noobIOSCoder / xmpphp

Automatically exported from code.google.com/p/xmpphp
0 stars 0 forks source link

Should specify TLS checks #7

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago
{{
$c=array('tls'=>array(  'verify_peer'       =>false,
            'allow_self_signed' =>true
            )
    );
stream_context_create($c)
}}

Original issue reported on code.google.com by nathanfr...@gmail.com on 10 Apr 2008 at 9:59

GoogleCodeExporter commented 9 years ago
i have a problem on TLS.
on my debian when i call via php-cli:

stream_socket_enable_crypto($this->socket, True, 
STREAM_CRYPTO_METHOD_TLS_CLIENT);

the system stop for 4 second and then try to reconnect.
There are some problem with my ssl?

System Debian
PHP 5.2.5
OpenSSL 0.9.8g 19 Oct 2007 

How can i fix this?
thank you

Original comment by giordano...@gmail.com on 11 Apr 2008 at 5:00

GoogleCodeExporter commented 9 years ago
I have the same problem :
Debian Lenny
Apache 2.2.8-3
PHP 5.2.5-3
OpenSSL 0.9.8g-8

Verbose log with time :
1208017125 INFO   : Connecting to tcp://talk.google.com:5222
1208017125 VERBOSE: SENT: <stream:stream to="gmail.com"
xmlns:stream="http://etherx.jabber.org/streams" xmlns="jabber:client" 
version="1.0">
<br/>Connected<br/>1208017125 VERBOSE: RECV: <?xml version="1.0"
encoding="UTF-8"?><stream:stream from="gmail.com" id="E79DDCBB3114783C" 
version="1.0"
xmlns:stream="http://etherx.jabber.org/streams" xmlns="jabber:client">
1208017125 VERBOSE: RECV: <stream:features><starttls
xmlns="urn:ietf:params:xml:ns:xmpp-tls"><required/></starttls><mechanisms
xmlns="urn:ietf:params:xml:ns:xmpp-sasl"><mechanism>X-GOOGLE-TOKEN</mechanism></
mechanisms></stream:features>
1208017125 DEBUG  : Calling features_handler
1208017125 VERBOSE: SENT: <starttls 
xmlns='urn:ietf:params:xml:ns:xmpp-tls'><required
/></starttls>
1208017125 VERBOSE: RECV: <proceed xmlns="urn:ietf:params:xml:ns:xmpp-tls"/>
1208017125 DEBUG  : Calling tls_proceed_handler
_ 1208017125 INFO   : Starting TLS encryption
_ 1208017145 INFO   : stream_socket_enable_crypto Done
1208017145 VERBOSE: SENT: <stream:stream to="gmail.com"
xmlns:stream="http://etherx.jabber.org/streams" xmlns="jabber:client" 
version="1.0">

1208017145 WARNING: Reconnecting...
1208017145 INFO   : Connecting to tcp://talk.google.com:5222
1208017145 VERBOSE: SENT: <stream:stream to="gmail.com"
xmlns:stream="http://etherx.jabber.org/streams" xmlns="jabber:client" 
version="1.0">
1208017145 VERBOSE: RECV: 
1208017145 VERBOSE: RECV: <?xml version="1.0" encoding="UTF-8"?><stream:stream
from="gmail.com" id="32EAB152B2C06914" version="1.0"
xmlns:stream="http://etherx.jabber.org/streams" xmlns="jabber:client">
1208017145 VERBOSE: RECV: <stream:features><starttls
xmlns="urn:ietf:params:xml:ns:xmpp-tls"><required/></starttls><mechanisms
xmlns="urn:ietf:params:xml:ns:xmpp-sasl"><mechanism>X-GOOGLE-TOKEN</mechanism></
mechanisms></stream:features>
1208017145 DEBUG  : Calling features_handler
1208017145 VERBOSE: SENT: <starttls 
xmlns='urn:ietf:params:xml:ns:xmpp-tls'><required
/></starttls>
1208017145 VERBOSE: RECV: <proceed xmlns="urn:ietf:params:xml:ns:xmpp-tls"/>
1208017145 DEBUG  : Calling tls_proceed_handler
1208017145 INFO   : Starting TLS encryption

Flachy Joe
My current project is TERMIt : multi protocol instant-messaging bot cf.
http://termit.tuxfamily.org

Original comment by flachy...@gmail.com on 12 Apr 2008 at 4:25

GoogleCodeExporter commented 9 years ago
It's Ok when using SSLv23 encryption.

