[DRE-maint] Bug#483974: xmpp4r failed connecting to gtalk possible due to bug in libopenssl-ruby1.8

Lucas Nussbaum lucas at lucas-nussbaum.net
Fri Jun 6 10:08:36 UTC 2008 

On 06/06/08 at 17:24 +0800, darren wrote:
> 2008/6/6 Lucas Nussbaum <lucas at lucas-nussbaum.net>:
> 
> > reassign 483974 libxmpp4r-ruby1.8
> > severity 483974 wishlist
> > retitle 483974 doesn't allow to connect to googletalk [fixed in git/svn]
> > thanks
> > On 04/06/08 at 23:30 +0800, darren wrote:
> > > 2008/6/4 darren <darren.hoo at gmail.com>:
> > > > 2008/6/4 Lucas Nussbaum <lucas at lucas-nussbaum.net>:
> > > > On 01/06/08 at 23:40 +0800, darren wrote:
> > > >> > Package: libopenssl-ruby1.8
> > > >> > Version: 1.8.6.114-2
> > > >> > Severity: normal
> > > >> >
> > > >> > I tried to connect to gtalk using xmpp4r,but failed,I tried to track
> > > >> > down the problem,later found that it may be caused by this ruby
> > libray.
> > > >> > a simple test code to verify:
> > > >> >
> > > >> > ----------------
> > > >> > require 'openssl'
> > > >> > require 'socket'
> > > >> >
> > > >> >
> > > >> > socket = TCPSocket.new("talk.google.com", 5223)
> > > >> >
> > > >> > ctx = OpenSSL::SSL::SSLContext.new('TLSv1')
> > > >> >
> > > >> > sslsocket = OpenSSL::SSL::SSLSocket.new(socket, ctx)
> > > >> >
> > > >> > begin
> > > >> >   puts "Start connect"
> > > >> >     sslsocket.connect
> > > >> > rescue OpenSSL::SSL::SSLError => ssle
> > > >> >     puts "------------------#{ssle.message}---------------"
> > > >> > end
> > > >> >
> > > >> > puts "finished"
> > > >> > -----------------
> > > >> >
> > > >> > It failed,but gave no reason,because ssle.message was empty.
> > > >> > same code runs fine on a lenny machine.
> > > >>
> > > >> Hi darren,
> > > >>
> > > >> Can you still reproduce this? It works fine here. Maybe it was fixed
> > on
> > > >> Google's side?
> > > >
> > > > Thanks for you response
> > > > Problem exists on my Debian Sid,But I tried it on a windows box with
> > ruby
> > > > 1.8.6,everything just goes fine,and xmpp4r works just fine too.
> > > > So I suspect it to be a Linux or rather Debian related bug.I have also
> > > > downloads ruby source code and compile myself,still the problem exists.
> > > >
> > >
> > > sorry,I have forgotten to mention that I have upgrade ruby version to
> > 1.8.7
> > > in unstable, running the above code gives the message now,it is :
> > >    SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read server hello A
> > > I have googled around the error message for a long time ,just don't know
> > how
> > > to figure out what does the error code above means.
> >
> > Hi Darren,
> >
> > I spent some time on this (since I'm also XMPP4R's original developer, I
> > had some special motivation :-)
> >
> > XMPP4R doesn't allow to connect to Google Talk, because it needs to
> > support the old SSL protocol. I added support for that in SVN. See
> > http://github.com/ln/xmpp4r/commit/bedd0a0a3a18c07ffee0806c52d0e5a95a57671d
> > and
> > http://github.com/ln/xmpp4r/commit/d232fdeec59b4f4517914608da95099349eaa418
> >
> > I'm reassigning this bug to libxmpp4r-ruby1.8, and lowering the severity
> > to wishlist. It will be fixed when we make a new XMPP4R release and I
> > update the Debian package.
> 
> Thanks,it works for me now.Actullay I have also noticed the patch submitted
> by  "姚春林"(a chinese name with three chinese charaters if you can not see
> this correctly ) who is also chinese like me,but It's so old that I deem it
> not related.
> 
> I looked through the patch and found that it is not so friendly to the user
> developper.
> cl.connect("talk.l.google.com", 5223, true) # use port 5223 and SSL mode
> I have to specify the host here which we can get by  resolving it from jid's
> domain part, can we use an attr  like  use_old_ssl  as allow_ssl does?
> just a suggestion.

We could, if you send a patch :-)

> I am not very handy on tls/ssl,just get confused which is new and which is
> deprecated ssl used by google,can you refer me to anything related?

TLS over negociation on port 5222 is the recommended practice and is
part of the XMPP standard.

direct SSL connection on 5223 is deprecated, used by google, and not
part of the XMPP standard.
-- 
| Lucas Nussbaum
| lucas at lucas-nussbaum.net   http://www.lucas-nussbaum.net/ |
| jabber: lucas at nussbaum.fr             GPG: 1024D/023B3F4F |

More information about the Pkg-ruby-extras-maintainers mailing list