp.xmlstream.xmlst RECV: <proceed xmlns="urn:ietf:params:xml:ns:xmpp-tls" />
11:02:47 DEBUG    sleekxmpp.features.featur Starting TLS
11:02:47 INFO     sleekxmpp.xmlstream.xmlst Negotiating TLS
11:02:47 INFO     sleekxmpp.xmlstream.xmlst Using SSL version: TLSv1_2
11:02:47 DEBUG    sleekxmpp.xmlstream.xmlst Event triggered: socket_error
11:02:47 ERROR    sleekxmpp.xmlstream.xmlst Socket Error #2: No such file or directory
11:02:47 DEBUG    sleekxmpp.xmlstream.xmlst reconnecting...
11:02:47 DEBUG    sleekxmpp.xmlstream.xmlst Event triggered: session_end
11:02:47 DEBUG    sleekxmpp.xmlstream.xmlst SEND (IMMED): </stream:stream>
11:02:47 INFO     sleekxmpp.xmlstream.xmlst Waiting for </stream:stream> from server
11:02:51 DEBUG    sleekxmpp.xmlstream.xmlst Event triggered: disconnected
11:02:51 INFO     errbot.core               Disconnect callback, deactivating all the plugins.
11:02:51 DEBUG    sleekxmpp.thirdparty.stat  ==== TRANSITION connected -> disconnected
11:02:51 DEBUG    sleekxmpp.xmlstream.xmlst connecting...
11:02:51 DEBUG    sleekxmpp.xmlstream.xmlst Waiting 2.4172025804056685 seconds before connecting.
^C11:02:51 DEBUG    errbot.backends.xmpp      Trigger disconnect callback
11:02:51 DEBUG    sleekxmpp.xmlstream.xmlst Stopped event runner thread. 2 threads remain.
11:02:51 INFO     errbot.core               Disconnect callback, deactivating all the plugins.
11:02:51 DEBUG    errbot.backends.xmpp      Trigger shutdown
11:02:51 DEBUG    errbot.storage            Closed storage 'xmpp_backend'
11:02:51 INFO     errbot.plugin_manager     Shutdown.
11:02:51 DEBUG    errbot.storage            Closed storage 'core'
11:02:51 INFO     errbot.plugin_manager     Bye.
11:02:51 DEBUG    errbot.storage            Closed storage 'repomgr'
11:02:51 INFO     errbot.cli                Process exiting
11:02:51 DEBUG    sleekxmpp.xmlstream.xmlst Stopped send thread. 1 threads remain.
11:02:52 DEBUG    sleekxmpp.xmlstream.sched Quitting Scheduler thread
11:02:52 DEBUG    sleekxmpp.xmlstream.xmlst Stopped scheduler thread. 0 threads remain.
immanuelfodor commented 5 years ago

FYI, my test was with Prosody, and later I successfully configured errbot after reading the docs, etc. so it seems it's stable only Prosody (?)

gbin commented 4 years ago

thanks everyone