XMPP Service Operators - 2017-02-20

  1. odin has left

  2. odin has joined

  3. odin has left

  4. odin has joined

  5. odin has left

  6. odin has joined

  7. odin has left

  8. odin has joined

  9. odin has left

  10. odin has joined

  11. alex has joined

  12. alex has joined

  13. odin has left

  14. odin has joined

  15. odin has left

  16. odin has joined

  17. odin has left

  18. odin has joined

  19. odin has left

  20. odin has joined

  21. odin has left

  22. odin has joined

  23. sss has joined

  24. alex has left

  25. odin has left

  26. odin has joined

  27. odin has left

  28. odin has joined

  29. odin has left

  30. odin has joined

  31. odin has left

  32. odin has joined

  33. odin has left

  34. odin has joined

  35. odin has left

  36. odin has joined

  37. odin has left

  38. odin has joined

  39. odin has left

  40. odin has joined

  41. odin has left

  42. odin has joined

  43. odin has left

  44. odin has joined

  45. odin has left

  46. odin has joined

  47. odin has left

  48. odin has joined

  49. odin has left

  50. odin has joined

  51. Zash has left

  52. mike has left

  53. odin has left

  54. odin has joined

  55. odin has left

  56. odin has joined

  57. odin has left

  58. odin has joined

  59. odin has left

  60. odin has joined

  61. odin has left

  62. odin has joined

  63. odin has left

  64. odin has joined

  65. odin has left

  66. odin has joined

  67. odin has left

  68. odin has joined

  69. odin has left

  70. odin has joined

  71. odin has left

  72. odin has joined

  73. odin has left

  74. odin has joined

  75. odin has left

  76. odin has joined

  77. odin has left

  78. odin has joined

  79. odin has left

  80. odin has joined

  81. odin has left

  82. odin has joined

  83. odin has left

  84. odin has joined

  85. odin has left

  86. odin has joined

  87. odin has left

  88. odin has joined

  89. odin has left

  90. odin has joined

  91. odin has left

  92. odin has joined

  93. odin has left

  94. odin has joined

  95. odin has left

  96. odin has joined

  97. odin has left

  98. odin has joined

  99. odin has left

  100. odin has joined

  101. odin has left

  102. odin has joined

  103. odin has left

  104. odin has joined

  105. odin has left

  106. odin has joined

  107. odin has left

  108. odin has joined

  109. odin has left

  110. odin has joined

  111. odin has left

  112. odin has joined

  113. odin has left

  114. odin has joined

  115. odin has left

  116. odin has joined

  117. odin has left

  118. odin has joined

  119. odin has left

  120. odin has joined

  121. odin has left

  122. odin has joined

  123. jere has left

  124. mike has left

  125. odin has left

  126. odin has joined

  127. odin has left

  128. odin has joined

  129. odin has left

  130. odin has joined

  131. odin has left

  132. odin has joined

  133. odin has left

  134. odin has joined

  135. odin has left

  136. odin has joined

  137. odin has left

  138. odin has joined

  139. odin has left

  140. odin has joined

  141. odin has left

  142. odin has joined

  143. odin has left

  144. odin has joined

  145. odin has left

  146. odin has joined

  147. odin has left

  148. odin has joined

  149. odin has left

  150. odin has joined

  151. odin has left

  152. odin has joined

  153. odin has left

  154. odin has joined

  155. odin has left

  156. odin has joined

  157. odin has left

  158. odin has joined

  159. odin has left

  160. odin has joined

  161. odin has left

  162. odin has joined

  163. jww has joined

  164. odin has left

  165. odin has joined

  166. odin has left

  167. odin has joined

  168. sss has left

  169. ileh has joined

  170. jww has joined

  171. odin has left

  172. odin has joined

  173. odin has left

  174. odin has joined

  175. odin has left

  176. odin has joined

  177. odin has left

  178. odin has joined

  179. odin has left

  180. odin has joined

  181. odin has left

  182. odin has joined

  183. odin has left

  184. odin has joined

  185. odin has left

  186. odin has joined

  187. odin has left

  188. odin has joined

  189. odin has left

  190. odin has joined

  191. odin has left

  192. odin has joined

  193. odin has left

