jdev - 2019-11-10


  1. lovetox

    hm i have a server that answers to my stream initiation with a whitespace

  2. lovetox

    do i have to ignore that, or can i expect a stream initiation in return

  3. zinid

    lovetox, what do you mean? just a single whitespace without the stream header?

  4. lovetox

    yes

  5. lovetox

    actually its a ejabberd, but its configured so the connection is proxied over nginx

  6. lovetox

    the user said he already asked in ejabberd support

  7. lovetox

    technically whitespaces between xml elements should not be a problem, its just weird that on calling recv() i get only a whitespace

  8. lovetox

    i dont know what happens then because at that point Gajim aborts, because in stream initiation it expects the streamheader on the first recv()

  9. lovetox

    looks like that

  10. lovetox

    https://paste.gajim.org/view/d68787ba

  11. flow

    lovetox, IIRC the RFC explicitly states that you need to expect whitespaces

  12. flow

    https://tools.ietf.org/html/rfc6120#section-11.7

  13. lovetox

    hm that says "between" xml elements

  14. lovetox

    could be argued that this does not count for the initial stream opening

  15. flow

    isn't it between elements

  16. flow

    because there is no preceeding element?

  17. lovetox

    yeah, its the response to my stream opening

  18. flow

    and it's the very first stream opening?

  19. lovetox

    yes

  20. lovetox

    see my paste

  21. Kev

    "Gajim aborts, because in stream initiation it expects the streamheader on the first recv()" That's certainly not valid, there's no guarantee that you'll receive the whole header at once.

  22. Kev

    Even without whitespace oddities.

  23. flow

    but anyhow I wouldn't be so pedantic in this case and simply take care of the whitespace

  24. lovetox

    yeah of course, its just weird, there is really no need to send only a whitespace

  25. flow

    and, as Kev correctly points out, you have to be able to reassemble the XML open tag (or later elements) from multiple recv calls

  26. flow

    yep, I am curious to hear the backstory behind that whitespace

  27. lovetox

    yeah thats no problem, if there is actually an open tag

  28. lovetox

    probably misconfigured stuff somewhere, but anyway i have to deal with it :/

  29. Kev

    Without checking the specs, I remember something about whitespace not being valid at the top level, but I might misremember.

  30. lovetox

    Kev, no should be valid at top level

  31. lovetox

    just not in tls and sasl negotiation

  32. Kev

    I'm certainly not in a position to argue with that :)

  33. lovetox

    i just read the section flow posted ^^

  34. Kev

    I missed that. It's still early :)

  35. Alex

    in the very old days some clients sent a whitespace after upgrade to tls, because some SSL libs were not upgrading to tls without a flush

  36. lovetox

    ok the backstory is a nginx that runs on 5222 and only support directls and expects SNI hostname set

  37. lovetox

    and if you connect plain there, it just sends you endless whitespace because it cant route the traffic to the xmpp server

  38. lovetox

    how needs srv set so a server only support directtls?

  39. lovetox

    only setting xmpps-client?

  40. Zash

    and _xmpp-client in srv 0 0 0 .

  41. Zash

    probably

  42. Alex

    the spec sais that xmpps is the preference

  43. Alex

    ``` STARTTLS MUST NOT be used over direct TLS connections. ```

  44. zinid

    lovetox, there is no way to support directtls only I guess, because a client will fallback to A address with starttls anyways

  45. lovetox

    hm just not answering on port 5222 is a start i guess

  46. lovetox

    only answer on 5223 which should be a direct tls port

  47. zinid

    yes, this will work as long as a client supports directtls and _xmpps-client records

  48. Alex

    yes, many clients still don't support them

  49. Alex

    let's force them to upgrade 😜

  50. lovetox

    obviously this is not a generic public open server

  51. Link Mauve

    zinid, you shouldn’t fallback if your SRV points to . like Zash said.

  52. zinid

    ah

  53. lovetox

    yeah Gajim also doesnt do a fallback

  54. lovetox

    only fallback is xmpps to xmpp

  55. lovetox

    and if no srv entrys are available whatsoever

  56. lovetox

    5223 to 5222