[pyOpenSSL] cannot connect to XMPP server with gajim (using pyOpenSSL)

exarkun at twistedmatrix.com exarkun at twistedmatrix.com
Thu Nov 5 19:07:24 CET 2009 

On 4 Nov, 03:03 pm, mcepl at redhat.com wrote:
>Dne 13.10.2009 19:21, exarkun at twistedmatrix.com napsal(a):
>>There are some known interoperability issues between OpenSSL and the 
>>SSL
>>libraries used by some Java XMPP services.  If this is the problem, 
>>you
>>can work around it by setting the OP_NO_TICKET (0x00004000) option in
>>the client.  If this doesn't fix the problem, then I don't have any
>>other guesses as to what might be wrong.
>
>Currently I have this patch against the master branch of gajim (thanks
>partially to Dave Kirkland for this), but I haven't seen any noticeable
>difference ... gajim still hangs in "Initiating handshake..."
>
>diff --git a/src/common/xmpp/tls_nb.py b/src/common/xmpp/tls_nb.py
>index 5ed1072..fc6b496 100644
>--- a/src/common/xmpp/tls_nb.py
>+++ b/src/common/xmpp/tls_nb.py
>@@ -334,6 +334,10 @@ class NonBlockingTLS(PlugIn):
>                                 begin = -1
>                         i += 1
>
>+       def info_callback(conn, where, ret):
>+               print >>sys.stderr, "[SSL info] %x = %d" % (where,
>+                       ret)#,`conn.state_string()`
>+
>         def _startSSL_pyOpenSSL(self):
>                 log.debug("_startSSL_pyOpenSSL called")
>                 tcpsock = self._owner
>@@ -359,6 +363,8 @@ class NonBlockingTLS(PlugIn):
>                 tcpsock._sslObj = 
>OpenSSL.SSL.Connection(tcpsock._sslContext,
>                         tcpsock._sock)
>                 tcpsock._sslObj.set_connect_state() # set to client 
>mode
>+ 
>tcpsock._sslContext.set_options(OpenSSL.SSL.OP_NO_TICKET)
>+               tcpsock._sslContext.set_info_callback( info_callback )
>                 wrapper = PyOpenSSLWrapper(tcpsock._sslObj)
>                 tcpsock._recv = wrapper.recv
>                 tcpsock._send = wrapper.send
>
>Any ideas what should I do?
>
>Thanks for the replies so far,

This looks like the right solution for the problem I had in mind.  So, 
I'm not sure what's going on here.  Something like tlsdump may shed 
further light on the issue.  Or, I see you're using the info callback 
here - is that revealing anything interesting?

Jean-Paul

More information about the pyopenssl-users mailing list