Issues Tigase Server via SASL PLAIN connection...
775 views
Skip to first unread message
Pete Parks
Feb 1, 2013, 1:40:08 PM2/1/13
to sleekxmpp-...@googlegroups.com
I've configured the following items in Sleekxmpp
These are the main settings. (FYI - I'm trying to establish a IBB exchange that's not ANOYMOUS)
1.) sleekxmpp.ClientXMPP.__init__(self, jid, password, sasl_mech='PLAIN')2.) xmpp.ssl_version=ssl.PROTOCOL_TLSv1
3.) xmpp.connect([local_server_address, port], reattempt=True, use_tls=False, use_ssl=False)
The logging has the following output:
DEBUG Loading event runner
DEBUG SEND (IMMED): <stream:stream to='xmpp.hpeprint.com' xmlns:stream='http://etherx.jabber.org/streams' xmlns='jabber:client' xml:lang='en' version='1.0'>
DEBUG RECV: <stream:stream version="1.0" from="xmpp.hpeprint.com" id="5a397f9f-6f8b-4192-bbcd-e617a7f7eb8e" xml:lang="en">
DEBUG RECV: <stream:features xmlns="http://etherx.jabber.org/streams"><starttls xmlns="urn:ietf:params:xml:ns:xmpp-tls" /><mechanisms xmlns="urn:ietf:params:xml:ns:xmpp-sasl"><mechanism>PLAIN</mechanism><mechanism>DIGEST-MD5</mechanism><mechanism>CRAM-MD5</mechanism><mechanism>ANONYMOUS</mechanism></mechanisms><auth xmlns="http://jabber.org/features/iq-auth" /></stream:features>
INFO SASL: PLAIN: PLAIN without encryption
ERROR No appropriate login method.
DEBUG SEND (IMMED): </stream:stream>
INFO Waiting for </stream:stream> from server
DEBUG End of stream recieved
The ERROR has no appropriate login method. Does this mean I have to provide the login method or does the library need some additional configuration?
Any help would be appreciated.
natha...@gmail.com
Feb 1, 2013, 1:44:45 PM2/1/13
to sleekxmpp-...@googlegroups.com
Pete,
The issue is that you're specifying "PLAIN" as the auth mech, but encryption isn't available, and SleekXMPP doesn't want to send your password in plain text without encryption by default. If you remove the sasl_mech='PLAIN' option, or you enable TLS on the server, then you'll be fine.
-Fritzy
--
You received this message because you are subscribed to the Google Groups "SleekXMPP Discussion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to sleekxmpp-discus...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
You received this message because you are subscribed to the Google Groups "SleekXMPP Discussion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to sleekxmpp-discus...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
Lance Stout
Feb 1, 2013, 1:44:53 PM2/1/13
to sleekxmpp-...@googlegroups.com
> 2.) xmpp.ssl_version=ssl.PROTOCOL_TLSv1
Here you're setting which version of TLS to use.
> 3.) xmpp.connect([local_server_address, port], reattempt=True, use_tls=False, use_ssl=False)
But here you're saying not to use TLS
> INFO SASL: PLAIN: PLAIN without encryption
> ERROR No appropriate login method.
For security reasons, we don't allow PLAIN without TLS.
> Any help would be appreciated.
If you do want TLS + PLAIN, then remove the usel_tls and use_ssl parameters from your connect call since the defaults will work fine.
If you are wanting PLAIN without TLS, then set:
xmpp['feature_mechanisms'].unencrypted_plain = True
-- Lance
Here you're setting which version of TLS to use.
> 3.) xmpp.connect([local_server_address, port], reattempt=True, use_tls=False, use_ssl=False)
> INFO SASL: PLAIN: PLAIN without encryption
> ERROR No appropriate login method.
> Any help would be appreciated.
