Summary: | ASTERISK-24712: xmpp: starttls problem causes connection spew | ||
Reporter: | Matthias Urlichs (smurfix) | Labels: | |
Date Opened: | 2015-01-22 14:14:34.000-0600 | Date Closed: | 2017-03-24 09:14:08 |
Priority: | Minor | Regression? | |
Status: | Closed/Complete | Components: | Resources/res_xmpp |
Versions: | 13.0.2 13.1.0 | Frequency of Occurrence | |
Related Issues: | |||
Environment: | Linux with not-quite-correctly-installed openSSL | Attachments: | |
Description: | Three issues here.
(A) ERROR[27439]: res_xmpp.c:2556 in xmpp_client_requested_tls: TLS connection for client 'asterisk' cannot be established. OpenSSL initialization failed. … so what exactly is the problem with initializing OpenSSL? do we get an error code or anything? (B) Asterisk now immediately retries the connection attempt. Which is extremely anti-social. There should *always* be at least a linear, or even an exponential, back-off. This goes on indefinitely, except … (C) ERROR[27439]: res_xmpp.c:3334 in xmpp_action_hook: xmpp_action_hook was called without a packet. This happens because the connection is closed by the server (you're flooding it, after all). Again, there is no back-off here, Asterisk immediately retries. And retries. And retries. By the time somebody notices the problem, the server has banned our IP. | ||
Comments: | By: Matt Jordan (mjordan) 2015-01-22 15:19:53.387-0600 {quote} (A) ERROR[27439]: res_xmpp.c:2556 in xmpp_client_requested_tls: TLS connection for client 'asterisk' cannot be established. OpenSSL initialization failed. … so what exactly is the problem with initializing OpenSSL? do we get an error code or anything? {quote} There are multiple failure points that can result in this message. Generally, it occurs when a client has requested TLS and something in the creation of the TLS context has failed. Does OpenSSL provides an error response code for all of those points? Maybe. OpenSSL is a barrel of fun. I'm sure there could be some improvements made to the error handling in that function. {quote} (B) Asterisk now immediately retries the connection attempt. Which is extremely anti-social. There should always be at least a linear, or even an exponential, back-off. This goes on indefinitely, except … {quote} That sounds like a nice improvement that could be made in the internal {{xmpp_client_thread}}. {quote} (C) ERROR[27439]: res_xmpp.c:3334 in xmpp_action_hook: xmpp_action_hook was called without a packet. This happens because the connection is closed by the server (you're flooding it, after all). Again, there is no back-off here, Asterisk immediately retries. And retries. And retries. By the time somebody notices the problem, the server has banned our IP. {quote} Which sounds like the result of a misconfiguration. While this is a problem - and one that should be fixed - I don't think this will receive very high priority without a patch. The scenario you've outlined would occur when you've misconfigured your system - and while that can happen (everyone makes mistakes!), it would not generally impact a system that was configured properly. If you're interested in providing such a patch, some guidelines on writing patches for Asterisk can be found here: https://wiki.asterisk.org/wiki/display/AST/Patch+Contribution+Process By: Friendly Automation (friendly-automation) 2017-03-24 09:14:09.800-0500 Change 5302 merged by zuul: res_xmpp: Try to provide useful errors messages from OpenSSL [https://gerrit.asterisk.org/5302|https://gerrit.asterisk.org/5302] By: Friendly Automation (friendly-automation) 2017-03-24 09:14:14.022-0500 Change 5301 merged by zuul: res_xmpp: Try to provide useful errors messages from OpenSSL [https://gerrit.asterisk.org/5301|https://gerrit.asterisk.org/5301] By: Friendly Automation (friendly-automation) 2017-03-28 15:42:37.605-0500 Change 5303 merged by Joshua Colp: res_xmpp: Use incremental backoff when a read error occurs [https://gerrit.asterisk.org/5303|https://gerrit.asterisk.org/5303] By: Friendly Automation (friendly-automation) 2017-03-28 16:48:04.288-0500 Change 5304 merged by Joshua Colp: res_xmpp: Use incremental backoff when a read error occurs [https://gerrit.asterisk.org/5304|https://gerrit.asterisk.org/5304] By: Friendly Automation (friendly-automation) 2017-03-28 18:05:25.169-0500 Change 5289 merged by Joshua Colp: res_xmpp: Try to provide useful errors messages from OpenSSL [https://gerrit.asterisk.org/5289|https://gerrit.asterisk.org/5289] By: Friendly Automation (friendly-automation) 2017-03-28 18:05:26.933-0500 Change 5290 merged by Joshua Colp: res_xmpp: Use incremental backoff when a read error occurs [https://gerrit.asterisk.org/5290|https://gerrit.asterisk.org/5290] |