[pyOpenSSL] cannot connect to XMPP server with gajim (using pyOpenSSL)
exarkun at twistedmatrix.com
exarkun at twistedmatrix.com
Thu Nov 5 19:07:24 CET 2009
On 4 Nov, 03:03 pm, mcepl at redhat.com wrote:
>Dne 13.10.2009 19:21, exarkun at twistedmatrix.com napsal(a):
>>There are some known interoperability issues between OpenSSL and the
>>SSL
>>libraries used by some Java XMPP services. If this is the problem,
>>you
>>can work around it by setting the OP_NO_TICKET (0x00004000) option in
>>the client. If this doesn't fix the problem, then I don't have any
>>other guesses as to what might be wrong.
>
>Currently I have this patch against the master branch of gajim (thanks
>partially to Dave Kirkland for this), but I haven't seen any noticeable
>difference ... gajim still hangs in "Initiating handshake..."
>
>diff --git a/src/common/xmpp/tls_nb.py b/src/common/xmpp/tls_nb.py
>index 5ed1072..fc6b496 100644
>--- a/src/common/xmpp/tls_nb.py
>+++ b/src/common/xmpp/tls_nb.py
>@@ -334,6 +334,10 @@ class NonBlockingTLS(PlugIn):
> begin = -1
> i += 1
>
>+ def info_callback(conn, where, ret):
>+ print >>sys.stderr, "[SSL info] %x = %d" % (where,
>+ ret)#,`conn.state_string()`
>+
> def _startSSL_pyOpenSSL(self):
> log.debug("_startSSL_pyOpenSSL called")
> tcpsock = self._owner
>@@ -359,6 +363,8 @@ class NonBlockingTLS(PlugIn):
> tcpsock._sslObj =
>OpenSSL.SSL.Connection(tcpsock._sslContext,
> tcpsock._sock)
> tcpsock._sslObj.set_connect_state() # set to client
>mode
>+
>tcpsock._sslContext.set_options(OpenSSL.SSL.OP_NO_TICKET)
>+ tcpsock._sslContext.set_info_callback( info_callback )
> wrapper = PyOpenSSLWrapper(tcpsock._sslObj)
> tcpsock._recv = wrapper.recv
> tcpsock._send = wrapper.send
>
>Any ideas what should I do?
>
>Thanks for the replies so far,
This looks like the right solution for the problem I had in mind. So,
I'm not sure what's going on here. Something like tlsdump may shed
further light on the issue. Or, I see you're using the info callback
here - is that revealing anything interesting?
Jean-Paul
More information about the pyopenssl-users
mailing list