[asterisk-bugs] [JIRA] (ASTERISK-24712) xmpp: starttls problem causes connection spew

Thu Jan 22 15:20:34 CST 2015

    [ https://issues.asterisk.org/jira/browse/ASTERISK-24712?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=224614#comment-224614 ] 

Matt Jordan commented on ASTERISK-24712:
----------------------------------------

{quote}
(A) ERROR[27439]: res_xmpp.c:2556 in xmpp_client_requested_tls: TLS connection for client 'asterisk' cannot be established. OpenSSL initialization failed.
… so what exactly is the problem with initializing OpenSSL? do we get an error code or anything?
{quote}

There are multiple failure points that can result in this message. Generally, it occurs when a client has requested TLS and something in the creation of the TLS context has failed.

Does OpenSSL provides an error response code for all of those points? Maybe. OpenSSL is a barrel of fun. I'm sure there could be some improvements made to the error handling in that function.

{quote}
(B) Asterisk now immediately retries the connection attempt. Which is extremely anti-social. There should always be at least a linear, or even an exponential, back-off. This goes on indefinitely, except …
{quote}

That sounds like a nice improvement that could be made in the internal {{xmpp_client_thread}}.

{quote}
(C) ERROR[27439]: res_xmpp.c:3334 in xmpp_action_hook: xmpp_action_hook was called without a packet. This happens because the connection is closed by the server (you're flooding it, after all). Again, there is no back-off here, Asterisk immediately retries. And retries. And retries. By the time somebody notices the problem, the server has banned our IP.
{quote}

Which sounds like the result of a misconfiguration.

While this is a problem - and one that should be fixed - I don't think this will receive very high priority without a patch. The scenario you've outlined would occur when you've misconfigured your system - and while that can happen (everyone makes mistakes!), it would not generally impact a system that was configured properly. If you're interested in providing such a patch, some guidelines on writing patches for Asterisk can be found here:

https://wiki.asterisk.org/wiki/display/AST/Patch+Contribution+Process

> xmpp: starttls problem causes connection spew
> ---------------------------------------------
>
>                 Key: ASTERISK-24712
>                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-24712
>             Project: Asterisk
>          Issue Type: Bug
>      Security Level: None
>          Components: Resources/res_xmpp
>    Affects Versions: 13.0.2, 13.1.0
>         Environment: Linux with not-quite-correctly-installed openSSL
>            Reporter: Matthias Urlichs
>
> Three issues here.
> (A) ERROR[27439]: res_xmpp.c:2556 in xmpp_client_requested_tls: TLS connection for client 'asterisk' cannot be established. OpenSSL initialization failed.
> … so what exactly is the problem with initializing OpenSSL? do we get an error code or anything?
> (B) Asterisk now immediately retries the connection attempt. Which is extremely anti-social. There should *always* be at least a linear, or even an exponential, back-off. This goes on indefinitely, except …
> (C) ERROR[27439]: res_xmpp.c:3334 in xmpp_action_hook: xmpp_action_hook was called without a packet. This happens because the connection is closed by the server (you're flooding it, after all). Again, there is no back-off here, Asterisk immediately retries. And retries. And retries. By the time somebody notices the problem, the server has banned our IP.

--
This message was sent by Atlassian JIRA
(v6.2#6252)