  194. jww has joined

  195. alexs has joined

  196. alexs has left

  197. alexs has joined

  198. sezuan has left

  199. Yonnji has joined

  200. 0xAFFE has left

  201. 0xAFFE has joined

  202. jcbrand has joined

  203. Valerian has joined

  204. mike has left

  205. alex has joined

  206. ivucica has joined

  207. alex has left

  208. alex has joined

  209. Sonny has left

  210. Sonny has left

  211. jcbrand has left

  212. admin has joined

  213. admin has left

  214. ivucica has left

  215. alex has joined

  216. Sonny has left

  217. jcbrand has joined

  218. Zash has joined

  219. alex has joined

  220. mimi89999 has joined

  221. Valerian has left

  222. mimi89999 has joined

  223. mimi89999 has joined

  224. ivucica has left

  225. Holger has left

  226. 0xAFFE has left

  227. jcbrand has left

  228. ThibG has left

  229. ThibG has left

  230. ThibG has joined

  231. jere has joined

  232. ivucica has joined

  233. jere has left

  234. jere has joined

  235. Valerian has joined

  236. jcbrand has joined

  237. mimi89999 has left

  238. mimi89999 has joined

  239. Sonny has left

  240. ivucica has left

  241. alex has left

  242. alex has joined

  243. Sonny has left

  244. Sonny has left

  245. Zash has left

  246. Zash has left

  247. Zash has joined

  248. Sonny has left

  249. alex has joined

  250. ivucica has left

  251. alex has joined

  252. alex has left

  253. SouL has joined

  254. SouL has joined

  255. alex has left

  256. SouL has joined

  257. SouL has joined

  258. SouL has joined

  259. SouL has joined

  260. alex has left

  261. Valerian has left

  262. alex has left

  263. Valerian has joined

  264. ivucica has left

  265. alex has left

  266. alex has joined

  267. jcbrand has left

  268. jcbrand has left

  269. alexs has left

  270. ivucica has joined

  271. jere has joined

  272. Neustradamus has left

  273. SouL has joined

  274. Valerian has left

  275. Valerian has joined

  276. mimi89999 has left

  277. mimi89999 has left

  278. alexs has joined

  279. alex has left

  280. Yonnji has left

  281. Yonnji has joined

  282. alex has left

  283. sezuan has left

  284. Valerian has left

  285. ThibG has joined

  286. ThibG has joined

  287. alex has left

  288. alex has left

  289. jere has joined

  290. mimi89999 has left

  291. tribut has left

  292. tribut has joined

  293. ivucica has joined

  294. alex has left

  295. 0xAFFE has left

  296. stpeter has joined

  297. jww has joined

  298. ileh has left

  299. ileh has joined

  300. alex has left

  301. alex has left

  302. Sonny has left

  303. ThibG has joined

  304. alex has left

  305. jcbrand has left

  306. jww has joined

  307. alex has left

  308. ivucica has joined

  309. alex has left

  310. alex has left

  311. Holger has left

  312. alex has left

  313. alex has left

  314. alex has joined

  315. alex has left

  316. jww has joined

  317. ivucica has joined

  318. mimi89999 has left

  319. Neustradamus has joined

  320. Zash has joined

  321. ivucica has joined

  322. ivucica has joined

  323. jww has joined

  324. Zash has joined

  325. ThibG

    hm, it seems the failure from the other day is related to my _xmpp-server._tcp SRV entry, which points to a different sub-domain

  326. ThibG

    but this is the point of a SRV entry, and I fail to see how it could be a problem

  327. stpeter


  328. stpeter

    your SRV entry seems fine

  329. ThibG

    I changed it

  330. stpeter


  331. ThibG

    I'll change it back

  332. stpeter

    $ dig +short -t SRV _xmpp-server._tcp.sitedethib.com 10 0 5269 sitedethib.com.

  333. ThibG

    I'm testing things

  334. stpeter

    that's what I see

  335. stpeter


  336. ThibG

    it was pointing to warp.sitedethib.com.

  337. ThibG

    which is the same machine

  338. stpeter nods

  339. stpeter

    compare to the jabber.org SRV: $ dig +short -t SRV _xmpp-server._tcp.jabber.org 31 30 5269 hermes2v6.jabber.org. 30 30 5269 hermes2.jabber.org.

  340. ThibG

    my guess so far is that xmpp.net uses warp.sitedethib.com to check the certificate

  341. ThibG

    which is obviously wrong

  342. stpeter

    bbiaf, time for lunch here

  343. Zash

    ThibG: The SRV target is not used for certificate validation.

