meduketto / iksemel

Automatically exported from code.google.com/p/iksemel
GNU Lesser General Public License v2.1
32 stars 25 forks source link

TSL negotiation failed with OpenSSL and GnuTLS #36

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago
What steps will reproduce the problem?
1.
Current iksemel (trunk) was used for testing against Openfire and Google Talk 
XMPP servers.
2.
The test was performed with iksroster tool with argument -s for secure session. 
The XMPP server requires TLS.
3.
The TLS negotiation failed with both servers.
The TLS negotiation failed with iksemel library configured for
using GnuTLS and also failed with configured with OpenSSL.

In both cases the "TLS handshake" is done without errors
( at leasst no function call return error ), but the first 

read request over secured channel fails.

What is the expected output? What do you see instead?
Expected is the TLS/SALS negotioation is done, instead all combiations of libs 
(GnuTSL and OpenSSL) and destination servers
(Openfire and GoogleTalk) failed.

What version of the product are you using? On what operating system?
iksemel latest version 1.4+ from git repository.
OS, ubuntu 2.6.38-14 and embeded linux an ARM => same faulure

Please provide any additional information below.

Following, both sessions output for OpenSSL and GnuTLS sessions:

--------------------------------------------------------------------
OpenSSL:

SEND[<?xml version='1.0'?><stream:stream 
xmlns:stream='http://etherx.jabber.org/streams' xmlns='jabber:client' 
to='10.90.6.140' version='1.0'>]
RECV[<?xml version='1.0' encoding='UTF-8'?><stream:stream 
xmlns:stream="http://etherx.jabber.org/streams" xmlns="jabber:client" 
from="10.90.6.140" id="a73cb530" xml:lang="en" 
version="1.0"><stream:features><starttls 
xmlns="urn:ietf:params:xml:ns:xmpp-tls"><required/></starttls><mechanisms 
xmlns="urn:ietf:params:xml:ns:xmpp-sasl"><mechanism>DIGEST-MD5</mechanism><mecha
nism>PLAIN</mechanism><mechanism>ANONYMOUS</mechanism><mechanism>CRAM-MD5</mecha
nism></mechanisms></stream:features>]
SEND[<starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'/>]
RECV[<proceed xmlns="urn:ietf:params:xml:ns:xmpp-tls"/>]
TLS OPENSSL: tls_handshake
TLS OPENSSL: my_bio_write: 95 bytes

16 03 01 00 5a 01 00 00 56 03 01 4f ac fc 55 27 
78 32 6d 01 99 c1 09 b0 12 61 e3 30 96 68 bc 73 
e6 19 69 a0 8a 36 80 47 34 1f d0 00 00 28 00 39 
00 38 00 35 00 16 00 13 00 0a 00 33 00 32 00 2f 
00 05 00 04 00 15 00 12 00 09 00 14 00 11 00 08 
00 06 00 03 00 ff 02 01 00 00 04 00 23 00 00 
TLS OPENSSL: tls_send: [<?xml version='1.0'?><stream:stream 
xmlns:stream='http://etherx.jabber.org/streams' xmlns='jabber:client' 
to='10.90.6.140' version='1.0'>] 137 bytes
TLS OPENSSL: my_bio_write: 95 bytes

16 03 01 00 5a 01 00 00 56 03 01 4f ac fc 55 27 
78 32 6d 01 99 c1 09 b0 12 61 e3 30 96 68 bc 73 
e6 19 69 a0 8a 36 80 47 34 1f d0 00 00 28 00 39 
00 38 00 35 00 16 00 13 00 0a 00 33 00 32 00 2f 
00 05 00 04 00 15 00 12 00 09 00 14 00 11 00 08 
00 06 00 03 00 ff 02 01 00 00 04 00 23 00 00 
TLS OPENSSL: tls_recv
TLS OPENSSL: my_bio_write: 95 bytes

