XSF logo XMPP Service Operators - 2017-02-20


  1. odin has left
  2. odin has joined
  3. odin has left
  4. odin has joined
  5. odin has left
  6. odin has joined
  7. odin has left
  8. odin has joined
  9. odin has left
  10. odin has joined
  11. alex has joined
  12. alex has joined
  13. odin has left
  14. odin has joined
  15. odin has left
  16. odin has joined
  17. odin has left
  18. odin has joined
  19. odin has left
  20. odin has joined
  21. odin has left
  22. odin has joined
  23. sss has joined
  24. alex has left
  25. odin has left
  26. odin has joined
  27. odin has left
  28. odin has joined
  29. odin has left
  30. odin has joined
  31. odin has left
  32. odin has joined
  33. odin has left
  34. odin has joined
  35. odin has left
  36. odin has joined
  37. odin has left
  38. odin has joined
  39. odin has left
  40. odin has joined
  41. odin has left
  42. odin has joined
  43. odin has left
  44. odin has joined
  45. odin has left
  46. odin has joined
  47. odin has left
  48. odin has joined
  49. odin has left
  50. odin has joined
  51. Zash has left
  52. mike has left
  53. odin has left
  54. odin has joined
  55. odin has left
  56. odin has joined
  57. odin has left
  58. odin has joined
  59. odin has left
  60. odin has joined
  61. odin has left
  62. odin has joined
  63. odin has left
  64. odin has joined
  65. odin has left
  66. odin has joined
  67. odin has left
  68. odin has joined
  69. odin has left
  70. odin has joined
  71. odin has left
  72. odin has joined
  73. odin has left
  74. odin has joined
  75. odin has left
  76. odin has joined
  77. odin has left
  78. odin has joined
  79. odin has left
  80. odin has joined
  81. odin has left
  82. odin has joined
  83. odin has left
  84. odin has joined
  85. odin has left
  86. odin has joined
  87. odin has left
  88. odin has joined
  89. odin has left
  90. odin has joined
  91. odin has left
  92. odin has joined
  93. odin has left
  94. odin has joined
  95. odin has left
  96. odin has joined
  97. odin has left
  98. odin has joined
  99. odin has left
  100. odin has joined
  101. odin has left
  102. odin has joined
  103. odin has left
  104. odin has joined
  105. odin has left
  106. odin has joined
  107. odin has left
  108. odin has joined
  109. odin has left
  110. odin has joined
  111. odin has left
  112. odin has joined
  113. odin has left
  114. odin has joined
  115. odin has left
  116. odin has joined
  117. odin has left
  118. odin has joined
  119. odin has left
  120. odin has joined
  121. odin has left
  122. odin has joined
  123. jere has left
  124. mike has left
  125. odin has left
  126. odin has joined
  127. odin has left
  128. odin has joined
  129. odin has left
  130. odin has joined
  131. odin has left
  132. odin has joined
  133. odin has left
  134. odin has joined
  135. odin has left
  136. odin has joined
  137. odin has left
  138. odin has joined
  139. odin has left
  140. odin has joined
  141. odin has left
  142. odin has joined
  143. odin has left
  144. odin has joined
  145. odin has left
  146. odin has joined
  147. odin has left
  148. odin has joined
  149. odin has left
  150. odin has joined
  151. odin has left
  152. odin has joined
  153. odin has left
  154. odin has joined
  155. odin has left
  156. odin has joined
  157. odin has left
  158. odin has joined
  159. odin has left
  160. odin has joined
  161. odin has left
  162. odin has joined
  163. jww has joined
  164. odin has left
  165. odin has joined
  166. odin has left
  167. odin has joined
  168. sss has left
  169. ileh has joined
  170. jww has joined
  171. odin has left
  172. odin has joined
  173. odin has left
  174. odin has joined
  175. odin has left
  176. odin has joined
  177. odin has left
  178. odin has joined
  179. odin has left
  180. odin has joined
  181. odin has left
  182. odin has joined
  183. odin has left
  184. odin has joined
  185. odin has left
  186. odin has joined
  187. odin has left
