openssl: s_client seems to hang with -starttls xmpp
When I run s_client against my xmpp server (ejabberd), it seems to hang and does not print out the certificate info that I see when I connect to other types of servers (like http):
$ openssl s_client -servername chat.example.com -connect chat.example.com:5222 -starttls xmpp -verify 100
verify depth is 100
CONNECTED(00000003)
Other TLS checkers do seem to be OK with the servers I’ve tried, and clients and other servers also seem to approve of the connections so I think there might be something going on in s_client’s xmpp code.
I also found someone talking about this in Debian’s bug tracker:
About this issue
- Original URL
- State: closed
- Created 7 years ago
- Comments: 20 (12 by maintainers)
Commits related to this issue
- Fix apps/s_client.c's XMPP client When an error occurs during the starttls handskake, s_client gets stuck looping around zero bytes reads, because the server won't sent anything more after its error ... — committed to levitte/openssl by levitte 7 years ago
- Fix apps/s_client.c's XMPP client When an error occurs during the starttls handskake, s_client gets stuck looping around zero bytes reads, because the server won't sent anything more after its error ... — committed to openssl/openssl by levitte 7 years ago
- Fix apps/s_client.c's XMPP client Backport from https://github.com/levitte/openssl/commit/4f309ded68f9da44fcb3c90289e5b70d3feb6aad . "When an error occurs during the starttls handskake, s_client get... — committed to drwetter/openssl-1.0.2.bad by drwetter 2 years ago
Like I said earlier,
-servernamesets the Server Name Indication at the TLS level, nothing else. OpenSSL 1.0.2 has no other way to indicate a server name. OpenSSL does have the added option-xmpphost