16 03 01 00 5a 01 00 00 56 03 01 4f ac fc 55 27 
78 32 6d 01 99 c1 09 b0 12 61 e3 30 96 68 bc 73 
e6 19 69 a0 8a 36 80 47 34 1f d0 00 00 28 00 39 
00 38 00 35 00 16 00 13 00 0a 00 33 00 32 00 2f 
00 05 00 04 00 15 00 12 00 09 00 14 00 11 00 08 
00 06 00 03 00 ff 02 01 00 00 04 00 23 00 00 

TLS OPENSSL: tls_recv: SSl_read result 1 <== SSL_ERROR_SSL

iksroster: io error

--------------------------------------------------------------------
GnuTLS:

SEND[<?xml version='1.0'?><stream:stream 
xmlns:stream='http://etherx.jabber.org/streams' xmlns='jabber:client' 
to='10.90.6.140' version='1.0'>]
RECV[<?xml version='1.0' encoding='UTF-8'?><stream:stream 
xmlns:stream="http://etherx.jabber.org/streams" xmlns="jabber:client" 
from="10.90.6.140" id="2cb01145" xml:lang="en" 
version="1.0"><stream:features><starttls 
xmlns="urn:ietf:params:xml:ns:xmpp-tls"><required/></starttls><mechanisms 
xmlns="urn:ietf:params:xml:ns:xmpp-sasl"><mechanism>DIGEST-MD5</mechanism><mecha
nism>PLAIN</mechanism><mechanism>ANONYMOUS</mechanism><mechanism>CRAM-MD5</mecha
nism></mechanisms></stream:features>]
SEND[<starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'/>]
RECV[<proceed xmlns="urn:ietf:params:xml:ns:xmpp-tls"/>]
TLS GNUTLS: tls_handshake
TLS GNUTLS: tls_push: 55 bytes

16 03 01 00 32 01 00 00 2e 03 01 4f ad 00 10 ab 
f2 66 d9 3f e2 d2 60 15 95 ef f5 c2 c7 c7 19 14 
91 dd c2 f3 5f 38 93 4f 71 ef a5 00 00 06 00 0a 
00 05 00 04 02 01 00 

