<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">

<html lang="en">

<head>

<meta content="text/html; charset=US-ASCII" http-equiv="Content-Type">

<title>

GitLab

</title>

<style>img {

max-width: 100%; height: auto;

}

</style>

</head>

<body>

<div class="content">

<div></div>

<h2 dir="auto">

<a id="user-content-description-of-problem" class="anchor" href="#description-of-problem" aria-hidden="true"></a>Description of problem:</h2>

<p dir="auto">When speaking XMPP, it doesn't connect to a server and timeouts while waiting for the text <code><proceed</code>. It's just confused because the server sends a first line (<code><stream:features></code>) and then the <code><proceed</code> in a 2nd line, but XMPP doesn't understand the first line and just waits some seconds and complains that it didn't see <code><proceed</code>.</p>

<p dir="auto">This made my emacs-jabber not connect to my Jabber account (at jabberes.org), for some years already.</p>

<h2 dir="auto">

<a id="user-content-version-of-gnutls-used" class="anchor" href="#version-of-gnutls-used" aria-hidden="true"></a>Version of gnutls used:</h2>

<p dir="auto">3.6.6</p>

<h2 dir="auto">

<a id="user-content-distributor-of-gnutls-eg-ubuntu-fedora-rhel" class="anchor" href="#distributor-of-gnutls-eg-ubuntu-fedora-rhel" aria-hidden="true"></a>Distributor of gnutls (e.g., Ubuntu, Fedora, RHEL)</h2>

<p dir="auto">Devuan</p>

<h2 dir="auto">

<a id="user-content-how-reproducible" class="anchor" href="#how-reproducible" aria-hidden="true"></a>How reproducible:</h2>

<p dir="auto">Steps to reproduce: just run the command in the „actual results“ below.</p>

<h2 dir="auto">

<a id="user-content-actual-results" class="anchor" href="#actual-results" aria-hidden="true"></a>Actual results:</h2>

<pre class="code highlight js-syntax-highlight plaintext" lang="plaintext" v-pre="true"><code><span id="LC1" class="line" lang="plaintext">$ gnutls-cli -p 5222 jabberes.org  --starttls-proto=xmpp -V                       </span>

<span id="LC2" class="line" lang="plaintext">Processed 120 CA certificate(s).</span>

<span id="LC3" class="line" lang="plaintext">Resolving 'jabberes.org:5222'...</span>

<span id="LC4" class="line" lang="plaintext">Connecting to '95.211.10.153:5222'...</span>

<span id="LC5" class="line" lang="plaintext">Negotiating XMPP STARTTLS</span>

<span id="LC6" class="line" lang="plaintext">starttls: sending: <stream:stream xmlns:stream='http://etherx.jabber.org/streams' xmlns='jabber:client' to='jabberes.org' version='1.0'></span>

<span id="LC7" class="line" lang="plaintext"></span>

<span id="LC8" class="line" lang="plaintext">starttls: waiting for: "<?"</span>

<span id="LC9" class="line" lang="plaintext">starttls: received: <?xml version='1.0'?><stream:stream xmlns='jabber:client' xmlns:stream='http://etherx.jabber.org/streams' id='2255077113' from='jabberes.org' version='1.0' xml:lang='es'></span>

<span id="LC10" class="line" lang="plaintext">starttls: sending: <starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'/></span>

<span id="LC11" class="line" lang="plaintext">starttls: waiting for: "<proceed"</span>

<span id="LC12" class="line" lang="plaintext">starttls: received: <stream:features><starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'/><mechanisms xmlns='urn:ietf:params:xml:ns:xmpp-sasl'><mechanism>PLAIN</mechanism><mechanism>DIGEST-MD5</mechanism><mechanism>SCRAM-SHA-1</mechanism></mechanisms><c xmlns='http://jabber.org/protocol/caps' hash='sha-1' node='http://www.process-one.net/en/ejabberd/' ver='VX1ZxJXED0Sme0Unk3GOZrknLy0='/><register xmlns='http://jabber.org/features/iq-register'/></stream:features></span>

<span id="LC13" class="line" lang="plaintext">starttls: received: <proceed xmlns='urn:ietf:params:xml:ns:xmpp-tls'/></span>

<span id="LC14" class="line" lang="plaintext">error receiving <proceed: Success</span>

<span id="LC15" class="line" lang="plaintext">$</span></code></pre>

<h2 dir="auto">

<a id="user-content-expected-results" class="anchor" href="#expected-results" aria-hidden="true"></a>Expected results:</h2>

<p dir="auto">It shouldn't fail, it should connect. If I apply the patch posted below, I can correctly connect (also from Emacs after making it use my version with <code>(setq tls-program '("gnutls-cli-with-my-patch --x509cafile %t -p %p %h --starttls-proto=xmpp"))</code>…)

The output is then:</p>

<pre class="code highlight js-syntax-highlight plaintext" lang="plaintext" v-pre="true"><code><span id="LC1" class="line" lang="plaintext">$ gnutls-cli-with-my-patch -p 5222 jabberes.org  --starttls-proto=xmpp -V </span>

<span id="LC2" class="line" lang="plaintext">Processed 120 CA certificate(s).</span>

<span id="LC3" class="line" lang="plaintext">Resolving 'jabberes.org:5222'...</span>

<span id="LC4" class="line" lang="plaintext">Connecting to '95.211.10.153:5222'...</span>

<span id="LC5" class="line" lang="plaintext">Negotiating XMPP STARTTLS</span>

<span id="LC6" class="line" lang="plaintext">starttls: sending: <stream:stream xmlns:stream='http://etherx.jabber.org/streams' xmlns='jabber:client' to='jabberes.org' version='1.0'></span>

