[Touch-packages] [Bug 1420608] Re: s_client doesn't recognise XMPP STARTTLS messages with double quotes
I'm marking this bug as Fix Released for the openssl package too because we've incorporated this already and I can't reproduce the issue (I used conference.igniterealtime.org:5222 since the original testcase doesn't resolve anymore). ** Changed in: openssl (Ubuntu) Status: Confirmed => Fix Released -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/1420608 Title: s_client doesn't recognise XMPP STARTTLS messages with double quotes Status in OpenSSL: Fix Released Status in openssl package in Ubuntu: Fix Released Bug description: OpenSSL s_client does not recognise the XML produced by some Jabber servers (eg. OpenFire). The parameter values use double (") instead of single quotes (') and s_client is too conservative in its string- parsing routine. To demonstrate the problem I used one of the public XMPP servers running OpenFire 3.9.3: openssl s_client -connect jabber.rootbash.com:5222 -starttls xmpp -debug CONNECTED(0003) write to 0x1124c10 [0x7fffdf2d49c0] (124 bytes => 124 (0x7C)) - 3c 73 74 72 65 61 6d 3a-73 74 72 65 61 6d 20 78 read from 0x1124c10 [0x1118800] (8192 bytes => 192 (0xC0)) - 3c 3f 78 6d 6c 20 76 65-72 73 69 6f 6e 3d 27 31 http://etherx 0050 - 2e 6a 61 62 62 65 72 2e-6f 72 67 2f 73 74 72 65 .jabber.org/stre 0060 - 61 6d 73 22 20 78 6d 6c-6e 73 3d 22 6a 61 62 62 ams" xmlns="jabb 0070 - 65 72 3a 63 6c 69 65 6e-74 22 20 66 72 6f 6d 3d er:client" from= 0080 - 22 6a 61 62 62 65 72 2e-72 6f 6f 74 62 61 73 68 "jabber.rootbash 0090 - 2e 63 6f 6d 22 20 69 64-3d 22 61 39 64 33 30 61 .com" id="a9d30a 00a0 - 34 32 22 20 78 6d 6c 3a-6c 61 6e 67 3d 22 65 6e 42" xml:lang="en 00b0 - 22 20 76 65 72 73 69 6f-6e 3d 22 31 2e 30 22 3e " version="1.0"> read from 0x1124c10 [0x1118800] (8192 bytes => 428 (0x1AC)) - 3c 73 74 72 65 61 6d 3a-66 65 61 74 75 72 65 73 DI 0090 - 47 45 53 54 2d 4d 44 35-3c 2f 6d 65 63 68 61 6e GEST-MD5P 00b0 - 4c 41 49 4e 3c 2f 6d 65-63 68 61 6e 69 73 6d 3e LAIN 00c0 - 3c 6d 65 63 68 61 6e 69-73 6d 3e 41 4e 4f 4e 59 ANONY 00d0 - 4d 4f 55 53 3c 2f 6d 65-63 68 61 6e 69 73 6d 3e MOUS 00e0 - 3c 6d 65 63 68 61 6e 69-73 6d 3e 43 52 41 4d 2d CRAM- 00f0 - 4d 44 35 3c 2f 6d 65 63-68 61 6e 69 73 6d 3e 3c MD5< 0100 - 2f 6d 65 63 68 61 6e 69-73 6d 73 3e 3c 63 6f 6d /mechanisms>http://jabber.or 0130 - 67 2f 66 65 61 74 75 72-65 73 2f 63 6f 6d 70 72 g/features/compr 0140 - 65 73 73 22 3e 3c 6d 65-74 68 6f 64 3e 7a 6c 69 ess">zli 0150 - 62 3c 2f 6d 65 74 68 6f-64 3e 3c 2f 63 6f 6d 70 bhttp://jabb 0180 - 65 72 2e 6f 72 67 2f 66-65 61 74 75 72 65 73 2f er.org/features/ 0190 - 69 71 2d 61 75 74 68 22-2f 3e 3c 2f 73 74 72 65 iq-auth"/> --- no peer certificate available --- No client certificate CA names sent --- SSL handshake has read 620 bytes and written 124 bytes --- New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE --- The "no peer certificate available" is incorrect, it appears because s_client doesn't correctly recognise the response from the remote server. The problem comes from the hard-coded string that s_client is looking for during communication with the remote server here: https://github.com/openssl/openssl/blob/OpenSSL_1_0_1-stable/apps/s_client.c#L1461 - the utility expects only a single-quoted string, while the standard also allows the use of double quotes. There is a bug report and a series of patches for various XMPP-related bugs submitted in OpenSSL RT bugtracker https://rt.openssl.org/Ticket/Display.html?id=2860&user=guest&pass=guest (and more specifically for this problem - https://rt.openssl.org/Ticket/Display.html?id=2860#txn-34620). This issue has been fixed in the upstream Git repository in the master branch (https://github.com/openssl/openssl/blob/fbf08b79ff33110c242849e836aeb494bc03a132/apps/s_client.c#L1620). Please consider including these patches. Also please update the man page for s_client, it is for a previous version of the utility and doesn't mention STARTTLS XMPP support at all. ProblemType: Bug DistroRelease: Ubuntu 14.04 Package: openssl 1.0.1f-1ubuntu2.8 ProcVersionSignature: Ubuntu 3.13.0-45.74-generic 3.13.11-ckt13 Uname: Linux 3.13.0-45-generic x86_64 NonfreeKernelModules: wl ApportVersion: 2.14.1-0ubuntu3.6 Architecture: amd64 CurrentDesktop: Unity Date: Tue Feb 10 21:59:30 2015 InstallationDate: Installed on 2014-07-07 (218 days ago) InstallationMedia: Ubuntu 14.04 LTS "Trusty Tahr" - Release amd64 (20140417) SourcePackage: openssl UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/openssl/+bug/1420608/+subscriptions -- Mailing list: https://launchpad.net/~touch-packa