TLS GNUTLS: tls_pull

16 03 01 03 34 

TLS GNUTLS: tls_pull

02 00 00 46 03 01 4f ad 00 10 c3 80 19 37 6a 4c 
97 a3 19 a4 e6 a4 f9 f6 6d e9 37 c0 a5 53 e8 f7 
f3 ee dd 9e 1f b1 20 4f ad 00 10 96 31 0b 0f e8 
82 4a 50 c7 7f f1 42 36 45 98 81 ef 05 f5 8e 10 
9b e1 7a ab be 58 f5 00 0a 00 0b 00 02 e2 00 02 
df 00 02 dc 30 82 02 d8 30 82 01 c0 a0 03 02 01 
02 02 08 67 bd 0d b9 b4 2c 66 23 30 0d 06 09 2a 
86 48 86 f7 0d 01 01 05 05 00 30 16 31 14 30 12 
06 03 55 04 03 0c 0b 31 30 2e 39 30 2e 36 2e 31 
34 30 30 1e 17 0d 31 32 30 32 31 30 31 31 30 30 
35 38 5a 17 0d 31 37 30 31 31 34 31 31 30 30 35 
38 5a 30 16 31 14 30 12 06 03 55 04 03 0c 0b 31 
30 2e 39 30 2e 36 2e 31 34 30 30 82 01 22 30 0d 
06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 
0f 00 30 82 01 0a 02 82 01 01 00 c7 da cc cf 72 
8c 85 75 03 ee 1b 90 90 8f cd f2 db a0 14 fc bc 
ed 74 28 a5 21 e0 52 7f f6 41 45 fa 17 95 f9 16 
02 6b c4 e7 93 f2 3c be a8 34 ab b5 79 12 28 ba 
39 43 18 44 4a bf a1 ac 43 7a 94 7b 9f c9 4d 00 
bb 93 c0 dd 70 e3 b4 75 b4 3e 33 b5 a0 24 67 d0 
a3 52 43 60 89 5c 4b ce b3 be fa 4c 80 6e fa 87 
5d bf c9 d6 e7 35 44 36 88 aa ef f8 50 a3 3d 16 
bd 12 28 59 8d 0d fa 1d f8 64 03 b4 96 2e ff 56 
41 17 93 44 cf 7a 75 42 f9 c8 2d b2 4c 1b 12 35 
fb 1d 45 e0 62 5b 1a d1 4b d3 4b 91 94 49 74 4a 
24 1e 58 06 d5 06 f2 87 ab eb 44 06 6f 4d 6d d8 
6d eb b3 22 68 37 7b 8b cc f5 18 5b 39 1b 8d 07 
da 7f 53 a6 99 7e 78 56 64 ad 5c c4 94 a7 d3 3e 
a4 c9 d2 37 c6 3c 73 49 60 54 ea 40 ef 41 ff 32 
d7 77 6b ab b9 0b bd f7 72 50 fc ca 7a 26 34 43 
99 79 60 5f ec 32 3c 0b 51 64 cb 02 03 01 00 01 
a3 2a 30 28 30 26 06 03 55 1d 11 04 1f 30 1d a0 
1b 06 08 2b 06 01 05 05 07 08 05 a0 0f 0c 0d 2a 
2e 31 30 2e 39 30 2e 36 2e 31 34 30 30 0d 06 09 
2a 86 48 86 f7 0d 01 01 05 05 00 03 82 01 01 00 
70 fe fb a5 9e 0c 6f 51 4c 4e b9 e9 fa 4f 75 b6 
ec da 25 c7 e5 c0 13 6e 99 0a 08 67 f9 e1 48 dd 
19 62 7d 94 eb 86 bd 41 6d c8 ae e6 06 1b 98 44 
77 b6 8c 1a d8 6d bc b0 ee e8 2b bf a8 99 10 2a 
ce cc e3 81 ee 0f 7a 41 f6 27 3c c8 9a b9 32 0c 
48 7d 33 09 ce af b2 5a 13 01 d0 a7 b4 f9 80 96 
20 8b 87 95 cc 67 78 b6 e5 68 6a e5 27 7c 15 39 
15 54 b3 82 9e b0 27 c4 fe 72 9e 6b e2 c7 54 5e 
41 b3 f6 dc 00 ff 7d 1a 3d 82 cd 8c fc b3 96 8f 
f1 f3 46 5e 8d 62 33 3f c2 ab 78 66 b9 00 51 88 
ee 0a 2b 99 95 46 9d 4b e8 94 fe f8 e2 39 88 0e 
57 30 b0 31 93 89 ed c8 08 05 2e 76 08 92 99 3a 
10 40 79 70 b3 e7 70 a3 c6 c4 af 06 60 81 60 64 
2f 5b 09 99 f0 d2 fa c0 17 5f ac 85 d5 04 38 e1 
6f 8b 7f 97 1f 0d 90 57 e5 df bd 2d 31 f3 55 85 
86 d2 6b b0 3a 29 4e 18 e5 b6 a4 b8 3d 5a 0c 7b 
0e 00 00 00 

TLS GNUTLS: tls_push: 267 bytes

16 03 01 01 06 10 00 01 02 01 00 53 c6 71 b0 a9 
e9 9d 5e 73 e6 0a bd 45 e2 88 5b 8b 52 38 d4 4e 
6c d4 ef 49 db dd e1 3c 33 65 1b 03 5d 51 36 74 
bc d3 7e a8 d2 7b 82 95 4a a4 b8 a3 18 88 4a 5a 
68 ac 47 87 3f cd 50 c3 24 c2 43 26 d3 08 06 d1 
cd bc 34 c8 bc 67 7d 68 e3 95 b0 51 4c 6e cf 8c 
81 6d 48 54 2c 2e 8d 74 1f ac 29 69 c4 8f e7 c6 
80 98 7a bb 7b fd 0b 38 10 87 5c 84 23 75 e6 19 
0d e2 74 02 17 ff aa b6 81 a8 e7 55 ea e5 b6 ea 
87 74 f6 bf 8b 12 4b e4 99 06 3b 06 27 12 e3 16 
9a 8b d9 c4 01 ca d2 b3 2f eb 74 11 72 5a 71 9a 
a9 80 81 53 bc 12 26 70 17 22 00 da 79 1f 85 f2 
16 cf 80 d8 2b d9 8a ba 06 a4 e0 6e f1 9e 93 6f 
06 85 65 88 2d 3b 81 e3 3c f2 b4 e5 49 27 9d 67 
85 de 89 c4 53 d3 a8 78 b8 15 0d 5f 8f a5 37 c8 
92 c2 98 48 17 32 e5 b5 07 25 69 21 6a e8 5a d5 
13 9b 26 75 59 a3 33 3e e3 e7 b2 

