Opened 10 months ago

Closed 10 months ago

Last modified 10 months ago

#17270 closed defect (fixed)

[PATCH] BOSH doesn't work, it should ignore STARTTLS

Reported by: niconiconi Owned by: deryni
Milestone: 2.13.0 Component: libpurple
Version: 2.12.0 Keywords: BOSH PATCH
Cc:

Description

I was trying to setup BOSH on my server, but it doesn't work. I have debugged for three hours, and it seems to be a bug in Pidgin.

To reproduce the bug, you need a XMPP server with mandatory STARTTLS policy, and a HTTPS BOSH proxy. Filling the settings to Pidgin, and Pidgin fails to connect to the server when BOSH is used, with logs similar to the following.

certificate: Successfully verified certificate for example.com

jabber: SendBOSH Boot (ssl):

<body content='text/xml; charset=utf-8' secure='true' to='example.com' xml:lang='en' xmpp:version='1.0' ver='1.6' xmlns:xmpp='urn:xmpp:xbosh' rid='xxx'
wait='60' hold='1' xmlns='http://jabber.org/protocol/httpbind'/>

jabber: RecvBOSH (ssl):

<body xmlns:stream='http://etherx.jabber.org/streams' xmpp:version='1.0' xmlns:xmpp='urn:xmpp:xbosh' ver='1.6' inactivity='300' requests='2' polling='5' secure='true'
hold='1' from='example.com' authid='xxx' wait='60' sid='xxx' xmlns='http://jabber.org/protocol/httpbind'>
  <stream:features xmlns='jabber:client'>
    <starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'>
      <required/>
    </starttls>
    <register xmlns='http://jabber.org/features/iq-register'/>
    <mechanisms xmlns='urn:ietf:params:xml:ns:xmpp-sasl'>
      <mechanism>SCRAM-SHA-1</mechanism>
      <mechanism>PLAIN</mechanism>
    </mechanisms>
  </stream:features>
</body>


jabber: BOSH connection manager version 1.6
jabber: Sending (ssl) (example@example.com):

<starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'/>

jabber: BOSH: Sending an empty request

(STUCK HERE UNTIL TIMEOUT)

It seems that Pidgin wants to establish a TLS connection with a STARTTLS request, but it doesn't make any sense, since the XMPP stream is proxied by the BOSH connection, which is already encrypted by HTTPS. It is impossible to STARTTLS with BOSH.

According to XEP-0206: The client SHOULD ignore any Transport Layer Security (TLS) feature since BOSH channel encryption SHOULD be negotiated at the HTTP layer.

Failing to do it causes Pidgin fails to create any connection with BOSH to any XMPP server with STARTTLS enabled.

Attachments (1)

fix-bosh.patch (1.8 KB) - added by niconiconi 10 months ago.
Patch

Download all attachments as: .zip

Change History (10)

comment:1 Changed 10 months ago by niconiconi

This bug can be fixed by patching jabber_process_starttls() function. I've developed a patch to prevent sending STARTTLS when using HTTPS BOSH connection, meanwhile it also triggers errors if insecure HTTP BOSH is used, and security is required by the user ("connection_security", JABBER_DEFAULT_REQUIRE_TLS) or server (STARTTLS required).

It solves the problem totally. I can now connect to the server and log in without any problem. Non BOSH connections are also working flawlessly.

I also rearranged the code a little bit and added some comments to make it easier to read and understand. Please review the patch, and merge it into the next stable release if everything is okay. Thanks.

