[gentoo-user] pidgin, ssl, and xmpp
With the following pidgin debug log: 21:46:56) account: Connecting to account x...@gmail.com/. (21:46:56) connection: Connecting. gc = 0x1d44780 (21:46:56) dnssrv: querying SRV record for gmail.com: _xmpp-client._tcp.gmail.com (21:46:56) dnssrv: found 5 SRV entries (21:46:56) dnsquery: Performing DNS lookup for xmpp.l.google.com (21:46:56) dns: Successfully sent DNS request to child 805 (21:46:56) dns: Got response for 'xmpp.l.google.com' (21:46:56) dnsquery: IP resolved for xmpp.l.google.com (21:46:56) proxy: Attempting connection to 209.85.225.125 (21:46:56) proxy: Connecting to xmpp.l.google.com:5222 with no proxy (21:46:56) proxy: Connection in progress (21:46:56) proxy: Connecting to xmpp.l.google.com:5222. (21:46:56) proxy: Connected to xmpp.l.google.com:5222. (21:46:56) jabber: Sending (x...@gmail.com): ?xml version='1.0' ? (21:46:56) jabber: Sending (x...@gmail.com): stream:stream to='gmail.com' xmlns='jabber:client' xmlns:stream='http://etherx.jabber.org/streams' version='1.0' (21:46:56) jabber: Recv (138): stream:stream from=gmail.com id=0A69C2453F195AB0 version=1.0 xmlns:stream=http://etherx.jabber.org/streams; xmlns=jabber:client (21:46:56) jabber: Recv (241): stream:featuresstarttls xmlns=urn:ietf:params:xml:ns:xmpp-tlsrequired//starttlsmechanisms xmlns=urn:ietf:params:xml:ns:xmpp-saslmechanismX-GOOGLE-TOKEN/mechanismmechanismX-OAUTH2/mechanism/mechanisms/stream:features (21:46:56) jabber: Sending (x...@gmail.com): starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'/ (21:46:56) jabber: Recv (50): proceed xmlns=urn:ietf:params:xml:ns:xmpp-tls/ (21:46:56) gnutls: Starting handshake with gmail.com (21:46:56) util: Writing file prefs.xml to directory /home/XXX/.purple (21:46:56) util: Writing file /home/XXX/.purple/prefs.xml (21:46:56) gnutls: Handshake complete (21:46:56) gnutls/x509: Key print: 0c:99:2a:04:72:48:59:1a:3c:cf:ab:60:d0:2a:9e:73:73:42:f0:08 (21:46:56) gnutls/x509: Key print: dd:7a:7f:13:1d:db:a3:3d:3e:86:70:17:94:83:e6:fe:a6:98:7d:6a (21:46:56) gnutls: Peer provided 2 certs (21:46:56) gnutls: Lvl 0 SHA1 fingerprint: 0c:99:2a:04:72:48:59:1a:3c:cf:ab:60:d0:2a:9e:73:73:42:f0:08 (21:46:56) gnutls: Serial: 6d:ca:e4:9f:00:03:00:00:34:be (21:46:56) gnutls: Cert DN: C=US,ST=California,L=Mountain View,O=Google Inc.,CN=gmail.com (21:46:56) gnutls: Cert Issuer DN: C=US,O=Google Inc,CN=Google Internet Authority (21:46:56) gnutls: Lvl 1 SHA1 fingerprint: dd:7a:7f:13:1d:db:a3:3d:3e:86:70:17:94:83:e6:fe:a6:98:7d:6a (21:46:56) gnutls: Serial: 0b:67:71 (21:46:56) gnutls: Cert DN: C=US,O=Google Inc,CN=Google Internet Authority (21:46:56) gnutls: Cert Issuer DN: C=US,O=Equifax,OU=Equifax Secure Certificate Authority (21:46:56) certificate/x509/tls_cached: Starting verify for gmail.com (21:46:56) certificate/x509/tls_cached: Checking for cached cert... (21:46:56) certificate/x509/tls_cached: ...Found cached cert (21:46:56) gnutls: Attempting to load X.509 certificate from /home/XXX/.purple/certificates/x509/tls_peers/gmail.com (21:46:56) certificate/x509/tls_cached: Peer cert matched cached (21:46:56) util: Writing file /home/XXX/.purple/certificates/x509/tls_peers/gmail.com (21:46:56) certificate: Successfully verified certificate for gmail.com (21:46:56) jabber: Sending (ssl) (x...@gmail.com): stream:stream to='gmail.com' xmlns='jabber:client' xmlns:stream='http://etherx.jabber.org/streams' version='1.0' (21:46:56) jabber: Recv (ssl)(138): stream:stream from=gmail.com id=6C45C0A9313259E1 version=1.0 xmlns:stream=http://etherx.jabber.org/streams; xmlns=jabber:client (21:46:56) jabber: Recv (ssl)(197): stream:featuresmechanisms xmlns=urn:ietf:params:xml:ns:xmpp-saslmechanismPLAIN/mechanismmechanismX-GOOGLE-TOKEN/mechanismmechanismX-OAUTH2/mechanism/mechanisms/stream:features (21:46:56) sasl: sasl_state is -1, failing the mech and trying again (21:46:56) connection: Connection error on 0x1d44780 (reason: 3 description: Server does not use any supported authentication method) (21:46:57) account: Disconnecting account x...