freebsd 10.2 
jabberd2 version(2.3.6)

I'm using mysql to hold the usernames and passwords. I have verified
that they are in the database by doing a select *. The usernames in the
mysql database are in plain text. 

I am setting up jabberd2 for a private messaging service, and thus
don't want users registering themselves, hence I used mysql because
that allows me to maintain all the accounts by logging into the server. 

PEM file is self signed. 
I have not loaded s2s since I don't want to link this to other XMPP
servers. 

I am not using port 5223 since I need no backwards compatibility. I
want to use TLS via starttls.

I am using profanity to test the jabberd2 server being logged into the
server rather than over the internet. [Profanity is a XMPP client that
doesn't need a gui.]

Relevant portions of c2s.xml:

<id
realm="MYDOMAIN>COM"
permfile="/usr/local/etc/jabberd/jabber.pem"
ciphers="TLSv1.2, TLSv1.0"
require-starttls='true'
register-enable='false'
password-change='false'
>MYDOMAIN.COM</id>

  <!--
    <ssl-port>5223</ssl-port>
    -->


  <!-- Authentication/registration database configuration -->
  <authreg>
    <!-- Dynamic authreg modules path -->
    <path>/usr/local/lib/jabberd</path>

    <!-- Backend module to use -->
    <module>mysql</module>

    <!-- Available authentication mechanisms -->
    <mechanisms>

      <!-- These are the traditional Jabber authentication mechanisms.
           Comment out any that you don't want to be offered to clients.
           Note that if the auth/reg module does not support one of
           these mechanisms, then it will not be offered regardless of
           whether or not it is enabled here. -->
<!--
      <traditional>
        <plain/>
        <digest/>
      </traditional>
-->
      <!-- SASL authentication mechanisms. Comment out any that you
           don't want to be offered to clients. Again, if the auth/reg
           module does not support one of these mechanisms, then it will
           not be offered. -->
      <sasl>
<!--
        <plain/>
-->
<!--
        <digest-md5/>
-->
        <!--
        <anonymous/>
        <gssapi/>
        -->
      </sasl>
    </mechanisms>

    <!-- Additional mechanisms that are also available when the
         connection is encrypted. Ie. when START-TLS had been
         negotiated, or user connected on SSL-wrapped port. -->
    <ssl-mechanisms>
      <!-- it's advisable that you disable plain in the above
           <mechanisms/> section -->
      <traditional>
        <plain/>
      </traditional>

      <sasl>
        <plain/>
        <external/>
      </sasl>
    </ssl-mechanisms>



what follows is the debug output once the program has initialized. That
is, I ran jabberd -D and let the program settle, then tried to log in.
I could supply more, but I'm trying to keep it relevant to the login
session. The file is sanitized of private data, which should be obvious
where applicable. I also wrapped the long lines.
-------------------------------------------------
C2S : sx (sx.c:115) freeing 5 env plugins
C2S : Mon May  2 01:08:12 2016 [notice] [7] [MYIP, port=43659] connect
C2S : Mon May  2 01:08:12 2016 c2s.c:563 accept action on fd 7
C2S : sx (sx.c:65) allocated new sx for 7
C2S : sx (server.c:260) doing server init for sx 7 
C2S : sx (server.c:272) waiting for stream header
C2S : sx (server.c:275) tag 7 event 0 data 0x0
C2S : Mon May  2 01:08:12 2016 c2s.c:37 want read
C2S : Mon May  2 01:08:12 2016 c2s.c:515 read action on fd 7
C2S : sx (io.c:206) 7 ready for reading
C2S : sx (io.c:212) tag 7 event 2 data 0x2e03940
C2S : Mon May  2 01:08:12 2016 c2s.c:47 reading from 7
C2S : Mon May  2 01:08:12 2016 c2s.c:106 read 156 bytes
C2S : sx (io.c:231) passed 156 read bytes
C2S : sx (chain.c:93) calling io read chain


C2S : sx (io.c:255) decoded read data (156 bytes): <?xml version="1.0"?>
<stream:stream to="MYDOMAIN.COM" xml:lang="en" version="1.0" 
xmlns="jabber:client" 
xmlns:stream="http://etherx.jabber.org/streams";>