TLS GNUTLS: tls_push: 6 bytes

14 03 01 00 01 01 

TLS GNUTLS: tls_push: 45 bytes

16 03 01 00 28 f5 75 44 9f b3 df 21 cf 2f e2 9d 
4e 61 b3 b6 4d 0b ca bf 00 42 8d af 0c 37 62 fa 
97 58 25 d4 9e e3 e8 a5 cb 12 1d 7d f7 

TLS GNUTLS: tls_pull

14 03 01 00 01 

TLS GNUTLS: tls_pull

01 

TLS GNUTLS: tls_pull

16 03 01 00 28 

TLS GNUTLS: tls_pull

09 a7 ef c6 01 2a e8 80 1f 0f 73 30 df 89 44 7f 
a8 c6 c2 7c e8 f7 c2 8f f6 9f d7 62 e5 5d e9 e0 
47 6c c5 17 e6 3f 8c 58 

TLS GNUTLS: tls_send: [<?xml version='1.0'?><stream:stream 
xmlns:stream='http://etherx.jabber.org/streams' xmlns='jabber:client' 
to='10.90.6.140' version='1.0'>] 137 bytes
TLS GNUTLS: tls_push: 253 bytes

17 03 01 00 f8 d4 75 17 4a 71 d4 1b f7 6e 5d 66 
32 61 b6 c6 df a0 de 75 2b b9 74 93 52 8e ba ab 
7f 66 a2 d4 5c eb 27 c7 03 ba 20 1a d6 7f d2 e9 
03 81 ee e5 59 9a 75 0f df 65 ee 0e de af 2f f5 
44 f2 7d 18 e7 4a 56 3c ca 21 4f d0 92 8e 71 7c 
d8 29 06 88 b0 d0 b0 54 bc a6 0f 7f c3 4d 79 f4 
c9 98 f7 b8 53 f0 7f 67 57 e6 d3 3e 0a 70 53 54 
c4 bd 9b 39 b6 d9 9f ad 1f aa f9 a0 e3 82 41 ad 
43 06 62 7d c8 14 3c 6c 6f bc 3b 54 ab 8e c6 f8 
f4 da a5 ab f2 28 c5 22 8f 08 b9 97 35 d5 11 5e 
68 3f 03 26 27 37 ba af e5 36 f5 9a 5e 6b a8 8d 
5d 02 45 69 5f 42 90 3e c0 f1 ba 60 e0 d3 1d f8 
8e 44 5d a8 00 0c ba 48 3e 42 e4 d3 41 be 57 7a 
55 4d 5a 35 65 db b0 b9 1c ff 0c a1 3f ca 8c c4 
25 42 26 46 ae a5 aa cc ac c7 43 74 41 26 51 c3 
45 44 25 c3 68 48 9d 77 bc df af b2 16 

SecSEND[<?xml version='1.0'?><stream:stream 
xmlns:stream='http://etherx.jabber.org/streams' xmlns='jabber:client' 
to='10.90.6.140' version='1.0'>]
TLS GNUTLS: tls_recv
TLS GNUTLS: tls_pull

16 03 01 00 28 

TLS GNUTLS: tls_recv: ret: -9 <== GNUTLS_E_UNEXPECTED_PACKET_LENGTH /* 
GNUTLS_A_RECORD_OVERFLOW */

iksroster: io error

Original issue reported on code.google.com by client.n...@googlemail.com on 11 May 2012 at 12:46