Tickets :: [#287] The login on a server with Debian Buster does not work

5.2.20

11/20/2019

Summary	The login on a server with Debian Buster does not work
Queue	gloox
Queue Version	1.0.22
Type	Bug
State	Unconfirmed
Priority	2. Medium
Owners	js (at) camaya (dot) net
Requester	stefan+xmpp (at) debxwoody (dot) de
Created	10/12/2019 (39 days ago)
Due
Updated	10/24/2019 (27 days ago)
Assigned
Resolved

10/24/2019 06:23:28 PM	stefan+xmpp (at) debxwoody (dot) de	Comment #5	Reply to this comment
Workaround: ./configure --with-gnutls=no

10/12/2019 07:25:57 PM	stefan+xmpp (at) debxwoody (dot) de	Comment #4	Reply to this comment
log: level: 0, area: 8, connection encryption active log: level: 0, area: 8, Sending xml string... SK GnuTLSBase::encrypt: <?xml version='1.0' ?><stream:stream to='debxwoody.de' xmlns='jabber:client' xmlns:stream='http://etherx.jabber.org/streams' xml:lang='en' version='1.0'> GnuTLSBase::encrypt - gnutls_record_send GnuTLSBase::encrypt done log: level: 0, area: 262144, <?xml version='1.0' ?><stream:stream to='debxwoody.de' xmlns='jabber:client' xmlns:stream='http://etherx.jabber.org/streams' xml:lang='en' version='1.0'> log: level: 0, area: 8, Sending xml string...done SK log: level: 2, area: 8, handleHandshakeResult() - Done GnuTLSBase::handshake() true done ConnectionTCPClient::recv Data: D6D700A0 ConnectionTCPClient::recv Data: ConnectionTCPClient::recv timeout = -1 dataAvailable ConnectionTCPClient::recv: 79 size Calling handleReceivedData() ClientBase::handleReceivedData ClientBase::handleReceivedData - decrypt GnuTLSBase::decrypt GnuTLSBase: gnutls_record_recv 17000 GnuTLSBase:decrypt() None data? -28 Fehler: Resource temporarily unavailable, try again.ConnectionTCPClient::recv Data: D6D6F170 ConnectionTCPClient::recv Data: ConnectionTCPClient::recv timeout = -1 dataAvailable ConnectionTCPClient::recv: 557 size Calling handleReceivedData() ClientBase::handleReceivedData ClientBase::handleReceivedData - decrypt GnuTLSBase::decrypt GnuTLSBase: gnutls_record_recv 17000 GnuTLSBase:decrypt() None data? -28 Fehler: Resource temporarily unavailable, try again.ConnectionTCPClient::recv Data: D6D7C640 ConnectionTCPClient::recv Data: ConnectionTCPClient::recv timeout = -1 I changed the implementation: ret = static_cast<int>( gnutls_record_recv( m_session, m_buf, m_bufsize ) ); if(ret == GNUTLS_E_AGAIN) { ret = static_cast<int>( gnutls_record_recv( m_session, m_buf, m_bufsize ) ); } I looks littel bit better: <challenge xmlns='urn:ietf:params:xml:ns:xmpp-sasl'>..... Processing SASL challenge ... GnuTLSBase: gnutls_record_recv 17000 log: level: 0, area: 8, ClientBase::handleDecryptedData ClientBase::parse Parser::streamEvent log: level: 0, area: 8, handleTag log: level: 0, area: 131072, <failure xmlns='urn:ietf:params:xml:ns:xmpp-sasl'><malformed-request/><text>Invalid channel binding value.</text></failure> log: level: 0, area: 4, handleNormalNode log: level: 0, area: 4, failure log: level: 2, area: 4, SASL authentication failed! log: level: 0, area: 8, Sending xml string... SK GnuTLSBase::encrypt: </stream:stream>

10/12/2019 06:51:30 PM	stefan+xmpp (at) debxwoody (dot) de	Comment #3	Reply to this comment
With which XMPP server software does this happen? prosody 0.11.2

10/12/2019 06:15:57 PM	Jakob Schröter	Comment #2	Reply to this comment
With which XMPP server software does this happen?

10/12/2019 05:16:42 AM	stefan+xmpp (at) debxwoody (dot) de	Comment #1 State ⇒ Unconfirmed Priority ⇒ 2. Medium Type ⇒ Bug Summary ⇒ The login on a server with Debian Buster does not work Queue ⇒ gloox	Reply to this comment
On a Debian stretch it is working, but not on Debian buster. I'm not sure, but maybe there are changes in the TLS Version or implementation. File: tlsgnutlsbase.cpp line 78 (int GnuTLSBase::decrypt( const std::string& data ) ) It seems on my env there is a return of GNUTLS_E_AGAIN, which is not handled correctly.