  344. ThibG

    I have no idea what the issue is, then

  345. ThibG

    sitedethib.com and warp.sitedethib.com happen to have the same A RRs

  346. Zash


  347. Zash

    https://q.zash.se/269bfe745c2f.txt there's no response

  348. ThibG

    wait. what

  349. ThibG

    it resolves just fine here

  350. ThibG

    oh sorry

  351. ThibG

    I made a mistake when changing back the RRs

  352. ThibG

    should be better now

  353. Zash

    If the bare domain and the default port works then you don't strictly need SRV records at all

  354. ThibG


  355. ThibG

    it was just in case I switch to having different machines for my services

  356. ThibG

    (which was actually the case some time ago)

  357. ThibG

    I could get rid of the SRV RRs, but still, I don't understand what's going on

  358. info-screen has joined

  359. stpeter

    ThibG: I notice when typing `telnet warp.sitedethib.com 5269` that IPv6 was attempted first, but timed out. However, I'm pretty sure that the xmpp.net code has a fallback to IPv4 if IPv6 times out.

  360. ThibG


  361. info-screen has left

  362. ThibG

    unfortunately, I only have my server with IPv6 connectivity, and it obviously connects just fine to itself

  363. ThibG

    sitedethib.com has the same IPv6 address too

  364. ileh has left

  365. ThibG

    anyway, I guess it doesn't fail at TCP level, but at TLS level, as it successfuly displays my server's version

  366. Link Mauve

    stpeter, from here it works.

  367. Link Mauve

    Maybe some pairing issue?

  368. Link Mauve

    From both my home server (in Paris) and my company’s servers (in the UK).

  369. stpeter

    Yeah it could be an ISP issue for me.

  370. ivucica has joined

  371. ThibG

    huh, should have changed the RRs' TTL beforehand…

  372. stpeter

    Let me check from the machine where xmpp.net is running. ;-)

  373. ThibG

    stpeter, thanks!

  374. stpeter

    connected to IPv6 very quickly

  375. stpeter

    both with and without `warp.`

  376. stpeter

    so that's not the issue

  377. ThibG

    my only bet is that it somehow checks the certificate against warp.sitedethib.com instead of sitedethib.com

  378. stpeter

    No, the XMPP specs have always been clear on the fact that you don't check against the SRV pointer.

  379. ThibG

    yeah, that's what I understand too, but I have no idea why xmpp.net kept failing with my SRV pointing to warp.sitedethib.com, and works now that it is pointing to sitedethib.com

  380. stpeter

    In fact, Thijs and I (proprietors of xmpp.net) co-wrote the RFC on TLS checking in XMPP. ;-) https://datatracker.ietf.org/doc/rfc7590/

  381. ThibG

    (should be pointing back to warp.sitedethib.com, now, but alas the TTL is huge)

  382. stpeter

    let me see if I can find any logs on the machine that will provide some more information

  383. Zash

    ThibG: I believe it fetches the server version through jabber.org, not by itself.

  384. Zash

    So, it being able to display that has no relation to its ability to connect to your server

  385. stpeter

    Zash: really? that doesn't sound familiar

  386. ThibG

    Zash, oh, ok, I think I did see an incoming s2s connection from jabber.org at that time

  387. Zash

    stpeter: My memory says that it at least does a ping via a jabber.org account first

  388. stpeter

    Zash: OK I will check the code for that, too

  389. stpeter

    huh yeah imobservatory@jabber.org

  390. stpeter

    I'd forgotten about that, I guess.

  391. stpeter

    so now I log into the jabber.org machine and see what the logs there have to say in the matter :-)

  392. ThibG


  393. stpeter

    I see things like this: TLS conn IP=2001:910:1369:ffff::1 version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 secret-bits=256 processed-bits=256 compression="(None)" preliminary certificate verification failed

  394. stpeter

    the last one of those was 40 minutes ago

  395. ThibG

    hm, last failed xmpp.net test should be much older

  396. ThibG

    I can retry a test, but I guess my working SRV RRs will still be in cache

  397. ThibG

    nope, it's ok, the test is running against warp.sitedethib.com now

  398. ivucica has joined

  399. stpeter

    ThibG: this was on jabber.org, not xmpp.net

  400. Zash

    stpeter: I don't see any explicit IPv6 support, so what exactly it connects with depends on the LuaSocket version.

