Problem with InializeSecurityContext
160 views
Skip to first unread message
Robert
Jun 11, 2014, 11:07:13 AM6/11/14
to libst...@googlegroups.com
I have successfully compiled libstrophe as a Windows DLL (using VS2008), but I have a problem with the TLS negotiation. In tls_start() (tls_schannel.c) the first call to InitializeSecurityContextA works, and all 45 bytes of the token get sent to the server. The server returns just 7 bytes (in one chunk). No further bytes are returned, and when InitializeSecurityContextA is next called, it returns SEC_E_INCOMPLETE_MESSAGE and libstrophe gives up. If it's any help, the seven bytes are (consistently):
0x15
0x03
0x01
0x00
0x02
0x02
0x28
The complete list of TLS-related debug messages is:
TLSS DEBUG QuerySecurityPackageInfo() success
TLSS DEBUG AcquireCredentialsHandle() success
conn DEBUG SENT: <starttls xmlns="urn:ietf:params:xml:ns:xmpp-tls"/>
xmpp DEBUG RECV: <proceed xmlns="urn:ietf:params:xml:ns:xmpp-tls"/>
xmpp DEBUG handle proceedtls called for proceed
xmpp DEBUG proceeding with TLS
TLSS DEBUG QuerySecurityPackageInfo() success
TLSS DEBUG AcquireCredentialsHandle() success
xmpp DEBUG Couldn't start TLS! error -2146893032
It appears the server sent 7 bytes and then closed the socket, but can anyone tell me why, please, and how to correct the problem? I can connect to the server using the same credentials using Pidgin, so they should work with libstrophe. I can't see anything wrong with the code in tls_start(), though I don't pretend to know what tokens are supposed to get passed back and forth.
I've tried a second XP PC with similar results, and I've tried disabling TLS, but then the server just tells me to use TLS and slams the door in my face :).
0x15
0x03
0x01
0x00
0x02
0x02
0x28
The complete list of TLS-related debug messages is:
TLSS DEBUG QuerySecurityPackageInfo() success
TLSS DEBUG AcquireCredentialsHandle() success
conn DEBUG SENT: <starttls xmlns="urn:ietf:params:xml:ns:xmpp-tls"/>
xmpp DEBUG RECV: <proceed xmlns="urn:ietf:params:xml:ns:xmpp-tls"/>
xmpp DEBUG handle proceedtls called for proceed
xmpp DEBUG proceeding with TLS
TLSS DEBUG QuerySecurityPackageInfo() success
TLSS DEBUG AcquireCredentialsHandle() success
xmpp DEBUG Couldn't start TLS! error -2146893032
It appears the server sent 7 bytes and then closed the socket, but can anyone tell me why, please, and how to correct the problem? I can connect to the server using the same credentials using Pidgin, so they should work with libstrophe. I can't see anything wrong with the code in tls_start(), though I don't pretend to know what tokens are supposed to get passed back and forth.
I've tried a second XP PC with similar results, and I've tried disabling TLS, but then the server just tells me to use TLS and slams the door in my face :).
Robert
Jun 12, 2014, 10:22:26 AM6/12/14
to libst...@googlegroups.com
I found I had the same problem on Windows 7. After seeing the comment "Win8.1 disables the support for RC4 in TLS by default, but AES does work ok" in the source code, I looked up the function AcquireCredentialsHandle() and decided it might be better to set scred.cSupportedAlgs to zero, so "Schannel uses the system defaults" (http://msdn.microsoft.com/en-us/library/windows/desktop/aa379810%28v=vs.85%29.aspx). The roster example provided with libstrophe is now proceeding much further, but failing somewhere else (a function I have yet to unearth is returning SEC_E_UNSUPPORTED_FUNCTION).
Robert
Jun 16, 2014, 6:30:19 AM6/16/14
to libst...@googlegroups.com
The function that was returning SEC_E_UNSUPPORTED_FUNCTION was DecryptMessage(), despite being called successfully twice before failing. SEC_E_UNSUPPORTED_FUNCTION is not a valid return value for DecryptMessage(), and I really have no idea why this call is not working properly. However, on the advice of someone on StackOverflow I switched to OpenSSL, and the resulting libstrophe DLL works with the roster example.
federico lanusse
Aug 24, 2014, 3:23:12 PM8/24/14
to libst...@googlegroups.com
I have the exact same problem. Still I'm unable to solve it even after switch to OpenSSL
Reply all
Reply to author
Forward
0 new messages