Attached you'll find a patch that supposedly fixes this issue. It is
patch 2/4 of this series of patches
http://rt.openssl.org/Ticket/Display.html?id=2860.
[openssl.org #2860] [PATCH 2/4] Fix infinite loop on s_client starttls
xmpp
>From 7dd2afe4b0372555771d8f04be958a37f4f50c49 Mon Sep 17 00:00:00 2001
From: Carlos Alberto Lopez Perez <clo...@igalia.com>
Date: Mon, 6 Aug 2012 02:00:07 +0200
Subject: [PATCH 2/4] Fix infinite loop on s_client starttls xmpp
* When the host used in "-connect" is not what the remote XMPP server expects
the server will return an error like this:
<stream:error>
<host-unknown xmlns='urn:ietf:params:xml:ns:xmpp-streams'/>
</stream:error>
* But the actual code will stay on the loop forever because the stop condition
"/stream:features>" will never happen,
* Make this more robust: The stop condition should be that BIO_read failed
* Test if for example with ::
openssl s_client -connect random.jabb3r.net:5222 -starttls xmpp
---
apps/s_client.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/apps/s_client.c b/apps/s_client.c
index b5dcde5..982794c 100644
--- a/apps/s_client.c
+++ b/apps/s_client.c
@@ -1554,9 +1554,11 @@ SSL_set_tlsext_status_ids(con, ids);
while (!strstr(mbuf, "<starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'") &&
!strstr(mbuf, "<starttls xmlns=\"urn:ietf:params:xml:ns:xmpp-tls\""))
{
- if (strstr(mbuf, "/stream:features>"))
- goto shut;
seen = BIO_read(sbio,mbuf,BUFSIZZ);
+
+ if (seen <= 0)
+ goto shut;
+
mbuf[seen] = 0;
}
BIO_printf(sbio, "<starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'/>");
--
1.7.10.4
