When using the following command to connect to an xmpp server which uses a different hostname to the published ssl certificate and jabber domain openssl goes into an infinite loop.
$ openssl s_client -starttls xmpp -connect some.jabber.server -debug CONNECTED(00000003) write to 0x7ff873c1f130 [0x7fff69a209e0] (119 bytes => 119 (0x77)) 0000 - 3c 73 74 72 65 61 6d 3a-73 74 72 65 61 6d 20 78 <stream:stream x 0010 - 6d 6c 6e 73 3a 73 74 72-65 61 6d 3d 27 68 74 74 mlns:stream='htt 0020 - 70 3a 2f 2f 65 74 68 65-72 78 2e 6a 61 62 62 65 p://etherx.jabbe 0030 - 72 2e 6f 72 67 2f 73 74-72 65 61 6d 73 27 20 78 r.org/streams' x 0040 - 6d 6c 6e 73 3d 27 6a 61-62 62 65 72 3a 63 6c 69 mlns='jabber:cli 0050 - 65 6e 74 27 20 74 6f 3d-27 6c 64 6e 31 2e 62 2e ent' to='ldn1.b. 0060 - 77 6c 2d 68 2e 61 74 27-20 76 65 72 73 69 6f 6e wl-h.at' version 0070 - 3d 27 31 2e 30 27 3e ='1.0'> read from 0x7ff873c1f130 [0x7ff874007c00] (8192 bytes => 152 (0x98)) 0000 - 3c 3f 78 6d 6c 20 76 65-72 73 69 6f 6e 3d 27 31 <?xml version='1 0010 - 2e 30 27 3f 3e 3c 73 74-72 65 61 6d 3a 73 74 72 .0'?><stream:str 0020 - 65 61 6d 20 78 6d 6c 6e-73 3d 27 6a 61 62 62 65 eam xmlns='jabbe 0030 - 72 3a 63 6c 69 65 6e 74-27 20 78 6d 6c 6e 73 3a r:client' xmlns: 0040 - 73 74 72 65 61 6d 3d 27-68 74 74 70 3a 2f 2f 65 stream='http://e 0050 - 74 68 65 72 78 2e 6a 61-62 62 65 72 2e 6f 72 67 therx.jabber.org 0060 - 2f 73 74 72 65 61 6d 73-27 20 69 64 3d 27 38 37 /streams' id='87 0070 - 37 31 37 35 35 33 32 27-20 66 72 6f 6d 3d 27 66 7175532' from='f 0080 - 72 65 65 63 68 2e 61 74-27 20 78 6d 6c 3a 6c 61 reech.at' xml:la 0090 - 6e 67 3d 27 65 6e 27 3e- ng='en'> read from 0x7ff873c1f130 [0x7ff874007c00] (8192 bytes => 104 (0x68)) 0000 - 3c 73 74 72 65 61 6d 3a-65 72 72 6f 72 3e 3c 68 <stream:error><h 0010 - 6f 73 74 2d 75 6e 6b 6e-6f 77 6e 20 78 6d 6c 6e ost-unknown xmln 0020 - 73 3d 27 75 72 6e 3a 69-65 74 66 3a 70 61 72 61 s='urn:ietf:para 0030 - 6d 73 3a 78 6d 6c 3a 6e-73 3a 78 6d 70 70 2d 73 ms:xml:ns:xmpp-s 0040 - 74 72 65 61 6d 73 27 2f-3e 3c 2f 73 74 72 65 61 treams'/></strea 0050 - 6d 3a 65 72 72 6f 72 3e-3c 2f 73 74 72 65 61 6d m:error></stream 0060 - 3a 73 74 72 65 61 6d 3e- :stream> read from 0x7ff873c1f130 [0x7ff874007c00] (8192 bytes => 0 (0x0)) read from 0x7ff873c1f130 [0x7ff874007c00] (8192 bytes => 0 (0x0)) read from 0x7ff873c1f130 [0x7ff874007c00] (8192 bytes => 0 (0x0)) read from 0x7ff873c1f130 [0x7ff874007c00] (8192 bytes => 0 (0x0))..continues ad infinitum.. see the following bug on ubuntu's launchpad: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/654493 this is affecting my macports-compiled "OpenSSL 1.0.1b 26 Apr 2012", my OS X apple-provided "OpenSSL 0.9.8r 8 Feb 2011" (in os x's /usr/bin/openssl) as well as the Ubuntu bug reporter's version from Ubuntu 10.10 package id "openssl-0.9.8o-1ubuntu4". I have also tested on Ubuntu 10.04 with version "OpenSSL 0.9.8k 25 Mar 2009" which is also prone to the issue. ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