<span id="LC7" class="line" lang="plaintext"></span>

<span id="LC8" class="line" lang="plaintext">starttls: waiting for: "<?"</span>

<span id="LC9" class="line" lang="plaintext">starttls: received: <?xml version='1.0'?><stream:stream xmlns='jabber:client' xmlns:stream='http://etherx.jabber.org/streams' id='1876947985' from='jabberes.org' version='1.0' xml:lang='es'></span>

<span id="LC10" class="line" lang="plaintext">starttls: sending: <starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'/></span>

<span id="LC11" class="line" lang="plaintext">starttls: waiting for: "<stream:"</span>

<span id="LC12" class="line" lang="plaintext">starttls: received: <stream:features><starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'/><mechanisms xmlns='urn:ietf:params:xml:ns:xmpp-sasl'><mechanism>PLAIN</mechanism><mechanism>DIGEST-MD5</mechanism><mechanism>SCRAM-SHA-1</mechanism></mechanisms><c xmlns='http://jabber.org/protocol/caps' hash='sha-1' node='http://www.process-one.net/en/ejabberd/' ver='VX1ZxJXED0Sme0Unk3GOZrknLy0='/><register xmlns='http://jabber.org/features/iq-register'/></stream:features></span>

<span id="LC13" class="line" lang="plaintext">starttls: waiting for: "<proceed"</span>

<span id="LC14" class="line" lang="plaintext">starttls: received: <proceed xmlns='urn:ietf:params:xml:ns:xmpp-tls'/></span>

<span id="LC15" class="line" lang="plaintext">- Certificate type: X.509</span>

<span id="LC16" class="line" lang="plaintext">- Got a certificate list of 2 certificates.</span>

<span id="LC17" class="line" lang="plaintext">- Certificate[0] info:</span>

<span id="LC18" class="line" lang="plaintext"> - X.509 Certificate Information:</span>

<span id="LC19" class="line" lang="plaintext">      Version: 3</span>

<span id="LC20" class="line" lang="plaintext">      Serial Number (hex): 03e952752ec04bfcc10054d9701f6b98b2db</span>

<span id="LC21" class="line" lang="plaintext">      Issuer: CN=Let's Encrypt Authority X3,O=Let's Encrypt,C=US</span>

<span id="LC22" class="line" lang="plaintext">      Validity:</span>

<span id="LC23" class="line" lang="plaintext">              Not Before: Thu Apr 11 09:56:22 UTC 2019</span>

<span id="LC24" class="line" lang="plaintext">              Not After: Wed Jul 10 09:56:22 UTC 2019</span>

<span id="LC25" class="line" lang="plaintext">      Subject: CN=jabberes.org</span>

<span id="LC26" class="line" lang="plaintext">[…]</span></code></pre>

<h2 dir="auto">

<a id="user-content-patch" class="anchor" href="#patch" aria-hidden="true"></a>Patch</h2>

<p dir="auto">Attention, this isn't a full patch, it's a workaround. I don't speak the XMPP protocol yet so I don't know when do we expect to see a <code><stream:features></code> and when not, or what does it mean. A better option would be to ignore <code><stream:features></code> if it's there, but not to fail if it isn't.</p>

<p dir="auto">The patch just expects to see both lines one after the other, which works for jabberes.org</p>

<pre class="code highlight js-syntax-highlight plaintext" lang="plaintext" v-pre="true"><code><span id="LC1" class="line" lang="plaintext">diff --git a/src/socket.c b/src/socket.c</span>

<span id="LC2" class="line" lang="plaintext">index be60f94..498d93f 100644</span>

<span id="LC3" class="line" lang="plaintext">--- a/src/socket.c</span>

<span id="LC4" class="line" lang="plaintext">+++ b/src/socket.c</span>

<span id="LC5" class="line" lang="plaintext">@@ -250,6 +250,7 @@ socket_starttls(socket_st * socket)</span>

<span id="LC6" class="line" lang="plaintext">               send_line(socket, buf);</span>

<span id="LC7" class="line" lang="plaintext">               wait_for_text(socket, "<?", 2);</span>

<span id="LC8" class="line" lang="plaintext">               send_line(socket, "<starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'/>");</span>

<span id="LC9" class="line" lang="plaintext">+              wait_for_text(socket, "<stream:", 8);</span>

<span id="LC10" class="line" lang="plaintext">              wait_for_text(socket, "<proceed", 8);</span>

<span id="LC11" class="line" lang="plaintext">      } else if (strcasecmp(socket->app_proto, "ldap") == 0) {</span>

<span id="LC12" class="line" lang="plaintext">              if (socket->verbose)</span></code></pre>

</div>

<div class="footer" style="margin-top: 10px;">

<p style="font-size: small; color: #777;">

—

<br>

Reply to this email directly or <a href="https://gitlab.com/gnutls/gnutls/issues/766">view it on GitLab</a>.

<br>

You're receiving this email because of your account on gitlab.com.

If you'd like to receive fewer emails, you can

<a href="https://gitlab.com/sent_notifications/c6d59bb32b7b979becb5d5e98177f8cb/unsubscribe">unsubscribe</a>

from this thread or

adjust your notification settings.

<script type="application/ld+json">{"@context":"http://schema.org","@type":"EmailMessage","action":{"@type":"ViewAction","name":"View Issue","url":"https://gitlab.com/gnutls/gnutls/issues/766"}}</script>

</p>

</div>

</body>

</html>