Public bug reported:
OpenSSL s_client does not recognise the XML produced by some Jabber
servers (eg. OpenFire). The parameter values use double (") instead of
single quotes (') and s_client is too conservative in its string-parsing
routine.
To demonstrate the problem I used one of the public XMPP servers running
OpenFire 3.9.3:
openssl s_client -connect jabber.rootbash.com:5222 -starttls xmpp -debug
CONNECTED(00000003)
write to 0x1124c10 [0x7fffdf2d49c0] (124 bytes => 124 (0x7C))
0000 - 3c 73 74 72 65 61 6d 3a-73 74 72 65 61 6d 20 78 <stream:stream x
0010 - 6d 6c 6e 73 3a 73 74 72-65 61 6d 3d 27 68 74 74 mlns:stream='htt
0020 - 70 3a 2f 2f 65 74 68 65-72 78 2e 6a 61 62 62 65 p://etherx.jabbe
0030 - 72 2e 6f 72 67 2f 73 74-72 65 61 6d 73 27 20 78 r.org/streams' x
0040 - 6d 6c 6e 73 3d 27 6a 61-62 62 65 72 3a 63 6c 69 mlns='jabber:cli
0050 - 65 6e 74 27 20 74 6f 3d-27 6a 61 62 62 65 72 2e ent' to='jabber.
0060 - 72 6f 6f 74 62 61 73 68-2e 63 6f 6d 27 20 76 65 rootbash.com' ve
0070 - 72 73 69 6f 6e 3d 27 31-2e 30 27 3e rsion='1.0'>
read from 0x1124c10 [0x1118800] (8192 bytes => 192 (0xC0))
0000 - 3c 3f 78 6d 6c 20 76 65-72 73 69 6f 6e 3d 27 31 <?xml version='1
0010 - 2e 30 27 20 65 6e 63 6f-64 69 6e 67 3d 27 55 54 .0' encoding='UT
0020 - 46 2d 38 27 3f 3e 3c 73-74 72 65 61 6d 3a 73 74 F-8'?><stream:st
0030 - 72 65 61 6d 20 78 6d 6c-6e 73 3a 73 74 72 65 61 ream xmlns:strea
0040 - 6d 3d 22 68 74 74 70 3a-2f 2f 65 74 68 65 72 78 m="http://etherx
0050 - 2e 6a 61 62 62 65 72 2e-6f 72 67 2f 73 74 72 65 .jabber.org/stre
0060 - 61 6d 73 22 20 78 6d 6c-6e 73 3d 22 6a 61 62 62 ams" xmlns="jabb
0070 - 65 72 3a 63 6c 69 65 6e-74 22 20 66 72 6f 6d 3d er:client" from=
0080 - 22 6a 61 62 62 65 72 2e-72 6f 6f 74 62 61 73 68 "jabber.rootbash
0090 - 2e 63 6f 6d 22 20 69 64-3d 22 61 39 64 33 30 61 .com" id="a9d30a
00a0 - 34 32 22 20 78 6d 6c 3a-6c 61 6e 67 3d 22 65 6e 42" xml:lang="en
00b0 - 22 20 76 65 72 73 69 6f-6e 3d 22 31 2e 30 22 3e " version="1.0">
read from 0x1124c10 [0x1118800] (8192 bytes => 428 (0x1AC))
0000 - 3c 73 74 72 65 61 6d 3a-66 65 61 74 75 72 65 73 <stream:features
0010 - 3e 3c 73 74 61 72 74 74-6c 73 20 78 6d 6c 6e 73 ><starttls xmlns
0020 - 3d 22 75 72 6e 3a 69 65-74 66 3a 70 61 72 61 6d ="urn:ietf:param
0030 - 73 3a 78 6d 6c 3a 6e 73-3a 78 6d 70 70 2d 74 6c s:xml:ns:xmpp-tl
0040 - 73 22 3e 3c 2f 73 74 61-72 74 74 6c 73 3e 3c 6d s"></starttls><m
0050 - 65 63 68 61 6e 69 73 6d-73 20 78 6d 6c 6e 73 3d echanisms xmlns=
0060 - 22 75 72 6e 3a 69 65 74-66 3a 70 61 72 61 6d 73 "urn:ietf:params
0070 - 3a 78 6d 6c 3a 6e 73 3a-78 6d 70 70 2d 73 61 73 :xml:ns:xmpp-sas
0080 - 6c 22 3e 3c 6d 65 63 68-61 6e 69 73 6d 3e 44 49 l"><mechanism>DI
0090 - 47 45 53 54 2d 4d 44 35-3c 2f 6d 65 63 68 61 6e GEST-MD5</mechan
00a0 - 69 73 6d 3e 3c 6d 65 63-68 61 6e 69 73 6d 3e 50 ism><mechanism>P
00b0 - 4c 41 49 4e 3c 2f 6d 65-63 68 61 6e 69 73 6d 3e LAIN</mechanism>
00c0 - 3c 6d 65 63 68 61 6e 69-73 6d 3e 41 4e 4f 4e 59 <mechanism>ANONY
00d0 - 4d 4f 55 53 3c 2f 6d 65-63 68 61 6e 69 73 6d 3e MOUS</mechanism>
