Date: Mon, 05 Jun 2017 20:55:19 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-ports-bugs@FreeBSD.org Subject: [Bug 219805] openssl s_client and xmpp Message-ID: <bug-219805-13@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D219805 Bug ID: 219805 Summary: openssl s_client and xmpp Product: Ports & Packages Version: Latest Hardware: Any OS: Any Status: New Severity: Affects Only Me Priority: --- Component: Individual Port(s) Assignee: freebsd-ports-bugs@FreeBSD.org Reporter: fbsd98816551@avksrv.org Hello! I tried t check SSL cert from XMPP server. Acording to documentaion command like=20 /usr/local/bin/openssl s_client -servername "xmpp.google.com" -connect "xmpp.google.com":"5222" -starttls "xmpp" will connect to XMPP server start TLS sessiona and return the SSL cert to STDOUT. But under FreeBSD I got the error instead CONNECTED(00000004) --- no peer certificate available --- No client certificate CA names sent --- SSL handshake has read 385 bytes and written 120 bytes --- New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE No ALPN negotiated When I tried run same command under Fedora, it returns expected cert. FreeBSD version from ports: /usr/local/bin/openssl version OpenSSL 1.0.2l 25 May 2017 and Fedora: OpenSSL 1.0.2k-fips 26 Jan 2017 If we check the SRPM from fedora package, we will see patch openssl-1.0.2a-xmpp-starttls.patch=20 --- openssl-1.0.2a/apps/s_client.c.starttls 2015-04-22 18:23:12.964387157 +0200 +++ openssl-1.0.2a/apps/s_client.c 2015-04-22 18:23:56.496414820 +0200 @@ -134,7 +134,8 @@ * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR * OTHERWISE. */ - +/* for strcasestr */ +#define _GNU_SOURCE #include <assert.h> #include <ctype.h> #include <stdio.h> @@ -1626,8 +1627,11 @@ int MAIN(int argc, char **argv) "xmlns=3D'jabber:client' to=3D'%s' version=3D'1.0'>", h= ost); seen =3D BIO_read(sbio, mbuf, BUFSIZZ); mbuf[seen] =3D 0; - while (!strstr - (mbuf, "<starttls xmlns=3D'urn:ietf:params:xml:ns:xmpp-tls'= ")) { + while (!strcasestr + (mbuf, "<starttls xmlns=3D'urn:ietf:params:xml:ns:xmpp-tls'= ") + && !strcasestr(mbuf, + "<starttls xmlns=3D\"urn:ietf:params:xml:ns:xmpp-tls\"")) + { if (strstr(mbuf, "/stream:features>")) goto shut; seen =3D BIO_read(sbio, mbuf, BUFSIZZ); --- and we can see same changes in 1.1 (not 1.0.X) open SSL tree in the GIT (5 years ago!) https://github.com/openssl/openssl/commit/4e48c77572a9a96a301e362a3646cd3cc= 7eca0f9 They simple added second check with extra " in the string fedora patch also added non case sens. test. Can we merge such simple patch to the ports tree ? --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-219805-13>