  188. odin has joined
  189. odin has left
  190. odin has joined
  191. odin has left
  192. odin has joined
  193. odin has left
  194. jww has joined
  195. alexs has joined
  196. alexs has left
  197. alexs has joined
  198. sezuan has left
  199. Yonnji has joined
  200. 0xAFFE has left
  201. 0xAFFE has joined
  202. jcbrand has joined
  203. Valerian has joined
  204. mike has left
  205. alex has joined
  206. ivucica has joined
  207. alex has left
  208. alex has joined
  209. Sonny has left
  210. Sonny has left
  211. jcbrand has left
  212. admin has joined
  213. admin has left
  214. ivucica has left
  215. alex has joined
  216. Sonny has left
  217. jcbrand has joined
  218. Zash has joined
  219. alex has joined
  220. mimi89999 has joined
  221. Valerian has left
  222. mimi89999 has joined
  223. mimi89999 has joined
  224. ivucica has left
  225. Holger has left
  226. 0xAFFE has left
  227. jcbrand has left
  228. ThibG has left
  229. ThibG has left
  230. ThibG has joined
  231. jere has joined
  232. ivucica has joined
  233. jere has left
  234. jere has joined
  235. Valerian has joined
  236. jcbrand has joined
  237. mimi89999 has left
  238. mimi89999 has joined
  239. Sonny has left
  240. ivucica has left
  241. alex has left
  242. alex has joined
  243. Sonny has left
  244. Sonny has left
  245. Zash has left
  246. Zash has left
  247. Zash has joined
  248. Sonny has left
  249. alex has joined
  250. ivucica has left
  251. alex has joined
  252. alex has left
  253. SouL has joined
  254. SouL has joined
  255. alex has left
  256. SouL has joined
  257. SouL has joined
  258. SouL has joined
  259. SouL has joined
  260. alex has left
  261. Valerian has left
  262. alex has left
  263. Valerian has joined
  264. ivucica has left
  265. alex has left
  266. alex has joined
  267. jcbrand has left
  268. jcbrand has left
  269. alexs has left
  270. ivucica has joined
  271. jere has joined
  272. Neustradamus has left
  273. SouL has joined
  274. Valerian has left
  275. Valerian has joined
  276. mimi89999 has left
  277. mimi89999 has left
  278. alexs has joined
  279. alex has left
  280. Yonnji has left
  281. Yonnji has joined
  282. alex has left
  283. sezuan has left
  284. Valerian has left
  285. ThibG has joined
  286. ThibG has joined
  287. alex has left
  288. alex has left
  289. jere has joined
  290. mimi89999 has left
  291. tribut has left
  292. tribut has joined
  293. ivucica has joined
  294. alex has left
  295. 0xAFFE has left
  296. stpeter has joined
  297. jww has joined
  298. ileh has left
  299. ileh has joined
  300. alex has left
  301. alex has left
  302. Sonny has left
  303. ThibG has joined
  304. alex has left
  305. jcbrand has left
  306. jww has joined
  307. alex has left
  308. ivucica has joined
  309. alex has left
  310. alex has left
  311. Holger has left
  312. alex has left
  313. alex has left
  314. alex has joined
  315. alex has left
  316. jww has joined
  317. ivucica has joined
  318. mimi89999 has left
  319. Neustradamus has joined
  320. Zash has joined
  321. ivucica has joined
  322. ivucica has joined
  323. jww has joined
  324. Zash has joined
  325. ThibG hm, it seems the failure from the other day is related to my _xmpp-server._tcp SRV entry, which points to a different sub-domain
  326. ThibG but this is the point of a SRV entry, and I fail to see how it could be a problem
  327. stpeter hm
  328. stpeter your SRV entry seems fine
  329. ThibG I changed it
  330. stpeter aha
  331. ThibG I'll change it back
  332. stpeter $ dig +short -t SRV _xmpp-server._tcp.sitedethib.com 10 0 5269 sitedethib.com.
  333. ThibG I'm testing things
  334. stpeter that's what I see
  335. stpeter yeah
  336. ThibG it was pointing to warp.sitedethib.com.
  337. ThibG which is the same machine
  338. stpeter nods
  339. stpeter compare to the jabber.org SRV: $ dig +short -t SRV _xmpp-server._tcp.jabber.org 31 30 5269 hermes2v6.jabber.org. 30 30 5269 hermes2.jabber.org.