00e0 - 3c 6d 65 63 68 61 6e 69-73 6d 3e 43 52 41 4d 2d <mechanism>CRAM-
00f0 - 4d 44 35 3c 2f 6d 65 63-68 61 6e 69 73 6d 3e 3c MD5</mechanism><
0100 - 2f 6d 65 63 68 61 6e 69-73 6d 73 3e 3c 63 6f 6d /mechanisms><com
0110 - 70 72 65 73 73 69 6f 6e-20 78 6d 6c 6e 73 3d 22 pression xmlns="
0120 - 68 74 74 70 3a 2f 2f 6a-61 62 62 65 72 2e 6f 72 http://jabber.or
0130 - 67 2f 66 65 61 74 75 72-65 73 2f 63 6f 6d 70 72 g/features/compr
0140 - 65 73 73 22 3e 3c 6d 65-74 68 6f 64 3e 7a 6c 69 ess"><method>zli
0150 - 62 3c 2f 6d 65 74 68 6f-64 3e 3c 2f 63 6f 6d 70 b</method></comp
0160 - 72 65 73 73 69 6f 6e 3e-3c 61 75 74 68 20 78 6d ression><auth xm
0170 - 6c 6e 73 3d 22 68 74 74-70 3a 2f 2f 6a 61 62 62 lns="http://jabb
0180 - 65 72 2e 6f 72 67 2f 66-65 61 74 75 72 65 73 2f er.org/features/
0190 - 69 71 2d 61 75 74 68 22-2f 3e 3c 2f 73 74 72 65 iq-auth"/></stre
01a0 - 61 6d 3a 66 65 61 74 75-72 65 73 3e am:features>
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 620 bytes and written 124 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
---
The "no peer certificate available" is incorrect, it appears because
s_client doesn't correctly recognise the response from the remote
server.
The problem comes from the hard-coded string that s_client is looking for
during communication with the remote server here:
https://github.com/openssl/openssl/blob/OpenSSL_1_0_1-stable/apps/s_client.c#L1461
- the utility expects only a single-quoted string, while the standard also
allows the use of double quotes.
There is a bug report and a series of patches for various XMPP-related
bugs submitted in OpenSSL RT bugtracker
https://rt.openssl.org/Ticket/Display.html?id=2860&user=guest&pass=guest
(and more specifically for this problem -
https://rt.openssl.org/Ticket/Display.html?id=2860#txn-34620). This
issue has been fixed in the upstream Git repository in the master
branch
(https://github.com/openssl/openssl/blob/fbf08b79ff33110c242849e836aeb494bc03a132/apps/s_client.c#L1620).
Please consider including these patches.
Also please update the man page for s_client, it is for a previous
version of the utility and doesn't mention STARTTLS XMPP support at all.
ProblemType: Bug
DistroRelease: Ubuntu 14.04
Package: openssl 1.0.1f-1ubuntu2.8
ProcVersionSignature: Ubuntu 3.13.0-45.74-generic 3.13.11-ckt13
Uname: Linux 3.13.0-45-generic x86_64
NonfreeKernelModules: wl
ApportVersion: 2.14.1-0ubuntu3.6
Architecture: amd64
CurrentDesktop: Unity
Date: Tue Feb 10 21:59:30 2015
InstallationDate: Installed on 2014-07-07 (218 days ago)
InstallationMedia: Ubuntu 14.04 LTS "Trusty Tahr" - Release amd64 (20140417)
SourcePackage: openssl
UpgradeStatus: No upgrade log present (probably fresh install)
** Affects: openssl (Ubuntu)
Importance: Undecided
Status: New
** Tags: amd64 apport-bug trusty
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1420608
Title:
s_client doesn't recognise XMPP STARTTLS messages with double quotes
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1420608/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