  401. stpeter

    Zash: aha, interesting

  402. ThibG

    https://xmpp.net/result.php?domain=sitedethib.com&type=server fails again

  403. stpeter


  404. Zash

    This thing where network libraries never do nice things like handle dualstack for you, such disappoint.

  405. Yonnji has left

  406. ThibG


  407. ThibG


  408. stpeter

    https://xmpp.net/result.php?domain=sitedethib.com&type=client is fine, though (other than that whole certificate thing).

  409. ThibG

    still uses the old SRV

  410. ThibG

    (sitedethib.com instead of warp.sitedethib.com)

  411. ThibG

    re-running it, it fails the same way

  412. stpeter


  413. stpeter


  414. stpeter


  415. stpeter


  416. stpeter

    both perseus (xmpp.net machine) and hermes2 (jabber.org machine) show warp in the SRV results

  417. ThibG

    I guess I could regenerate a certificate with an additionnal warp.sitedethib.com subjectAltName to test my theory…

  418. Zash

    ThibG: How is the certificate going to affect it not being able to connect *at all*, or what problem is it you are trying to debug?

  419. ThibG

    Zash, I have no idea what the problem is

  420. Zash

    Then how do you even know that there is a problem?

  421. ThibG

    it should be able to connect regardless of whether the SRV is warp.sitedethib.com or sitedethib.com

  422. ThibG

    when the SRV points to warp, it fails to connect, when it points to sitedethib.com, it doens't

  423. ThibG

    but those have the same A/AAAA

  424. Zash

    Based on " Error: Connection failed. " happening with the IPv6 only jabber.org SRV target, and my knowledge that the XMPP library it uses does not support IPv6, I'm going to theorize that the problem is missing IPv6 support.

  425. ThibG

    still, both warp.sitedethib.com and sitedethib.com have the same AAAA RR

  426. jww has joined

  427. stpeter nods to Zash

  428. stpeter

    I need to go heads-down on a task, bbiab.

  429. ThibG

    let me try something else

  430. Zash

    I'm guessing it ends up relying on the OS-es DNS lookup, which I've noticed sometimes returns an error code that becomes a fatal error

  431. ThibG


  432. ThibG

    I'll add yet another sub-domain with only A RRs and make the SRV point to it, then

  433. ThibG

    ah, I did not see the jabber.org test eventually succeeding

  434. stpeter

    ThibG: yeah the tests can take quite a while - there is a lot to check and the script needs to back off sometimes so that it doesn't get disconnected for too many attempts (etc.)

  435. stpeter

    anyway bbiab :-)

  436. ThibG

    see you, and thanks for your help _o/

  437. ThibG

    I wonder if I should split the SRVs into two sub-domains, one with only A RRs, then

  438. Zash

    Shouldn't be required

  439. ThibG

    or just accept that xmpp.net may not be able to connect to my server :/

  440. Zash

    W: connect() to warp2.sitedethib.com.:5222 failed: Operation already in progress

  441. Zash

    That error

  442. ThibG

    It's the subdomain I just added to try with only A RRs

  443. Zash

    I mean, that's likely the real error it gets when it says "Error: Connection failed"

  444. Zash

    I don't really know why, but it seems to happen sometimes when there's more than one IP address associated with a name.

  445. ThibG

    hm… I've tried a bunch of times, though, and it *always* failed

  446. ThibG

    oh ok

  447. Zash

    EALREADY The socket is nonblocking and a previous connection attempt has not yet been completed.

  448. ThibG

    luasocket bug?

  449. Zash

    I don't know.

  450. ThibG

    ok, well, thanks anyway

  451. ThibG

    at least I now know it's TCP-IP related and not cert-related as I initially thought

  452. Zash

    Low-level socket fiddlery isn't my area of expertise.

  453. Zash


  454. edhelas has left

  455. ThibG

    ok, that's it, thanks!

  456. ThibG

    I'll just drop the DNS round-robin thing, it's a hack with little value

  457. Sonny has left

  458. ThibG has left

  459. Zash has left

  460. ThibG has left

  461. ThibG has left

  462. odin has joined

  463. edhelas has joined

  464. ivucica has left

  465. sezuan has left

  466. ThibG has left

  467. jww has joined

  468. ivucica has left

  469. ivucica has joined

  470. odin has left

  471. odin has joined

  472. ThibG has left

  473. odin has left

  474. odin has joined

  475. odin has left

  476. Zash has joined

  477. mike has joined