  340. ThibG my guess so far is that xmpp.net uses warp.sitedethib.com to check the certificate
  341. ThibG which is obviously wrong
  342. stpeter bbiaf, time for lunch here
  343. Zash ThibG: The SRV target is not used for certificate validation.
  344. ThibG I have no idea what the issue is, then
  345. ThibG sitedethib.com and warp.sitedethib.com happen to have the same A RRs
  346. Zash Except
  347. Zash https://q.zash.se/269bfe745c2f.txt there's no response
  348. ThibG wait. what
  349. ThibG it resolves just fine here
  350. ThibG oh sorry
  351. ThibG I made a mistake when changing back the RRs
  352. ThibG should be better now
  353. Zash If the bare domain and the default port works then you don't strictly need SRV records at all
  354. ThibG sure
  355. ThibG it was just in case I switch to having different machines for my services
  356. ThibG (which was actually the case some time ago)
  357. ThibG I could get rid of the SRV RRs, but still, I don't understand what's going on
  358. info-screen has joined
  359. stpeter ThibG: I notice when typing `telnet warp.sitedethib.com 5269` that IPv6 was attempted first, but timed out. However, I'm pretty sure that the xmpp.net code has a fallback to IPv4 if IPv6 times out.
  360. ThibG hm
  361. info-screen has left
  362. ThibG unfortunately, I only have my server with IPv6 connectivity, and it obviously connects just fine to itself
  363. ThibG sitedethib.com has the same IPv6 address too
  364. ileh has left
  365. ThibG anyway, I guess it doesn't fail at TCP level, but at TLS level, as it successfuly displays my server's version
  366. Link Mauve stpeter, from here it works.
  367. Link Mauve Maybe some pairing issue?
  368. Link Mauve From both my home server (in Paris) and my company’s servers (in the UK).
  369. stpeter Yeah it could be an ISP issue for me.
  370. ivucica has joined
  371. ThibG huh, should have changed the RRs' TTL beforehand…
  372. stpeter Let me check from the machine where xmpp.net is running. ;-)
  373. ThibG stpeter, thanks!
  374. stpeter connected to IPv6 very quickly
  375. stpeter both with and without `warp.`
  376. stpeter so that's not the issue
  377. ThibG my only bet is that it somehow checks the certificate against warp.sitedethib.com instead of sitedethib.com
  378. stpeter No, the XMPP specs have always been clear on the fact that you don't check against the SRV pointer.
  379. ThibG yeah, that's what I understand too, but I have no idea why xmpp.net kept failing with my SRV pointing to warp.sitedethib.com, and works now that it is pointing to sitedethib.com
  380. stpeter In fact, Thijs and I (proprietors of xmpp.net) co-wrote the RFC on TLS checking in XMPP. ;-) https://datatracker.ietf.org/doc/rfc7590/
  381. ThibG (should be pointing back to warp.sitedethib.com, now, but alas the TTL is huge)
  382. stpeter let me see if I can find any logs on the machine that will provide some more information
  383. Zash ThibG: I believe it fetches the server version through jabber.org, not by itself.
  384. Zash So, it being able to display that has no relation to its ability to connect to your server
  385. stpeter Zash: really? that doesn't sound familiar
  386. ThibG Zash, oh, ok, I think I did see an incoming s2s connection from jabber.org at that time
  387. Zash stpeter: My memory says that it at least does a ping via a jabber.org account first
  388. stpeter Zash: OK I will check the code for that, too
  389. stpeter huh yeah imobservatory@jabber.org
  390. stpeter I'd forgotten about that, I guess.
  391. stpeter so now I log into the jabber.org machine and see what the logs there have to say in the matter :-)
  392. ThibG thanks!
  393. stpeter I see things like this: TLS conn IP=2001:910:1369:ffff::1 version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 secret-bits=256 processed-bits=256 compression="(None)" preliminary certificate verification failed
  394. stpeter the last one of those was 40 minutes ago
  395. ThibG hm, last failed xmpp.net test should be much older
  396. ThibG I can retry a test, but I guess my working SRV RRs will still be in cache
  397. ThibG nope, it's ok, the test is running against warp.sitedethib.com now
  398. ivucica has joined
  399. stpeter ThibG: this was on jabber.org, not xmpp.net
  400. Zash stpeter: I don't see any explicit IPv6 support, so what exactly it connects with depends on the LuaSocket version.