diff -uprN pidgin-2.12.0.old/libpurple/protocols/jabber/jabber.c pidgin-2.12.0/libpurple/protocols/jabber/jabber.c
--- pidgin-2.12.0.old/libpurple/protocols/jabber/jabber.c	2017-11-25 03:54:40.639920993 +0800
+++ pidgin-2.12.0/libpurple/protocols/jabber/jabber.c	2017-11-25 04:25:44.470494581 +0800
@@ -236,15 +236,32 @@ jabber_process_starttls(JabberStream *js
 		}
 	}
 #else
-	if(purple_ssl_is_supported()) {
+	if (!purple_ssl_is_supported()) {
+		purple_debug_warning("jabber", "No libpurple TLS/SSL support found.");
+	}
+
+	/* It's a secure BOSH connection, just return FALSE and skip, without doing anything extra.
+	 * XEP-0206 (XMPP Over BOSH): The client SHOULD ignore any Transport Layer Security (TLS)
+	 * feature since BOSH channel encryption SHOULD be negotiated at the HTTP layer.
+	 *
+	 * Note: we are already receiving STARTTLS at this point from a SSL/TLS BOSH connection,
+	 * so it is not necessary to check if purple_ssl_is_supported().
+	 */
+	if (js->bosh && jabber_bosh_connection_is_ssl(js->bosh)) {
+		return FALSE;
+	}
+	
+	/* Otherwise, it's a standard XMPP connection, or a HTTP (insecure) BOSH connection.
+	 * We request STARTTLS for standard XMPP connections, but we do nothing for insecure
+	 * BOSH connections, per XEP-0206. */
+	if(purple_ssl_is_supported() && !js->bosh) {
 		jabber_send_raw(js,
 				"<starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'/>", -1);
 		return TRUE;
-	} else {
-		purple_debug_warning("jabber", "No libpurple TLS/SSL support found.");
 	}
 #endif
-
+	/* It's an insecure standard XMPP connection, or an insecure BOSH connection, let's
+	 * emit errors if security is required by the server or user. */
 	starttls = xmlnode_get_child(packet, "starttls");
 	if(xmlnode_get_child(starttls, "required")) {
 		purple_connection_error_reason(js->gc,

Update: On IRC, there are some concerns that it would effectively disable HTTP BOSH entirely, but it is not totally true. A server with mandatory STARTTLS is unlikely to provide a HTTP BOSH, or the server is broken in the first place; if STARTTLS is optional on the server, users can switch their security level to "optional" and use HTTP to connect BOSH, I don't think it is much of a problem. Comments?

Last edited 10 months ago by niconiconi (previous) (diff)

Changed 10 months ago by niconiconi

Patch

comment:2 Changed 10 months ago by niconiconi

  • Keywords PATCH added

comment:3 Changed 10 months ago by niconiconi

  • Component changed from XMPP to libpurple
  • Summary changed from BOSH doesn't work, it should ignore STARTTLS to [PATCH] BOSH doesn't work, it should ignore STARTTLS

comment:4 Changed 10 months ago by niconiconi

Or another straightforward approach can be replacing

if(xmlnode_get_child(starttls, "required")) {

with

if(!js->bosh && xmlnode_get_child(starttls, "required")) {

hence ignoring server STARTTLS policy altogether when using BOSH, leaving the choice to the user, as "connection_security", JABBER_DEFAULT_REQUIRE_TLS.

comment:6 Changed 10 months ago by Tom Li <tomli@…>

  • Milestone set to 2.12.1
  • Resolution set to fixed
  • Status changed from new to closed

(In [fdb68b9b02b8]):
jabber.c: fix #17270, ignore STARTTLS when using BOSH.

Pidgin wants to establish a TLS connection with a STARTTLS request, but it doesn't make any sense, since the XMPP stream is proxied by the BOSH connection, which is already encrypted by HTTPS. It is impossible to STARTTLS with BOSH.

According to XEP-0206: The client SHOULD ignore any Transport Layer Security (TLS) feature since BOSH channel encryption SHOULD be negotiated at the HTTP layer.

Failing to do it causes Pidgin fails to create any connection with BOSH to any XMPP server with STARTTLS enabled.

https://developer.pidgin.im/ticket/17270

comment:7 Changed 10 months ago by Gary Kramlich <grim@…>

(In [7f478dc7e64f]):
Merged in yazawanico/main/release-2.x.y (pull request #293)

jabber.c: fix #17270, ignore STARTTLS when using BOSH.

Approved-by: Eion Robb <eionrobb@…> Approved-by: Gary Kramlich <grim@…>

comment:8 Changed 10 months ago by Gary Kramlich <grim@…>

(In [8fc5d8755588]):
ChangeLog the update to not attempt to TLS secured BOSH connections. Fixes #17270

comment:9 Changed 10 months ago by Robby

  • Milestone changed from 2.12.1 to 2.13.0
Note: See TracTickets for help on using tickets.
All information, including names and email addresses, entered onto this website or sent to mailing lists affiliated with this website will be public. Do not post confidential information, especially passwords!