//file xmpp.php, function tls_proceed_handler()
stream_socket_enable_crypto($this->socket, True, 
STREAM_CRYPTO_METHOD_SSLv23_CLIENT);

//file xmlstream.php, function processUntil(), afetr $buff = 
@fread($this->socket, 1024);
@openssl_open($buff, $buff, null, null);

Original comment by flachy...@gmail.com on 13 Apr 2008 at 11:39

GoogleCodeExporter commented 9 years ago
@flachyjoe thank you, work for me now.

Original comment by giordano...@gmail.com on 14 Apr 2008 at 9:09

GoogleCodeExporter commented 9 years ago
The error you guys are talking about is actually issue #8, which has been fixed 
in
SVN.  IT will be fixed in the next release.  Thanks for the SSLv23 hint.

Original comment by nathanfr...@gmail.com on 16 Apr 2008 at 9:57

GoogleCodeExporter commented 9 years ago
Im still getting Warning: stream_socket_enable_crypto() [streams.crypto]: this 
stream
does not support SSL/crypto in /home/xxxxxx/public_html/xmpphp/xmpp.php on line 
140
even when the code has 

stream_socket_enable_crypto($this->socket, True, 
STREAM_CRYPTO_METHOD_SSLv23_CLIENT);

what could it be?

Original comment by trogs...@gmail.com on 30 Apr 2008 at 12:20

GoogleCodeExporter commented 9 years ago
you don't have openssl enabled or compiled into PHP.

Original comment by nathanfr...@gmail.com on 30 Apr 2008 at 12:50

GoogleCodeExporter commented 9 years ago
Apache Version  Apache/1.3.41 (Unix) PHP/5.2.5 mod_log_bytes/1.2 
mod_bwlimited/1.4
mod_auth_passthrough/1.8 FrontPage/5.0.2.2635 mod_ssl/2.8.31 OpenSSL/0.9.7a

thats not enought? im not sure if i have it compiled into php but im sure its 
there lol

Original comment by trogs...@gmail.com on 30 Apr 2008 at 3:45

GoogleCodeExporter commented 9 years ago
mod_ssl is for Apache, not PHP5.  You need to compile it in, or enable it in 
your php.ini

Original comment by nathanfr...@gmail.com on 27 May 2008 at 11:21

GoogleCodeExporter commented 9 years ago
I get following errors
even when openssl is enabled on my server wamp.

Original comment by derek.jo...@gmail.com on 31 Jul 2008 at 10:01

Attachments:

GoogleCodeExporter commented 9 years ago
I'm not sure if its related, but when I try to connect using old SSL (5223) to 
(for 
example) Google Talk or whatever else server, it just keeps reconnecting me.
I think that it happens in xmlstream.php / __process()
verbose loging doesn't give any meaningfull output,
just sends
<stream:stream to="some_server(edited_by_me)" 
xmlns:stream="http://etherx.jabber.org/
streams" xmlns="jabber:client" version="1.0">
and reconnects afterwards

Can any1 help me with this? I need to connect to such a jabber server (not 
exactly 
gtalk, but it also provides this old SSL, so its good testing ground).

ps. Perhaps all sent data to such a server needs to be encrypted? But it isn't?

Original comment by paz...@gmail.com on 18 Aug 2008 at 2:11

GoogleCodeExporter commented 9 years ago
This task got off track

Original comment by nathanfr...@gmail.com on 26 Nov 2008 at 9:59