C2S : sx (server.c:126) stream request: to MYDOMAIN.COM from (null) version 1.0
C2S : sx (server.c:141) 7 state change from 0 to 1
C2S : sx (server.c:159) stream id is LONGRANDOM
C2S : Mon May  2 01:08:12 2016 ack.c:34 hacking ack namespace decl onto stream 
header
C2S : sx (server.c:202) prepared stream response: <?xml version='1.0'?>
<stream:stream xmlns:stream='http://etherx.jabber.org/streams' 
xmlns='jabber:client' 
from='MYDOMAIN.COM' version='1.0' id='LONGRANDOM' 
xmlns:ack='http://www.xmpp.org/extensions/xep-0198.html#ns'>

C2S : sx (io.c:271) tag 7 event 1 data 0x0
C2S : Mon May  2 01:08:12 2016 c2s.c:42 want write
C2S : Mon May  2 01:08:12 2016 c2s.c:529 write action on fd 7
C2S : sx (io.c:343) 7 ready for writing
C2S : sx (io.c:301) encoding 250 bytes for writing: <?xml version='1.0'?>
<stream:stream xmlns:stream='http://etherx.jabber.org/streams' 
xmlns='jabber:client' from='MYDOMAIN.COM' version='1.0' 
id='LONGRANDOM' xmlns:ack='http://www.xmpp.org/extensions/xep-0198.html#ns'>

C2S : sx (chain.c:79) calling io write chain
C2S : sx (io.c:364) handing app 250 bytes to write
C2S : sx (io.c:365) tag 7 event 3 data 0x2e03970
C2S : Mon May  2 01:08:12 2016 c2s.c:113 writing to 7
C2S : Mon May  2 01:08:12 2016 c2s.c:117 250 bytes written
C2S : sx (server.c:29) stream established
C2S : sx (server.c:39) 7 state change from 1 to 3
C2S : sx (server.c:40) tag 7 event 4 data 0x0
C2S : sx (server.c:45) building features nad
C2S : sx (address.c:34) adding address feature
C2S : sx (sasl.c:260) ssl not established yet but the app requires it, not 
offering mechanisms
C2S : Mon May  2 01:08:12 2016 bind.c:38 not auth'd, offering auth and register
C2S : sx (io.c:398) tag 7 event 0 data 0x0
C2S : Mon May  2 01:08:12 2016 c2s.c:37 want read
C2S : Mon May  2 01:08:12 2016 c2s.c:529 write action on fd 7
C2S : sx (io.c:343) 7 ready for writing
C2S : sx (io.c:301) encoding 267 bytes for writing: <stream:features 
xmlns:stream='http://etherx.jabber.org/streams'><address 
xmlns='http://affinix.com/jabber/address'>MYIP</address><auth 
xmlns='http://jabber.org/features/iq-auth'/><register 
xmlns='http://jabber.org/features/iq-register'/></stream:features>

C2S : sx (chain.c:79) calling io write chain
C2S : sx (io.c:364) handing app 267 bytes to write
C2S : sx (io.c:365) tag 7 event 3 data 0x2e03970
C2S : Mon May  2 01:08:12 2016 c2s.c:113 writing to 7
C2S : Mon May  2 01:08:12 2016 c2s.c:117 267 bytes written
C2S : sx (io.c:398) tag 7 event 0 data 0x0
C2S : Mon May  2 01:08:12 2016 c2s.c:37 want read
C2S : Mon May  2 01:08:12 2016 c2s.c:515 read action on fd 7
C2S : Mon May  2 01:08:12 2016 [notice] [7] got pre STARTTLS packet, dropping
C2S : sx (io.c:206) 7 ready for reading
C2S : sx (io.c:212) tag 7 event 2 data 0x2e03970
C2S : Mon May  2 01:08:12 2016 c2s.c:47 reading from 7
C2S : Mon May  2 01:08:12 2016 c2s.c:106 read 176 bytes
C2S : sx (io.c:231) passed 176 read bytes
C2S : sx (chain.c:93) calling io read chain
C2S : sx (io.c:255) decoded read data (176 bytes): <iq id="_xmpp_auth1" 
type="set"><query 
xmlns="jabber:iq:auth"><username>SOMEUSER</username><password>PASSWORD</password>
<resource>profanity</resource></query></iq>