[Touch-packages] [Bug 1420608] Re: s_client doesn't recognise XMPP STARTTLS messages with double quotes
** Changed in: openssl Status: New => Fix Released -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/1420608 Title: s_client doesn't recognise XMPP STARTTLS messages with double quotes Status in OpenSSL: Fix Released Status in openssl package in Ubuntu: Confirmed Bug description: OpenSSL s_client does not recognise the XML produced by some Jabber servers (eg. OpenFire). The parameter values use double (") instead of single quotes (') and s_client is too conservative in its string- parsing routine. To demonstrate the problem I used one of the public XMPP servers running OpenFire 3.9.3: openssl s_client -connect jabber.rootbash.com:5222 -starttls xmpp -debug CONNECTED(0003) write to 0x1124c10 [0x7fffdf2d49c0] (124 bytes => 124 (0x7C)) - 3c 73 74 72 65 61 6d 3a-73 74 72 65 61 6d 20 78 read from 0x1124c10 [0x1118800] (8192 bytes => 192 (0xC0)) - 3c 3f 78 6d 6c 20 76 65-72 73 69 6f 6e 3d 27 31 http://etherx 0050 - 2e 6a 61 62 62 65 72 2e-6f 72 67 2f 73 74 72 65 .jabber.org/stre 0060 - 61 6d 73 22 20 78 6d 6c-6e 73 3d 22 6a 61 62 62 ams" xmlns="jabb 0070 - 65 72 3a 63 6c 69 65 6e-74 22 20 66 72 6f 6d 3d er:client" from= 0080 - 22 6a 61 62 62 65 72 2e-72 6f 6f 74 62 61 73 68 "jabber.rootbash 0090 - 2e 63 6f 6d 22 20 69 64-3d 22 61 39 64 33 30 61 .com" id="a9d30a 00a0 - 34 32 22 20 78 6d 6c 3a-6c 61 6e 67 3d 22 65 6e 42" xml:lang="en 00b0 - 22 20 76 65 72 73 69 6f-6e 3d 22 31 2e 30 22 3e " version="1.0"> read from 0x1124c10 [0x1118800] (8192 bytes => 428 (0x1AC)) - 3c 73 74 72 65 61 6d 3a-66 65 61 74 75 72 65 73 DI 0090 - 47 45 53 54 2d 4d 44 35-3c 2f 6d 65 63 68 61 6e GEST-MD5P 00b0 - 4c 41 49 4e 3c 2f 6d 65-63 68 61 6e 69 73 6d 3e LAIN 00c0 - 3c 6d 65 63 68 61 6e 69-73 6d 3e 41 4e 4f 4e 59 ANONY 00d0 - 4d 4f 55 53 3c 2f 6d 65-63 68 61 6e 69 73 6d 3e MOUS 00e0 - 3c 6d 65 63 68 61 6e 69-73 6d 3e 43 52 41 4d 2d CRAM- 00f0 - 4d 44 35 3c 2f 6d 65 63-68 61 6e 69 73 6d 3e 3c MD5< 0100 - 2f 6d 65 63 68 61 6e 69-73 6d 73 3e 3c 63 6f 6d /mechanisms>http://jabber.or 0130 - 67 2f 66 65 61 74 75 72-65 73 2f 63 6f 6d 70 72 g/features/compr 0140 - 65 73 73 22 3e 3c 6d 65-74 68 6f 64 3e 7a 6c 69 ess">zli 0150 - 62 3c 2f 6d 65 74 68 6f-64 3e 3c 2f 63 6f 6d 70 bhttp://jabb 0180 - 65 72 2e 6f 72 67 2f 66-65 61 74 75 72 65 73 2f er.org/features/ 0190 - 69 71 2d 61 75 74 68 22-2f 3e 3c 2f 73 74 72 65 iq-auth"/> --- no peer certificate available --- No client certificate CA names sent --- SSL handshake has read 620 bytes and written 124 bytes --- New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE --- The "no peer certificate available" is incorrect, it appears because s_client doesn't correctly recognise the response from the remote server. The problem comes from the hard-coded string that s_client is looking for during communication with the remote server here: https://github.com/openssl/openssl/blob/OpenSSL_1_0_1-stable/apps/s_client.c#L1461 - the utility expects only a single-quoted string, while the standard also allows the use of double quotes. There is a bug report and a series of patches for various XMPP-related bugs submitted in OpenSSL RT bugtracker https://rt.openssl.org/Ticket/Display.html?id=2860&user=guest&pass=guest (and more specifically for this problem - https://rt.openssl.org/Ticket/Display.html?id=2860#txn-34620). This issue has been fixed in the upstream Git repository in the master branch (https://github.com/openssl/openssl/blob/fbf08b79ff33110c242849e836aeb494bc03a132/apps/s_client.c#L1620). Please consider including these patches. Also please update the man page for s_client, it is for a previous version of the utility and doesn't mention STARTTLS XMPP support at all. ProblemType: Bug DistroRelease: Ubuntu 14.04 Package: openssl 1.0.1f-1ubuntu2.8 ProcVersionSignature: Ubuntu 3.13.0-45.74-generic 3.13.11-ckt13 Uname: Linux 3.13.0-45-generic x86_64 NonfreeKernelModules: wl ApportVersion: 2.14.1-0ubuntu3.6 Architecture: amd64 CurrentDesktop: Unity Date: Tue Feb 10 21:59:30 2015 InstallationDate: Installed on 2014-07-07 (218 days ago) InstallationMedia: Ubuntu 14.04 LTS "Trusty Tahr" - Release amd64 (20140417) SourcePackage: openssl UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/openssl/+bug/1420608/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1420608] Re: s_client doesn't recognise XMPP STARTTLS messages with double quotes
** Changed in: openssl (Ubuntu) Importance: Undecided => Medium -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/1420608 Title: s_client doesn't recognise XMPP STARTTLS messages with double quotes Status in OpenSSL cryptography and SSL/TLS toolkit: New Status in openssl package in Ubuntu: Confirmed Bug description: OpenSSL s_client does not recognise the XML produced by some Jabber servers (eg. OpenFire). The parameter values use double (") instead of single quotes (') and s_client is too conservative in its string- parsing routine. To demonstrate the problem I used one of the public XMPP servers running OpenFire 3.9.3: openssl s_client -connect jabber.rootbash.com:5222 -starttls xmpp -debug CONNECTED(0003) write to 0x1124c10 [0x7fffdf2d49c0] (124 bytes => 124 (0x7C)) - 3c 73 74 72 65 61 6d 3a-73 74 72 65 61 6d 20 78 read from 0x1124c10 [0x1118800] (8192 bytes => 192 (0xC0)) - 3c 3f 78 6d 6c 20 76 65-72 73 69 6f 6e 3d 27 31 http://etherx 0050 - 2e 6a 61 62 62 65 72 2e-6f 72 67 2f 73 74 72 65 .jabber.org/stre 0060 - 61 6d 73 22 20 78 6d 6c-6e 73 3d 22 6a 61 62 62 ams" xmlns="jabb 0070 - 65 72 3a 63 6c 69 65 6e-74 22 20 66 72 6f 6d 3d er:client" from= 0080 - 22 6a 61 62 62 65 72 2e-72 6f 6f 74 62 61 73 68 "jabber.rootbash 0090 - 2e 63 6f 6d 22 20 69 64-3d 22 61 39 64 33 30 61 .com" id="a9d30a 00a0 - 34 32 22 20 78 6d 6c 3a-6c 61 6e 67 3d 22 65 6e 42" xml:lang="en 00b0 - 22 20 76 65 72 73 69 6f-6e 3d 22 31 2e 30 22 3e " version="1.0"> read from 0x1124c10 [0x1118800] (8192 bytes => 428 (0x1AC)) - 3c 73 74 72 65 61 6d 3a-66 65 61 74 75 72 65 73 DI 0090 - 47 45 53 54 2d 4d 44 35-3c 2f 6d 65 63 68 61 6e GEST-MD5P 00b0 - 4c 41 49 4e 3c 2f 6d 65-63 68 61 6e 69 73 6d 3e LAIN 00c0 - 3c 6d 65 63 68 61 6e 69-73 6d 3e 41 4e 4f 4e 59 ANONY 00d0 - 4d 4f 55 53 3c 2f 6d 65-63 68 61 6e 69 73 6d 3e MOUS 00e0 - 3c 6d 65 63 68 61 6e 69-73 6d 3e 43 52 41 4d 2d CRAM- 00f0 - 4d 44 35 3c 2f 6d 65 63-68 61 6e 69 73 6d 3e 3c MD5< 0100 - 2f 6d 65 63 68 61 6e 69-73 6d 73 3e 3c 63 6f 6d /mechanisms>http://jabber.or 0130 - 67 2f 66 65 61 74 75 72-65 73 2f 63 6f 6d 70 72 g/features/compr 0140 - 65 73 73 22 3e 3c 6d 65-74 68 6f 64 3e 7a 6c 69 ess">zli 0150 - 62 3c 2f 6d 65 74 68 6f-64 3e 3c 2f 63 6f 6d 70 bhttp://jabb 0180 - 65 72 2e 6f 72 67 2f 66-65 61 74 75 72 65 73 2f er.org/features/ 0190 - 69 71 2d 61 75 74 68 22-2f 3e 3c 2f 73 74 72 65 iq-auth"/> --- no peer certificate available --- No client certificate CA names sent --- SSL handshake has read 620 bytes and written 124 bytes --- New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE --- The "no peer certificate available" is incorrect, it appears because s_client doesn't correctly recognise the response from the remote server. The problem comes from the hard-coded string that s_client is looking for during communication with the remote server here: https://github.com/openssl/openssl/blob/OpenSSL_1_0_1-stable/apps/s_client.c#L1461 - the utility expects only a single-quoted string, while the standard also allows the use of double quotes. There is a bug report and a series of patches for various XMPP-related bugs submitted in OpenSSL RT bugtracker https://rt.openssl.org/Ticket/Display.html?id=2860&user=guest&pass=guest (and more specifically for this problem - https://rt.openssl.org/Ticket/Display.html?id=2860#txn-34620). This issue has been fixed in the upstream Git repository in the master branch (https://github.com/openssl/openssl/blob/fbf08b79ff33110c242849e836aeb494bc03a132/apps/s_client.c#L1620). Please consider including these patches. Also please update the man page for s_client, it is for a previous version of the utility and doesn't mention STARTTLS XMPP support at all. ProblemType: Bug DistroRelease: Ubuntu 14.04 Package: openssl 1.0.1f-1ubuntu2.8 ProcVersionSignature: Ubuntu 3.13.0-45.74-generic 3.13.11-ckt13 Uname: Linux 3.13.0-45-generic x86_64 NonfreeKernelModules: wl ApportVersion: 2.14.1-0ubuntu3.6 Architecture: amd64 CurrentDesktop: Unity Date: Tue Feb 10 21:59:30 2015 InstallationDate: Installed on 2014-07-07 (218 days ago) InstallationMedia: Ubuntu 14.04 LTS "Trusty Tahr" - Release amd64 (20140417) SourcePackage: openssl UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/openssl/+bug/1420608/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1420608] Re: s_client doesn't