It's getting interesting ... Axel Beckert wrote:
> I'm sorry, but I failed to get that script working. > > I tried with: > > * My own server (cacert certificate, Net::XMPP::Client can't seem to > pass ssl_ca_path to XML::Stream) > * Upstream's test server (connection refused despite I used the same > data as in their own test scripts) > * locally installed jabberd2 (gave nothing 500 server error after I > had it purged and installed again) > * locally installed prosody (connection timeout). The easiest way for me to get an XMPP server running was to install prosody, lua-sec, and libdigest-hmac-perl. Beware of #748721, edit the certificate name in /etc/prosody/prosody.cfg.lua. Then use prosodyctl to create an account. If it's of any help, I can provide a root account on a test machine for you, with a running prosody server. Send me your public ssh key. But ... see below. > I see currently two options: > > a) you try to checkout > https://anonscm.debian.org/cgit/pkg-perl/packages/libnet-xmpp-perl.git > and build the package from there to test it. Bad news: This is *not* a remedy against the error messages here. Additionally, this raises new warnings (three times): | WARNING: debug file () does not exist | and is not writable by you. | No debug information being saved. This also happens without any setuid quirks, the messages are generated by * /usr/share/perl5/XML/Stream.pm:401 (one time) * /usr/share/perl5/XML/Stream/Parser.pm:135 (two times) and I have no idea why. Good luck :) > b) I'll upload the new upstream release without fixing this issue, you > try it afterwards in Sid oder Testing and I either close this issue > retroactively or try to fix it based on your feedback. Modulo the above messages this is probably the way to go since there are more problems on the political layer: If you run my small script in Perl's taint mode, it will croak in other places: | Insecure dependency in eval while running with -T switch at /usr/share/perl5/Authen/SASL/Perl.pm line 58. | at /usr/share/perl5/XML/Stream.pm line 2155. So a can of worms is waiting to be opened ... AND: While I managed to reproduce the issue in my usual test systems, I failed to do so in a fresh, plain jessie install, the one I could easily grant you access to. So I still cannot make you see it with your own eyes.¹ At first, I really should find the differences between these two installations. I'll get back to you then. Christoph ¹ At least the new "WARNING"s show up, though.
signature.asc
Description: Digital signature
