Jabber broken

Get help with installation and running phpBB 3.2.x here. Please do not post bug reports, feature requests, or extension related questions here.
Post Reply
DimeCadmium
Registered User
Posts: 5
Joined: Wed Mar 26, 2008 9:57 pm

Jabber broken

Post by DimeCadmium » Mon Jun 18, 2018 6:03 am

Jabber support is broken. This specifically affected me with StartTLS but likely affects old-style SSL connections as well. In particular it is verifying the certificate against the name of the underlying A/AAAA record, instead of the name of the SRV record as it should.

In functions_jabber.php, function open_socket, the following changes need to be made:
  • Save $server value from the start of function. (i.e. $old_server = $server;)
  • Set $options['ssl'] regardless of whether $use_ssl is set. (So that the options get set for use with StartTLS)
  • Set $options['ssl']['peer_name'] to $old_server.
A diff against 3.2.2:

Code: Select all

--- functions_jabber.php.old    2018-06-18 00:58:51.397524459 -0500
+++ functions_jabber.php        2018-06-18 00:59:07.570159660 -0500
@@ -250,6 +250,7 @@
        */
        function open_socket($server, $port, $use_ssl, $verify_peer, $verify_peer_name, $allow_self_signed)
        {
+               $old_server = $server;
                if (@function_exists('dns_get_record'))
                {
                        $record = @dns_get_record("_xmpp-client._tcp.$server", DNS_SRV);
@@ -261,12 +262,12 @@

                $options = array();

+               // Set ssl context options, see http://php.net/manual/en/context.ssl.php
+               $options['ssl'] = array('peer_name' => $old_server, 'verify_peer' => $verify_peer, 'verify_peer_name' => $verify_peer_name, 'allow_self_signed' => $allow_self_signed);
+
                if ($use_ssl)
                {
                        $remote_socket = 'ssl://' . $server . ':' . $port;
-
-                       // Set ssl context options, see http://php.net/manual/en/context.ssl.php
-                       $options['ssl'] = array('verify_peer' => $verify_peer, 'verify_peer_name' => $verify_peer_name, 'allow_self_signed' => $allow_self_signed);
                }
                else
                {
I'm unfortunately unable to log in to the bugtracker (despite having had this phpbb.com account since 2008).

DimeCadmium
Registered User
Posts: 5
Joined: Wed Mar 26, 2008 9:57 pm

Re: Jabber broken

Post by DimeCadmium » Mon Jun 18, 2018 7:19 am

Oh - and the script ends too quickly after calling send_message on my server, which causes the message to not get sent (since the socket is in non-blocking mode most of the time). send_message, at least, needs to get a fflush($this->connection) call to ensure the socket's write buffer gets flushed before the script ends. (Alternately you should be able to close the socket when it's done being used and thereby ensure it's flushed)

Edit: I take that back. Even with fflush it's still flaky. And it looks like fclose gets called... The only reliable way I was able to find to ensure it actually sends the message was to add a sleep (used usleep(100000))

Post Reply

Return to “[3.2.x] Support Forum”

Who is online

Users browsing this forum: Baidu [Spider], bonelifer, jack terrier, Mick, napsterion, PHenry1025, sbweston, Senky and 37 guests