recognise XMPP STARTTLS messages with double quotes
** Tags added: vivid -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/1420608 Title: s_client doesn't recognise XMPP STARTTLS messages with double quotes Status in OpenSSL cryptography and SSL/TLS toolkit: New Status in openssl package in Ubuntu: Confirmed Bug description: OpenSSL s_client does not recognise the XML produced by some Jabber servers (eg. OpenFire). The parameter values use double (") instead of single quotes (') and s_client is too conservative in its string- parsing routine. To demonstrate the problem I used one of the public XMPP servers running OpenFire 3.9.3: openssl s_client -connect jabber.rootbash.com:5222 -starttls xmpp -debug CONNECTED(0003) write to 0x1124c10 [0x7fffdf2d49c0] (124 bytes => 124 (0x7C)) - 3c 73 74 72 65 61 6d 3a-73 74 72 65 61 6d 20 78 read from 0x1124c10 [0x1118800] (8192 bytes => 192 (0xC0)) - 3c 3f 78 6d 6c 20 76 65-72 73 69 6f 6e 3d 27 31 http://etherx 0050 - 2e 6a 61 62 62 65 72 2e-6f 72 67 2f 73 74 72 65 .jabber.org/stre 0060 - 61 6d 73 22 20 78 6d 6c-6e 73 3d 22 6a 61 62 62 ams" xmlns="jabb 0070 - 65 72 3a 63 6c 69 65 6e-74 22 20 66 72 6f 6d 3d er:client" from= 0080 - 22 6a 61 62 62 65 72 2e-72 6f 6f 74 62 61 73 68 "jabber.rootbash 0090 - 2e 63 6f 6d 22 20 69 64-3d 22 61 39 64 33 30 61 .com" id="a9d30a 00a0 - 34 32 22 20 78 6d 6c 3a-6c 61 6e 67 3d 22 65 6e 42" xml:lang="en 00b0 - 22 20 76 65 72 73 69 6f-6e 3d 22 31 2e 30 22 3e " version="1.0"> read from 0x1124c10 [0x1118800] (8192 bytes => 428 (0x1AC)) - 3c 73 74 72 65 61 6d 3a-66 65 61 74 75 72 65 73 DI 0090 - 47 45 53 54 2d 4d 44 35-3c 2f 6d 65 63 68 61 6e GEST-MD5P 00b0 - 4c 41 49 4e 3c 2f 6d 65-63 68 61 6e 69 73 6d 3e LAIN 00c0 - 3c 6d 65 63 68 61 6e 69-73 6d 3e 41 4e 4f 4e 59 ANONY 00d0 - 4d 4f 55 53 3c 2f 6d 65-63 68 61 6e 69 73 6d 3e MOUS 00e0 - 3c 6d 65 63 68 61 6e 69-73 6d 3e 43 52 41 4d 2d CRAM- 00f0 - 4d 44 35 3c 2f 6d 65 63-68 61 6e 69 73 6d 3e 3c MD5< 0100 - 2f 6d 65 63 68 61 6e 69-73 6d 73 3e 3c 63 6f 6d /mechanisms>http://jabber.or 0130 - 67 2f 66 65 61 74 75 72-65 73 2f 63 6f 6d 70 72 g/features/compr 0140 - 65 73 73 22 3e 3c 6d 65-74 68 6f 64 3e 7a 6c 69 ess">zli 0150 - 62 3c 2f 6d 65 74 68 6f-64 3e 3c 2f 63 6f 6d 70 bhttp://jabb 0180 - 65 72 2e 6f 72 67 2f 66-65 61 74 75 72 65 73 2f er.org/features/ 0190 - 69 71 2d 61 75 74 68 22-2f 3e 3c 2f 73 74 72 65 iq-auth"/> --- no peer certificate available --- No client certificate CA names sent --- SSL handshake has read 620 bytes and written 124 bytes --- New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE --- The "no peer certificate available" is incorrect, it appears because s_client doesn't correctly recognise the response from the remote server. The problem comes from the hard-coded string that s_client is looking for during communication with the remote server here: https://github.com/openssl/openssl/blob/OpenSSL_1_0_1-stable/apps/s_client.c#L1461 - the utility expects only a single-quoted string, while the standard also allows the use of double quotes. There is a bug report and a series of patches for various XMPP-related bugs submitted in OpenSSL RT bugtracker https://rt.openssl.org/Ticket/Display.html?id=2860&user=guest&pass=guest (and more specifically for this problem - https://rt.openssl.org/Ticket/Display.html?id=2860#txn-34620). This issue has been fixed in the upstream Git repository in the master branch (https://github.com/openssl/openssl/blob/fbf08b79ff33110c242849e836aeb494bc03a132/apps/s_client.c#L1620). Please consider including these patches. Also please update the man page for s_client, it is for a previous version of the utility and doesn't mention STARTTLS XMPP support at all. ProblemType: Bug DistroRelease: Ubuntu 14.04 Package: openssl 1.0.1f-1ubuntu2.8 ProcVersionSignature: Ubuntu 3.13.0-45.74-generic 3.13.11-ckt13 Uname: Linux 3.13.0-45-generic x86_64 NonfreeKernelModules: wl ApportVersion: 2.14.1-0ubuntu3.6 Architecture: amd64 CurrentDesktop: Unity Date: Tue Feb 10 21:59:30 2015 InstallationDate: Installed on 2014-07-07 (218 days ago) InstallationMedia: Ubuntu 14.04 LTS "Trusty Tahr" - Release amd64 (20140417) SourcePackage: openssl UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/openssl/+bug/1420608/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1420608] Re: s_client doesn't recognise XMPP STARTTLS messages with double quotes
Status changed to 'Confirmed' because the bug affects multiple users. ** Changed