If you are wanting PLAIN without TLS, then set:
xmpp['feature_mechanisms'].unencrypted_plain = True
-- Lance
Pete Parks
Feb 1, 2013, 2:02:19 PM2/1/13
to sleekxmpp-...@googlegroups.com
Lance this is my first post for coding ever so thank you very much for being so prompt, I make the following changes you recommended and got the following logging:
CODE:
=====================
xmpp.ssl_version=ssl.PROTOCOL_TLSv1 #!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!Tigase
#xmpp.ssl_version = ssl.PROTOCOL_SSLv23
#xmpp.ssl_version = ssl.PROTOCOL_SSLv3 #!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! Openfire
# If you want to verify the SSL certificates offered by a server:
xmpp.ca_certs = "/Users/pparks/Desktop/XMPP-Python-WIP/Python-XMPP-47-WIP/cacerts.jks"
xmpp['feature_mechanisms'].unencrypted_plain = True
if xmpp.connect([local_server_address, port]):
LOGGING:
======================
DEBUG Starting HANDLER THREAD
DEBUG Loading event runner
DEBUG SEND (IMMED): <stream:stream to='xmpp.hpeprint.com' xmlns:stream='http://etherx.jabber.org/streams' xmlns='jabber:client' xml:lang='en' version='1.0'>
DEBUG RECV: <stream:stream version="1.0" from="xmpp.hpeprint.com" id="51b1aa96-5250-474a-bbfd-0fb38e632b10" xml:lang="en">
DEBUG RECV: <stream:features xmlns="http://etherx.jabber.org/streams"><starttls xmlns="urn:ietf:params:xml:ns:xmpp-tls" /><mechanisms xmlns="urn:ietf:params:xml:ns:xmpp-sasl"><mechanism>PLAIN</mechanism><mechanism>DIGEST-MD5</mechanism><mechanism>CRAM-MD5</mechanism><mechanism>ANONYMOUS</mechanism></mechanisms><auth xmlns="http://jabber.org/features/iq-auth" /></stream:features>
DEBUG SEND (IMMED): <starttls xmlns="urn:ietf:params:xml:ns:xmpp-tls" />
DEBUG RECV: <proceed xmlns="urn:ietf:params:xml:ns:xmpp-tls" />
DEBUG Starting TLS
INFO Negotiating TLS
INFO Using SSL version: 3
ERROR Socket Error #0: _ssl.c:340: error:00000000:lib(0):func(0):reason(0)
DEBUG reconnecting...
DEBUG SEND (IMMED): </stream:stream>
INFO Waiting for </stream:stream> from server
DEBUG ==== TRANSITION connected -> disconnected
DEBUG connecting...
DEBUG Waiting 2.0666121961 seconds before connecting.
DEBUG No remaining DNS records to try.
DEBUG Waiting 4.00256704467 seconds before connecting.
DEBUG DNS: Querying tigasetest.vcd.hp.com for AAAA records.
DEBUG DNS: No AAAA records for tigasetest.vcd.hp.com
DEBUG DNS: Querying tigasetest.vcd.hp.com for A records.
DEBUG Connecting to 15.234.197.57:5222
DEBUG ==== TRANSITION disconnected -> connected
DEBUG SEND (IMMED): <stream:stream to='xmpp.hpeprint.com' xmlns:stream='http://etherx.jabber.org/streams' xmlns='jabber:client' xml:lang='en' version='1.0'>
DEBUG RECV: <stream:stream version="1.0" from="xmpp.hpeprint.com" id="437781fd-315f-457b-abed-1349d9e30eac" xml:lang="en">
DEBUG RECV: <stream:features xmlns="http://etherx.jabber.org/streams"><starttls xmlns="urn:ietf:params:xml:ns:xmpp-tls" /><mechanisms xmlns="urn:ietf:params:xml:ns:xmpp-sasl"><mechanism>PLAIN</mechanism><mechanism>DIGEST-MD5</mechanism><mechanism>CRAM-MD5</mechanism><mechanism>ANONYMOUS</mechanism></mechanisms><auth xmlns="http://jabber.org/features/iq-auth" /></stream:features>
DEBUG SEND (IMMED): <starttls xmlns="urn:ietf:params:xml:ns:xmpp-tls" />
DEBUG RECV: <proceed xmlns="urn:ietf:params:xml:ns:xmpp-tls" />
DEBUG Starting TLS
INFO Negotiating TLS
INFO Using SSL version: 3
ERROR Socket Error #0: _ssl.c:340: error:00000000:lib(0):func(0):reason(0)
DEBUG reconnecting...