C2S : sx (io.c:96) completed nad: <iq xmlns='jabber:client' type='set' 
id='_xmpp_auth1'><query 
xmlns='jabber:iq:auth'><username>SOMEUSER</username><password>PASSWORD</password>
<resource>profanity</resource></query></iq>

C2S : sx (chain.c:119) calling nad read chain
C2S : sx (io.c:167) tag 7 event 6 data 0x2dd6da0
C2S : Mon May  2 01:08:12 2016 c2s.c:392 pre STARTTLS packet, dropping

C2S : sx (error.c:79) prepared error: <stream:error 
xmlns:stream='http://etherx.jabber.org/streams'>
<policy-violation xmlns='urn:ietf:params:xml:ns:xmpp-streams'/>
<text xmlns='urn:ietf:params:xml:ns:xmpp-streams'>
STARTTLS is required for this stream</text></stream:error>

C2S : sx (error.c:100) tag 7 event 1 data 0x0
C2S : Mon May  2 01:08:12 2016 c2s.c:42 want write
C2S : Mon May  2 01:08:12 2016 c2s.c:529 write action on fd 7
C2S : sx (io.c:343) 7 ready for writing
C2S : sx (io.c:301) encoding 233 bytes for writing: <stream:error 
xmlns:stream='http://etherx.jabber.org/streams'><policy-violation 
xmlns='urn:ietf:params:xml:ns:xmpp-streams'/><text 
xmlns='urn:ietf:params:xml:ns:xmpp-streams'>
STARTTLS is required for this stream</text></stream:error>

C2S : sx (chain.c:79) calling io write chain
C2S : sx (io.c:364) handing app 233 bytes to write
C2S : sx (io.c:365) tag 7 event 3 data 0x2e03be0
C2S : Mon May  2 01:08:12 2016 c2s.c:113 writing to 7
C2S : Mon May  2 01:08:12 2016 c2s.c:117 233 bytes written
C2S : sx (io.c:398) tag 7 event 0 data 0x0
C2S : Mon May  2 01:08:12 2016 c2s.c:37 want read
C2S : Mon May  2 01:08:28 2016 c2s.c:515 read action on fd 7
C2S : sx (io.c:206) 7 ready for reading
C2S : sx (io.c:212) tag 7 event 2 data 0x2e03a90
C2S : Mon May  2 01:08:28 2016 c2s.c:47 reading from 7
C2S : Mon May  2 01:08:28 2016 c2s.c:106 read 16 bytes
C2S : sx (io.c:231) passed 16 read bytes
C2S : sx (chain.c:93) calling io read chain
C2S : sx (io.c:255) decoded read data (16 bytes): </stream:stream>
C2S : sx (io.c:189) 7 state change from 3 to 5
C2S : sx (io.c:271) tag 7 event 1 data 0x0
C2S : Mon May  2 01:08:28 2016 c2s.c:42 want write
C2S : Mon May  2 01:08:28 2016 c2s.c:529 write action on fd 7
C2S : sx (io.c:343) 7 ready for writing
C2S : sx (io.c:301) encoding 16 bytes for writing: </stream:stream>
C2S : sx (chain.c:79) calling io write chain
C2S : sx (io.c:364) handing app 16 bytes to write
C2S : sx (io.c:365) tag 7 event 3 data 0x2e03be0
C2S : Mon May  2 01:08:28 2016 c2s.c:113 writing to 7
C2S : Mon May  2 01:08:28 2016 c2s.c:117 16 bytes written
C2S : Mon May  2 01:08:28 2016 [notice] [7] [MYIP, port=43659] disconnect 
jid=unbound, packets: 1, bytes: 348
C2S : sx (io.c:390) 7 state change from 5 to 6
C2S : sx (io.c:391) tag 7 event 7 data 0x0
C2S : Mon May  2 01:08:28 2016 c2s.c:534 close action on fd 7
C2S : sx (sx.c:82) freeing sx for 7


Reply via email to