in: openssl (Ubuntu) Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/1420608 Title: s_client doesn't recognise XMPP STARTTLS messages with double quotes Status in OpenSSL cryptography and SSL/TLS toolkit: New Status in openssl package in Ubuntu: Confirmed Bug description: OpenSSL s_client does not recognise the XML produced by some Jabber servers (eg. OpenFire). The parameter values use double (") instead of single quotes (') and s_client is too conservative in its string- parsing routine. To demonstrate the problem I used one of the public XMPP servers running OpenFire 3.9.3: openssl s_client -connect jabber.rootbash.com:5222 -starttls xmpp -debug CONNECTED(0003) write to 0x1124c10 [0x7fffdf2d49c0] (124 bytes => 124 (0x7C)) - 3c 73 74 72 65 61 6d 3a-73 74 72 65 61 6d 20 78 read from 0x1124c10 [0x1118800] (8192 bytes => 192 (0xC0)) - 3c 3f 78 6d 6c 20 76 65-72 73 69 6f 6e 3d 27 31 http://etherx 0050 - 2e 6a 61 62 62 65 72 2e-6f 72 67 2f 73 74 72 65 .jabber.org/stre 0060 - 61 6d 73 22 20 78 6d 6c-6e 73 3d 22 6a 61 62 62 ams" xmlns="jabb 0070 - 65 72 3a 63 6c 69 65 6e-74 22 20 66 72 6f 6d 3d er:client" from= 0080 - 22 6a 61 62 62 65 72 2e-72 6f 6f 74 62 61 73 68 "jabber.rootbash 0090 - 2e 63 6f 6d 22 20 69 64-3d 22 61 39 64 33 30 61 .com" id="a9d30a 00a0 - 34 32 22 20 78 6d 6c 3a-6c 61 6e 67 3d 22 65 6e 42" xml:lang="en 00b0 - 22 20 76 65 72 73 69 6f-6e 3d 22 31 2e 30 22 3e " version="1.0"> read from 0x1124c10 [0x1118800] (8192 bytes => 428 (0x1AC)) - 3c 73 74 72 65 61 6d 3a-66 65 61 74 75 72 65 73 DI 0090 - 47 45 53 54 2d 4d 44 35-3c 2f 6d 65 63 68 61 6e GEST-MD5P 00b0 - 4c 41 49 4e 3c 2f 6d 65-63 68 61 6e 69 73 6d 3e LAIN 00c0 - 3c 6d 65 63 68 61 6e 69-73 6d 3e 41 4e 4f 4e 59 ANONY 00d0 - 4d 4f 55 53 3c 2f 6d 65-63 68 61 6e 69 73 6d 3e MOUS 00e0 - 3c 6d 65 63 68 61 6e 69-73 6d 3e 43 52 41 4d 2d CRAM- 00f0 - 4d 44 35 3c 2f 6d 65 63-68 61 6e 69 73 6d 3e 3c MD5< 0100 - 2f 6d 65 63 68 61 6e 69-73 6d 73 3e 3c 63 6f 6d /mechanisms>http://jabber.or 0130 - 67 2f 66 65 61 74 75 72-65 73 2f 63 6f 6d 70 72 g/features/compr 0140 - 65 73 73 22 3e 3c 6d 65-74 68 6f 64 3e 7a 6c 69 ess">zli 0150 - 62 3c 2f 6d 65 74 68 6f-64 3e 3c 2f 63 6f 6d 70 bhttp://jabb 0180 - 65 72 2e 6f 72 67 2f 66-65 61 74 75 72 65 73 2f er.org/features/ 0190 - 69 71 2d 61 75 74 68 22-2f 3e 3c 2f 73 74 72 65 iq-auth"/> --- no peer certificate available --- No client certificate CA names sent --- SSL handshake has read 620 bytes and written 124 bytes --- New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE --- The "no peer certificate available" is incorrect, it appears because s_client doesn't correctly recognise the response from the remote server. The problem comes from the hard-coded string that s_client is looking for during communication with the remote server here: https://github.com/openssl/openssl/blob/OpenSSL_1_0_1-stable/apps/s_client.c#L1461 - the utility expects only a single-quoted string, while the standard also allows the use of double quotes. There is a bug report and a series of patches for various XMPP-related bugs submitted in OpenSSL RT bugtracker https://rt.openssl.org/Ticket/Display.html?id=2860&user=guest&pass=guest (and more specifically for this problem - https://rt.openssl.org/Ticket/Display.html?id=2860#txn-34620). This issue has been fixed in the upstream Git repository in the master branch (https://github.com/openssl/openssl/blob/fbf08b79ff33110c242849e836aeb494bc03a132/apps/s_client.c#L1620). Please consider including these patches. Also please update the man page for s_client, it is for a previous version of the utility and doesn't mention STARTTLS XMPP support at all. ProblemType: Bug DistroRelease: Ubuntu 14.04 Package: openssl 1.0.1f-1ubuntu2.8 ProcVersionSignature: Ubuntu 3.13.0-45.74-generic 3.13.11-ckt13 Uname: Linux 3.13.0-45-generic x86_64 NonfreeKernelModules: wl ApportVersion: 2.14.1-0ubuntu3.6 Architecture: amd64 CurrentDesktop: Unity Date: Tue Feb 10 21:59:30 2015 InstallationDate: Installed on 2014-07-07 (218 days ago) InstallationMedia: Ubuntu 14.04 LTS "Trusty Tahr" - Release amd64 (20140417) SourcePackage: openssl UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/openssl/+bug/1420608/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHel
[Touch-packages] [Bug 1420608] Re: s_client doesn't recognise XMPP STARTTLS messages with double quotes