Lance Stout
Feb 1, 2013, 2:04:55 PM2/1/13
to sleekxmpp-...@googlegroups.com
> xmpp.ca_certs = "/Users/pparks/Desktop/XMPP-Python-WIP/Python-XMPP-47-WIP/cacerts.jks"
Is there anything in this file? Python will produce some odd SSL errors if given a CA file with no certs.
- Lance
Is there anything in this file? Python will produce some odd SSL errors if given a CA file with no certs.
- Lance
Pete Parks
Feb 1, 2013, 2:14:19 PM2/1/13
to sleekxmpp-...@googlegroups.com
Yes it CA Cert file from the Tigase server, if I comment it out I get the following errors
DEBUG Connecting to XX.XXX.XXX.XX:5222
DEBUG ==== TRANSITION disconnected -> connected
DEBUG SEND (IMMED): <stream:stream to='xmpp.example.com' xmlns:stream='http://etherx.jabber.org/streams' xmlns='jabber:client' xml:lang='en' version='1.0'>
DEBUG RECV: <stream:stream version="1.0" from="xmpp.example.com" id="0af49427-3e2f-42ca-804c-b3616b0115ea" xml:lang="en">
DEBUG RECV: <stream:features xmlns="http://etherx.jabber.org/streams"><starttls xmlns="urn:ietf:params:xml:ns:xmpp-tls" /><mechanisms xmlns="urn:ietf:params:xml:ns:xmpp-sasl"><mechanism>PLAIN</mechanism><mechanism>DIGEST-MD5</mechanism><mechanism>CRAM-MD5</mechanism><mechanism>ANONYMOUS</mechanism></mechanisms><auth xmlns="http://jabber.org/features/iq-auth" /></stream:features>
DEBUG SEND (IMMED): <starttls xmlns="urn:ietf:params:xml:ns:xmpp-tls" />
DEBUG RECV: <proceed xmlns="urn:ietf:params:xml:ns:xmpp-tls" />
DEBUG Starting TLS
INFO Negotiating TLS
INFO Using SSL version: 3
DEBUG CERT: -----BEGIN CERTIFICATE-----
MIIEEzCCA3ygAwIBAgIBBjANBgkqhkiG9w0BAQQFADCBrDELMAkGA1UEBhMCVVMx
... removed several lines ...
dJXIIaoUmf4UFZ+bnpRqLElYB6paC25sMfH+tcKK9twGeI2qw/z0
-----END CERTIFICATE-----
ERROR Could not match certficate against hostname: xmpp.example.com
DEBUG ==== TRANSITION connected -> disconnected
DEBUG SEND (IMMED): <stream:stream to='xmpp.example.com' xmlns:stream='http://etherx.jabber.org/streams' xmlns='jabber:client' xml:lang='en' version='1.0'>
WARNING Failed to send <stream:stream to='xmpp.example.com' xmlns:stream='http://etherx.jabber.org/streams' xmlns='jabber:client' xml:lang='en' version='1.0'>
DEBUG ==== TRANSITION connected -> disconnected
ERROR Socket Error #9: Bad file descriptor
DEBUG reconnecting...
DEBUG connecting...
DEBUG Waiting 1.93652195037 seconds before connecting.
Pete Parks
Feb 1, 2013, 2:35:49 PM2/1/13
to sleekxmpp-...@googlegroups.com
I looked up the "_ssl.c:340: error:00000000:lib(0):func(0):reason(0)" and it looks like the CA cert file I have is a Java version .jks and I need to convert it to a .crt file. So I'll do that and give it a try.
Pete Parks
Feb 1, 2013, 5:13:43 PM2/1/13
to sleekxmpp-...@googlegroups.com
Lance, can you remove the hostname of my server in the logging info or replace it with 'example'. I would appreciate that. The guy who manages the Tigase server is gone for the weekend so I can't get the Java .jks convert to a .crt file. Does it mater if it's .crt, .p12 .pfx or some other format?
Reply all
Reply to author
Forward
0 new messages