  401. stpeter Zash: aha, interesting
  402. ThibG https://xmpp.net/result.php?domain=sitedethib.com&type=server fails again
  403. stpeter sigh
  404. Zash This thing where network libraries never do nice things like handle dualstack for you, such disappoint.
  405. Yonnji has left
  406. ThibG well
  407. ThibG https://xmpp.net/result.php?domain=jabber.org&type=server
  408. stpeter https://xmpp.net/result.php?domain=sitedethib.com&type=client is fine, though (other than that whole certificate thing).
  409. ThibG still uses the old SRV
  410. ThibG (sitedethib.com instead of warp.sitedethib.com)
  411. ThibG re-running it, it fails the same way
  412. stpeter TTLs?
  413. stpeter ah
  414. stpeter right
  415. stpeter ok
  416. stpeter both perseus (xmpp.net machine) and hermes2 (jabber.org machine) show warp in the SRV results
  417. ThibG I guess I could regenerate a certificate with an additionnal warp.sitedethib.com subjectAltName to test my theory…
  418. Zash ThibG: How is the certificate going to affect it not being able to connect *at all*, or what problem is it you are trying to debug?
  419. ThibG Zash, I have no idea what the problem is
  420. Zash Then how do you even know that there is a problem?
  421. ThibG it should be able to connect regardless of whether the SRV is warp.sitedethib.com or sitedethib.com
  422. ThibG when the SRV points to warp, it fails to connect, when it points to sitedethib.com, it doens't
  423. ThibG but those have the same A/AAAA
  424. Zash Based on " Error: Connection failed. " happening with the IPv6 only jabber.org SRV target, and my knowledge that the XMPP library it uses does not support IPv6, I'm going to theorize that the problem is missing IPv6 support.
  425. ThibG still, both warp.sitedethib.com and sitedethib.com have the same AAAA RR
  426. jww has joined
  427. stpeter nods to Zash
  428. stpeter I need to go heads-down on a task, bbiab.
  429. ThibG let me try something else
  430. Zash I'm guessing it ends up relying on the OS-es DNS lookup, which I've noticed sometimes returns an error code that becomes a fatal error
  431. ThibG ok
  432. ThibG I'll add yet another sub-domain with only A RRs and make the SRV point to it, then
  433. ThibG ah, I did not see the jabber.org test eventually succeeding
  434. stpeter ThibG: yeah the tests can take quite a while - there is a lot to check and the script needs to back off sometimes so that it doesn't get disconnected for too many attempts (etc.)
  435. stpeter anyway bbiab :-)
  436. ThibG see you, and thanks for your help _o/
  437. ThibG I wonder if I should split the SRVs into two sub-domains, one with only A RRs, then
  438. Zash Shouldn't be required
  439. ThibG or just accept that xmpp.net may not be able to connect to my server :/
  440. Zash W: connect() to warp2.sitedethib.com.:5222 failed: Operation already in progress
  441. Zash That error
  442. ThibG It's the subdomain I just added to try with only A RRs
  443. Zash I mean, that's likely the real error it gets when it says "Error: Connection failed"
  444. Zash I don't really know why, but it seems to happen sometimes when there's more than one IP address associated with a name.
  445. ThibG hm… I've tried a bunch of times, though, and it *always* failed
  446. ThibG oh ok
  447. Zash EALREADY The socket is nonblocking and a previous connection attempt has not yet been completed.
  448. ThibG luasocket bug?
  449. Zash I don't know.
  450. ThibG ok, well, thanks anyway
  451. ThibG at least I now know it's TCP-IP related and not cert-related as I initially thought
  452. Zash Low-level socket fiddlery isn't my area of expertise.
  453. Zash https://github.com/diegonehab/luasocket/issues/99
  454. edhelas has left
  455. ThibG ok, that's it, thanks!
  456. ThibG I'll just drop the DNS round-robin thing, it's a hack with little value
  457. Sonny has left
  458. ThibG has left
  459. Zash has left
  460. ThibG has left
  461. ThibG has left
  462. odin has joined
  463. edhelas has joined
  464. ivucica has left
  465. sezuan has left
  466. ThibG has left
  467. jww has joined
  468. ivucica has left
  469. ivucica has joined
  470. odin has left
  471. odin has joined
  472. ThibG has left
  473. odin has left
  474. odin has joined
  475. odin has left
  476. Zash has joined
  477. mike has joined