** Changed in: openssl Status: Unknown => New -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/1420608 Title: s_client doesn't recognise XMPP STARTTLS messages with double quotes Status in OpenSSL cryptography and SSL/TLS toolkit: New Status in openssl package in Ubuntu: New Bug description: OpenSSL s_client does not recognise the XML produced by some Jabber servers (eg. OpenFire). The parameter values use double (") instead of single quotes (') and s_client is too conservative in its string- parsing routine. To demonstrate the problem I used one of the public XMPP servers running OpenFire 3.9.3: openssl s_client -connect jabber.rootbash.com:5222 -starttls xmpp -debug CONNECTED(0003) write to 0x1124c10 [0x7fffdf2d49c0] (124 bytes => 124 (0x7C)) - 3c 73 74 72 65 61 6d 3a-73 74 72 65 61 6d 20 78 read from 0x1124c10 [0x1118800] (8192 bytes => 192 (0xC0)) - 3c 3f 78 6d 6c 20 76 65-72 73 69 6f 6e 3d 27 31 http://etherx 0050 - 2e 6a 61 62 62 65 72 2e-6f 72 67 2f 73 74 72 65 .jabber.org/stre 0060 - 61 6d 73 22 20 78 6d 6c-6e 73 3d 22 6a 61 62 62 ams" xmlns="jabb 0070 - 65 72 3a 63 6c 69 65 6e-74 22 20 66 72 6f 6d 3d er:client" from= 0080 - 22 6a 61 62 62 65 72 2e-72 6f 6f 74 62 61 73 68 "jabber.rootbash 0090 - 2e 63 6f 6d 22 20 69 64-3d 22 61 39 64 33 30 61 .com" id="a9d30a 00a0 - 34 32 22 20 78 6d 6c 3a-6c 61 6e 67 3d 22 65 6e 42" xml:lang="en 00b0 - 22 20 76 65 72 73 69 6f-6e 3d 22 31 2e 30 22 3e " version="1.0"> read from 0x1124c10 [0x1118800] (8192 bytes => 428 (0x1AC)) - 3c 73 74 72 65 61 6d 3a-66 65 61 74 75 72 65 73 DI 0090 - 47 45 53 54 2d 4d 44 35-3c 2f 6d 65 63 68 61 6e GEST-MD5P 00b0 - 4c 41 49 4e 3c 2f 6d 65-63 68 61 6e 69 73 6d 3e LAIN 00c0 - 3c 6d 65 63 68 61 6e 69-73 6d 3e 41 4e 4f 4e 59 ANONY 00d0 - 4d 4f 55 53 3c 2f 6d 65-63 68 61 6e 69 73 6d 3e MOUS 00e0 - 3c 6d 65 63 68 61 6e 69-73 6d 3e 43 52 41 4d 2d CRAM- 00f0 - 4d 44 35 3c 2f 6d 65 63-68 61 6e 69 73 6d 3e 3c MD5< 0100 - 2f 6d 65 63 68 61 6e 69-73 6d 73 3e 3c 63 6f 6d /mechanisms>http://jabber.or 0130 - 67 2f 66 65 61 74 75 72-65 73 2f 63 6f 6d 70 72 g/features/compr 0140 - 65 73 73 22 3e 3c 6d 65-74 68 6f 64 3e 7a 6c 69 ess">zli 0150 - 62 3c 2f 6d 65 74 68 6f-64 3e 3c 2f 63 6f 6d 70 bhttp://jabb 0180 - 65 72 2e 6f 72 67 2f 66-65 61 74 75 72 65 73 2f er.org/features/ 0190 - 69 71 2d 61 75 74 68 22-2f 3e 3c 2f 73 74 72 65 iq-auth"/> --- no peer certificate available --- No client certificate CA names sent --- SSL handshake has read 620 bytes and written 124 bytes --- New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE --- The "no peer certificate available" is incorrect, it appears because s_client doesn't correctly recognise the response from the remote server. The problem comes from the hard-coded string that s_client is looking for during communication with the remote server here: https://github.com/openssl/openssl/blob/OpenSSL_1_0_1-stable/apps/s_client.c#L1461 - the utility expects only a single-quoted string, while the standard also allows the use of double quotes. There is a bug report and a series of patches for various XMPP-related bugs submitted in OpenSSL RT bugtracker https://rt.openssl.org/Ticket/Display.html?id=2860&user=guest&pass=guest (and more specifically for this problem - https://rt.openssl.org/Ticket/Display.html?id=2860#txn-34620). This issue has been fixed in the upstream Git repository in the master branch (https://github.com/openssl/openssl/blob/fbf08b79ff33110c242849e836aeb494bc03a132/apps/s_client.c#L1620). Please consider including these patches. Also please update the man page for s_client, it is for a previous version of the utility and doesn't mention STARTTLS XMPP support at all. ProblemType: Bug DistroRelease: Ubuntu 14.04 Package: openssl 1.0.1f-1ubuntu2.8 ProcVersionSignature: Ubuntu 3.13.0-45.74-generic 3.13.11-ckt13 Uname: Linux 3.13.0-45-generic x86_64 NonfreeKernelModules: wl ApportVersion: 2.14.1-0ubuntu3.6 Architecture: amd64 CurrentDesktop: Unity Date: Tue Feb 10 21:59:30 2015 InstallationDate: Installed on 2014-07-07 (218 days ago) InstallationMedia: Ubuntu 14.04 LTS "Trusty Tahr" - Release amd64 (20140417) SourcePackage: openssl UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/openssl/+bug/1420608/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1420608] Re: s_client doesn't recognise XMPP STARTTLS messages with double quotes
** Bug watch added: OpenSSL RT #2860 http://rt.openssl.org/Ticket/Display.html?id=2860 ** Also affects: openssl via http://rt.openssl.org/Ticket/Display.html?id=2860 Importance: Unknown Status: Unknown -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/1420608 Title: s_client doesn't recognise XMPP STARTTLS messages with double quotes Status in OpenSSL cryptography and SSL/TLS toolkit: Unknown Status in openssl package in Ubuntu: New Bug description: OpenSSL s_client does not recognise the XML produced by some Jabber servers (eg. OpenFire). The parameter values use double (") instead of single quotes (') and s_client is too conservative in its string- parsing routine. To demonstrate the problem I used one of the public XMPP servers running OpenFire 3.9.3: openssl s_client -connect jabber.rootbash.com:5222 -starttls xmpp -debug CONNECTED(0003) write to 0x1124c10 [0x7fffdf2d49c0] (124 bytes => 124 (0x7C)) - 3c 73 74 72 65 61 6d 3a-73 74 72 65 61 6d 20 78 read from 0x1124c10 [0x1118800] (8192 bytes => 192 (0xC0)) - 3c 3f 78 6d 6c 20 76 65-72 73 69 6f 6e 3d 27 31 http://etherx 0050 - 2e 6a 61 62 62 65 72 2e-6f 72 67 2f 73 74 72 65 .jabber.org/stre 0060 - 61 6d 73 22 20 78 6d 6c-6e 73 3d 22 6a 61 62 62 ams" xmlns="jabb 0070 - 65 72 3a 63 6c 69 65 6e-74 22 20 66 72 6f 6d 3d er:client" from= 0080 - 22 6a 61 62 62 65 72 2e-72 6f 6f 74 62 61 73 68 "jabber.rootbash 0090 - 2e 63 6f 6d 22 20 69 64-3d 22 61 39 64 33 30 61 .com" id="a9d30a 00a0 - 34 32 22 20 78 6d 6c 3a-6c 61 6e 67 3d 22 65 6e 42" xml:lang="en 00b0 - 22 20 76 65 72 73 69 6f-6e 3d 22 31 2e 30 22 3e " version="1.0"> read from 0x1124c10 [0x1118800] (8192 bytes => 428 (0x1AC)) - 3c 73 74 72 65 61 6d 3a-66 65 61 74 75 72 65 73 DI 0090 - 47 45 53 54 2d 4d 44 35-3c 2f 6d 65 63 68 61 6e GEST-MD5P 00b0 - 4c 41 49 4e 3c 2f 6d 65-63 68 61 6e 69 73 6d 3e LAIN 00c0 - 3c 6d 65 63 68 61 6e 69-73 6d 3e 41 4e 4f 4e 59 ANONY 00d0 - 4d 4f 55 53 3c 2f 6d 65-63 68 61 6e 69 73 6d 3e MOUS 00e0 - 3c 6d 65 63 68 61 6e 69-73 6d 3e 43 52 41 4d 2d CRAM- 00f0 - 4d 44 35 3c 2f 6d 65 63-68 61 6e 69 73 6d 3e 3c MD5< 0100 - 2f 6d 65 63 68 61 6e 69-73 6d 73 3e 3c 63 6f 6d /mechanisms>http://jabber.or 0130 - 67 2f 66 65 61 74 75 72-65 73 2f 63 6f 6d 70 72 g/features/compr 0140 - 65 73 73 22 3e 3c 6d 65-74 68 6f 64 3e 7a 6c 69 ess">zli 0150 - 62 3c 2f 6d 65 74 68 6f-64 3e 3c 2f 63 6f 6d 70 bhttp://jabb 0180 - 65 72 2e 6f 72 67 2f 66-65 61 74 75 72 65 73 2f er.org/features/ 0190 - 69 71 2d 61 75 74 68 22-2f 3e 3c 2f 73 74 72 65 iq-auth"/> --- no peer certificate available --- No client certificate CA names sent --- SSL handshake has read 620 bytes and written 124 bytes --- New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE --- The "no peer certificate available" is incorrect, it appears because s_client doesn't correctly recognise the response from the remote server. The problem comes from the hard-coded string that s_client is looking for during communication with the remote server here: https://github.com/openssl/openssl/blob/OpenSSL_1_0_1-stable/apps/s_client.c#L1461 - the utility expects only a single-quoted string, while the standard also allows the use of double quotes. There is a bug report and a series of patches for various XMPP-related bugs submitted in OpenSSL RT bugtracker https://rt.openssl.org/Ticket/Display.html?id=2860&user=guest&pass=guest (and more specifically for this problem - https://rt.openssl.org/Ticket/Display.html?id=2860#txn-34620). This issue has been fixed in the upstream Git repository in the master branch (https://github.com/openssl/openssl/blob/fbf08b79ff33110c242849e836aeb494bc03a132/apps/s_client.c#L1620). Please consider including these patches. Also please update the man page for s_client, it is for a previous version of the utility and doesn't mention STARTTLS XMPP support at all. ProblemType: Bug DistroRelease: Ubuntu 14.04 Package: openssl 1.0.1f-1ubuntu2.8 ProcVersionSignature: Ubuntu 3.13.0-45.74-generic 3.13.11-ckt13 Uname: Linux 3.13.0-45-generic x86_64 NonfreeKernelModules: wl ApportVersion: 2.14.1-0ubuntu3.6 Architecture: amd64 CurrentDesktop: Unity Date: Tue Feb 10 21:59:30 2015 InstallationDate: Installed on 2014-07-07 (218 days ago) InstallationMedia: Ubuntu 14.04 LTS "Trusty Tahr" - Release amd64 (20140417) SourcePackage: openssl UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/openssl/+bug/1420608/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : http
[Touch-packages] [Bug 1420608] Re: s_client doesn't recognise XMPP STARTTLS messages with double quotes
