Hi Gregor, On Sun, Jun 25, 2017 at 11:40:09PM +0200, gregor herrmann wrote: > On Sun, 25 Jun 2017 14:52:54 -0300, Eriberto Mota wrote: > > > > Another question: you marked this bug as "affects: sendxmpp > > > ejabberd". The former is obvious but why the latter? I don't think > > > that ejabberd uses XML::Stream or Net::XMPP … > > > > This information was provided by Markus Gschwendt here: > > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=854210#10 > > Right but I'm reading the message as "It also happens when I use > sendxmpp to send a message to a server running ejabberd [and not only > some google server as in the original bug report]". Cc'ing Markus for > clarification. > > > When you think that you will can fix the issue? > > That depends on the answer to the question where the bug actually is > (and following that who should fix it). > > So far we have: > - a bug against libnet-xmpp-perl which is (at least partially) the wrong > package; the change in Net::XMPP is that it starts to pass on the > empty path to the ssl certs from sendxmpp to XML::Stream (before > that it just ignored the path), so even if a change in Net::XMPP > triggered the issues, it's not doing anything wrong and doesn't > look like the place to fix anything; > - a probably inflated severity, as sendxmpp appears to work fine if a > correct --tls-ca-path is passed on the command line (or probably in > its config file?); > - the idea to make this all easier for users by setting a sane > default in either sendxmpp or libxml-stream-perl; > - no indication that this affects anything else then sendxmpp > (if I interpret Markus' message correctly). > > Currently I tend to think that setting an empty path for tls-ca-path > is suboptimal behaviour in sendxmpp which should be fixed there. > > But I'd welcome other opinions on this point.
Maybe I miss something obvious, but IMHO the bug should 1/ be reassigned to sendxmpp itself. Then the question is if sendxmpp should be patches actually (if so it might need to depend on ca-certificates), or "just" document when -tls-ca-path="/etc/ssl/certs" needs to be passed. Maybe not a really useful reply, and I was not involved in the whole discussion. But my gut feeling is that Net::XMPP is not at "fault" here in this case. Regards, Salvatore