@gmail.com/ (0x1a3dbb0) (21:46:57) connection: Disconnecting connection 0x1d44780 (21:46:57) jabber: Sending (ssl) (x...@gmail.com): /stream:stream (21:46:57) connection: Destroying connection 0x1d44780 and USE flags: dev-libs/cyrus-sasl-2.1.25 berkdb gdbm java kerberos mysql pam postgres sqlite ssl -authdaemond -elibc_FreeBSD -ldapdb -openldap -sample -srp -static-libs -urandom net-im/pidgin-2.10.1 dbus debug doc gnutls gstreamer gtk idn ncurses nls perl python sasl spell tcl tk xscreensaver -eds -gadu -groupwise -meanwhile -networkmanager -prediction -silc -zephyr -zeroconf net-libs/gnutls-2.10.5 cxx doc lzo nls zlib -bindist -examples -guile -test where exactly is the SSL problem?
Re: [gentoo-user] pidgin, ssl, and xmpp
On Jan 7, 2012 9:59 AM, Andrey Moshbear andrey@gmail.com wrote: With the following pidgin debug log: 21:46:56) account: Connecting to account x...@gmail.com/. (21:46:56) connection: Connecting. gc = 0x1d44780 (21:46:56) dnssrv: querying SRV record for gmail.com: _xmpp-client._tcp.gmail.com (21:46:56) dnssrv: found 5 SRV entries (21:46:56) dnsquery: Performing DNS lookup for xmpp.l.google.com (21:46:56) dns: Successfully sent DNS request to child 805 (21:46:56) dns: Got response for 'xmpp.l.google.com' (21:46:56) dnsquery: IP resolved for xmpp.l.google.com (21:46:56) proxy: Attempting connection to 209.85.225.125 (21:46:56) proxy: Connecting to xmpp.l.google.com:5222 with no proxy (21:46:56) proxy: Connection in progress (21:46:56) proxy: Connecting to xmpp.l.google.com:5222. (21:46:56) proxy: Connected to xmpp.l.google.com:5222. (21:46:56) jabber: Sending (x...@gmail.com): ?xml version='1.0' ? (21:46:56) jabber: Sending (x...@gmail.com): stream:stream to='gmail.com' xmlns='jabber:client' xmlns:stream='http://etherx.jabber.org/streams' version='1.0' (21:46:56) jabber: Recv (138): stream:stream from=gmail.com id=0A69C2453F195AB0 version=1.0 xmlns:stream=http://etherx.jabber.org/streams; xmlns=jabber:client (21:46:56) jabber: Recv (241): stream:featuresstarttls xmlns=urn:ietf:params:xml:ns:xmpp-tlsrequired//starttlsmechanisms xmlns=urn:ietf:params:xml:ns:xmpp-saslmechanismX-GOOGLE-TOKEN/mechanismmechanismX-OAUTH2/mechanism/mechanisms/stream:features (21:46:56) jabber: Sending (x...@gmail.com): starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'/ (21:46:56) jabber: Recv (50): proceed xmlns=urn:ietf:params:xml:ns:xmpp-tls/ (21:46:56) gnutls: Starting handshake with gmail.com (21:46:56) util: Writing file prefs.xml to directory /home/XXX/.purple (21:46:56) util: Writing file /home/XXX/.purple/prefs.xml (21:46:56) gnutls: Handshake complete (21:46:56) gnutls/x509: Key print: 0c:99:2a:04:72:48:59:1a:3c:cf:ab:60:d0:2a:9e:73:73:42:f0:08 (21:46:56) gnutls/x509: Key print: dd:7a:7f:13:1d:db:a3:3d:3e:86:70:17:94:83:e6:fe:a6:98:7d:6a (21:46:56) gnutls: Peer provided 2 certs (21:46:56) gnutls: Lvl 0 SHA1 fingerprint: 0c:99:2a:04:72:48:59:1a:3c:cf:ab:60:d0:2a:9e:73:73:42:f0:08 (21:46:56) gnutls: Serial: 6d:ca:e4:9f:00:03:00:00:34:be (21:46:56) gnutls: Cert DN: C=US,ST=California,L=Mountain View,O=Google Inc.,CN=gmail.com (21:46:56) gnutls: Cert Issuer DN: C=US,O=Google Inc,CN=Google Internet Authority (21:46:56) gnutls: Lvl 1 SHA1 fingerprint: dd:7a:7f:13:1d:db:a3:3d:3e:86:70:17:94:83:e6:fe:a6:98:7d:6a (21:46:56) gnutls: Serial: 0b:67:71 (21:46:56) gnutls: Cert DN: C=US,O=Google Inc,CN=Google Internet Authority (21:46:56) gnutls: Cert Issuer DN: C=US,O=Equifax,OU=Equifax Secure Certificate Authority (21:46:56) certificate/x509/tls_cached: Starting verify for gmail.com (21:46:56) certificate/x509/tls_cached: Checking for cached cert... (21:46:56) certificate/x509/tls_cached: ...Found cached cert (21:46:56) gnutls: Attempting to load X.509 certificate from /home/XXX/.purple/certificates/x509/tls_peers/gmail.com (21:46:56) certificate/x509/tls_cached: Peer cert matched cached (21:46:56) util: Writing file /home/XXX/.purple/certificates/x509/tls_peers/gmail.com (21:46:56) certificate: Successfully verified certificate for gmail.com (21:46:56) jabber: Sending (ssl) (x...@gmail.com): stream:stream to='gmail.com' xmlns='jabber:client' xmlns:stream='http://etherx.jabber.org/streams' version='1.0' (21:46:56) jabber: Recv (ssl)(138): stream:stream from=gmail.com id=6C45C0A9313259E1 version=1.0 xmlns:stream=http://etherx.jabber.org/streams; xmlns=jabber:client (21:46:56) jabber: Recv (ssl)(197): stream:featuresmechanisms xmlns=urn:ietf:params:xml:ns:xmpp-saslmechanismPLAIN/mechanismmechanismX-GOOGLE-TOKEN/mechanismmechanismX-OAUTH2/mechanism/mechanisms/stream:features (21:46:56) sasl: sasl_state is -1, failing the mech and trying again (21:46:56) connection: Connection error on 0x1d44780 (reason: 3 description: Server does not use any supported authentication method) (21:46:57) account: Disconnecting account x...@gmail.com/ (0x1a3dbb0) (21:46:57) connection: Disconnecting connection 0x1d44780 (21:46:57) jabber: Sending (ssl) (x...@gmail.com): /stream:stream (21:46:57) connection: Destroying connection 0x1d44780 and USE flags: dev-libs/cyrus-sasl-2.1.25 berkdb gdbm java kerberos mysql pam postgres sqlite ssl -authdaemond -elibc_FreeBSD -ldapdb -openldap -sample -srp -static-libs -urandom net-im/pidgin-2.10.1 dbus debug doc gnutls gstreamer gtk idn ncurses nls perl python sasl spell tcl tk xscreensaver -eds -gadu -groupwise -meanwhile -networkmanager -prediction -silc -zephyr -zeroconf net-libs/gnutls-2.10.5 cxx doc lzo nls zlib -bindist -examples -guile -test where exactly is the SSL problem? It's not SSL problem, but SASL authentication failure. Check the following, might help :
Re: [gentoo-user] pidgin, ssl, and xmpp
On Fri, Jan 6, 2012 at 23:04, Pandu Poluan pa...@poluan.info wrote: On Jan 7, 2012 9:59 AM, Andrey Moshbear andrey@gmail.com wrote: [snip] where exactly is the SSL problem? It's not SSL problem, but SASL authentication failure. Check the following, might help : http://askubuntu.com/questions/88989/unable-to-connect-to-google-talk-using-pidgin-sasl-error Interesting how having 127.0.0.1 localhost ::1 localhost instead of 127.0.0.1 localhost hostname ::1 localhost hostname causes subtle issues. And yes, that fixed it. Thanks for the link.
Re: [gentoo-user] pidgin, ssl, and xmpp
On Jan 7, 2012 11:14 AM, Andrey Moshbear andrey@gmail.com wrote: On Fri, Jan 6, 2012 at 23:04, Pandu Poluan pa...@poluan.info wrote: On Jan 7, 2012 9:59 AM, Andrey Moshbear andrey@gmail.com wrote: [snip] where exactly is the SSL problem? It's not SSL problem, but SASL authentication failure. Check the following, might help : http://askubuntu.com/questions/88989/unable-to-connect-to-google-talk-using-pidgin-sasl-error Interesting how having 127.0.0.1 localhost ::1 localhost instead of 127.0.0.1 localhost hostname ::1 localhost hostname causes subtle issues. And yes, that fixed it. Thanks for the link. I think the SASL handshake appended the hostname somewhere, and Google rejected all auth attempts from localhosh But that's just some speculation. Anyways, glad it helped. Rgds,