There is a similar bug report open in Red Hat's BugZilla - https://bugzilla.redhat.com/show_bug.cgi?id=608239 and it has been fixed in the openssl package included in Fedora Core 16 and CentOS since openssl-1.0.1e-23.el7.src.rpm - https://git.centos.org/blob/rpms!openssl.git/a5ef24ffb32f05cda7549bde8c2565250342fa4f/SOURCES!openssl-1.0 .0d-xmpp-starttls.patch;jsessionid=14o35zzbs7w0suuc6ufvezi4n. The patches in OpenSSL RT deal with https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/654493 as well. ** Bug watch added: Red Hat Bugzilla #608239 https://bugzilla.redhat.com/show_bug.cgi?id=608239 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/1420608 Title: s_client doesn't recognise XMPP STARTTLS messages with double quotes Status in openssl package in Ubuntu: New Bug description: OpenSSL s_client does not recognise the XML produced by some Jabber servers (eg. OpenFire). The parameter values use double (") instead of single quotes (') and s_client is too conservative in its string- parsing routine. To demonstrate the problem I used one of the public XMPP servers running OpenFire 3.9.3: openssl s_client -connect jabber.rootbash.com:5222 -starttls xmpp -debug CONNECTED(0003) write to 0x1124c10 [0x7fffdf2d49c0] (124 bytes => 124 (0x7C)) - 3c 73 74 72 65 61 6d 3a-73 74 72 65 61 6d 20 78 read from 0x1124c10 [0x1118800] (8192 bytes => 192 (0xC0)) - 3c 3f 78 6d 6c 20 76 65-72 73 69 6f 6e 3d 27 31 http://etherx 0050 - 2e 6a 61 62 62 65 72 2e-6f 72 67 2f 73 74 72 65 .jabber.org/stre 0060 - 61 6d 73 22 20 78 6d 6c-6e 73 3d 22 6a 61 62 62 ams" xmlns="jabb 0070 - 65 72 3a 63 6c 69 65 6e-74 22 20 66 72 6f 6d 3d er:client" from= 0080 - 22 6a 61 62 62 65 72 2e-72 6f 6f 74 62 61 73 68 "jabber.rootbash 0090 - 2e 63 6f 6d 22 20 69 64-3d 22 61 39 64 33 30 61 .com" id="a9d30a 00a0 - 34 32 22 20 78 6d 6c 3a-6c 61 6e 67 3d 22 65 6e 42" xml:lang="en 00b0 - 22 20 76 65 72 73 69 6f-6e 3d 22 31 2e 30 22 3e " version="1.0"> read from 0x1124c10 [0x1118800] (8192 bytes => 428 (0x1AC)) - 3c 73 74 72 65 61 6d 3a-66 65 61 74 75 72 65 73 DI 0090 - 47 45 53 54 2d 4d 44 35-3c 2f 6d 65 63 68 61 6e GEST-MD5P 00b0 - 4c 41 49 4e 3c 2f 6d 65-63 68 61 6e 69 73 6d 3e LAIN 00c0 - 3c 6d 65 63 68 61 6e 69-73 6d 3e 41 4e 4f 4e 59 ANONY 00d0 - 4d 4f 55 53 3c 2f 6d 65-63 68 61 6e 69 73 6d 3e MOUS 00e0 - 3c 6d 65 63 68 61 6e 69-73 6d 3e 43 52 41 4d 2d CRAM- 00f0 - 4d 44 35 3c 2f 6d 65 63-68 61 6e 69 73 6d 3e 3c MD5< 0100 - 2f 6d 65 63 68 61 6e 69-73 6d 73 3e 3c 63 6f 6d /mechanisms>http://jabber.or 0130 - 67 2f 66 65 61 74 75 72-65 73 2f 63 6f 6d 70 72 g/features/compr 0140 - 65 73 73 22 3e 3c 6d 65-74 68 6f 64 3e 7a 6c 69 ess">zli 0150 - 62 3c 2f 6d 65 74 68 6f-64 3e 3c 2f 63 6f 6d 70 bhttp://jabb 0180 - 65 72 2e 6f 72 67 2f 66-65 61 74 75 72 65 73 2f er.org/features/ 0190 - 69 71 2d 61 75 74 68 22-2f 3e 3c 2f 73 74 72 65 iq-auth"/> --- no peer certificate available --- No client certificate CA names sent --- SSL handshake has read 620 bytes and written 124 bytes --- New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE --- The "no peer certificate available" is incorrect, it appears because s_client doesn't correctly recognise the response from the remote server. The problem comes from the hard-coded string that s_client is looking for during communication with the remote server here: https://github.com/openssl/openssl/blob/OpenSSL_1_0_1-stable/apps/s_client.c#L1461 - the utility expects only a single-quoted string, while the standard also allows the use of double quotes. There is a bug report and a series of patches for various XMPP-related bugs submitted in OpenSSL RT bugtracker https://rt.openssl.org/Ticket/Display.html?id=2860&user=guest&pass=guest (and more specifically for this problem - https://rt.openssl.org/Ticket/Display.html?id=2860#txn-34620). This issue has been fixed in the upstream Git repository in the master branch (https://github.com/openssl/openssl/blob/fbf08b79ff33110c242849e836aeb494bc03a132/apps/s_client.c#L1620). Please consider including these patches. Also please update the man page for s_client, it is for a previous version of the utility and doesn't mention STARTTLS XMPP support at all. ProblemType: Bug DistroRelease: Ubuntu 14.04 Package: openssl 1.0.1f-1ubuntu2.8 ProcVersionSignature: Ubuntu 3.13.0-45.74-generic 3.13.11-ckt13 Uname: Linux 3.13.0-45-generic x86_64 NonfreeKernelModules: wl ApportVersion: 2.14.1-0ubuntu3.6 Architecture: amd64 CurrentDesktop: Unity Date: Tue Feb 10 21:59:30 2015 InstallationDate: Installed on 2014-07-07 (218 days ago) InstallationMedia: Ubuntu 14.04 LTS "Trusty Tahr" - Release amd64 (2