qca broken in stable?

olear · 12-12-2014, 08:47 AM

Hi, tried to setup a Slackware installation for a friend yesterday and noticed a problem when using Kopete and/or Psi against a regular Jabberd2 server with a self-signed certificate.

Code:

There was an error communicating with the server.
Details: Authentication error: No appropriate mechanism available for given security settings (e.g. SASL library too weak, or plaintext authentication not enabled)
Offered mechanisms: EXTERNAL, PLAIN, DIGEST-MD5"

Recompiled qca(-*) but that did not help, no new mechanisms offered.

Also noticed that the qca slackbuild don't even compile on Slackware due to missing patch, was the package just copied from an older Slackware version?

Code:

--- ./src/botantools/botan/botan/secmem.h.orig  2012-01-07 20:09:35.427999593 +0100
+++ ./src/botantools/botan/botan/secmem.h       2012-01-07 20:09:52.540001422 +0100
@@ -214,11 +214,11 @@
 
       SecureVector(u32bit n = 0) { MemoryRegion<T>::init(true, n); }
       SecureVector(const T in[], u32bit n)
-         { MemoryRegion<T>::init(true); set(in, n); }
+         { MemoryRegion<T>::init(true); this->set(in, n); }
       SecureVector(const MemoryRegion<T>& in)
-         { MemoryRegion<T>::init(true); set(in); }
+         { MemoryRegion<T>::init(true); this->set(in); }
       SecureVector(const MemoryRegion<T>& in1, const MemoryRegion<T>& in2)
-         { MemoryRegion<T>::init(true); set(in1); append(in2); }
+         { MemoryRegion<T>::init(true); this->set(in1); append(in2); }
    };
 
 /*************************************************

Currently only Pidgin works as it should.

olear

olear · 12-23-2014, 12:34 AM

Also broken in -current...

Alien Bob · 12-23-2014, 05:41 AM

Very strange.
I can login to Jabber (the jabber.xs4all.nl server where I have a couple of accounts) on this Slackware64-current desktop. I tried kopete (the version included with KDE 4.14.3, installed from my own ktown repository) as well as psi 0.15. I can also communicate with other people in my buddy list.

Be sure to UN-check the "allow plaintext authentication".

Eric

olear · 12-23-2014, 04:59 PM

Hi, thanks for your reply. A bit strange yes, this is the first time I got this issue with Kopete/Psi (not used Slackware in a couple of years, so don't know if this is something that was introduced in 14.1), other distros works flawless with Kopete/Psi against my server, also building Psi from pkgsrc in Slackware results in a working Psi. I checked other distros for solutions, and tried several patches, but that did not resolve the issue (actually got worse), rebuilt everything from OpenSSL to QCA-ossl, but still get issues.

The server is a "regular" Jabberd2 installation with encryption forced and with a self-signed certificate.

CentOS:

Code:

Qt Library Paths:
  /usr/lib64/qt4/plugins
  /usr/lib64/kde4/plugins
  /usr/bin
  /usr/lib/kde4/plugins
plugin: Checking Qt static plugins:
plugin:   (none)
plugin: Checking Qt Library Path: /usr/lib64/qt4/plugins
plugin:   libqca-gnupg.so: (class: gnupgPlugin) loaded as qca-gnupg
plugin:   libqca-ossl.so: (class: opensslPlugin) loaded as qca-ossl
plugin: Checking Qt Library Path: /usr/lib64/kde4/plugins
plugin:   (No 'crypto' subdirectory)
plugin: Checking Qt Library Path: /usr/bin
plugin:   (No 'crypto' subdirectory)
plugin: Checking Qt Library Path: /usr/lib/kde4/plugins
plugin:   (No 'crypto' subdirectory)
Available Providers:
  qca-gnupg
    *pgpkey
    *openpgp
    *keystorelist
  qca-ossl
    This product includes cryptographic software written by Eric Young
    (eay@cryptsoft.com)
    *sha1
    *sha0
    *ripemd160
    *md2
    *md4
    *md5
    *sha224
    *sha256
    *sha384
    *sha512
    *hmac(md5)
    *hmac(sha1)
    *hmac(sha224)
    *hmac(sha256)
    *hmac(sha384)
    *hmac(sha512)
    *hmac(ripemd160)
    *aes128-ecb
    *aes128-cfb
    *aes128-cbc
    *aes128-cbc-pkcs7
    *aes128-ofb
    *aes192-ecb
    *aes192-cfb
    *aes192-cbc
    *aes192-cbc-pkcs7
    *aes192-ofb
    *aes256-ecb
    *aes256-cbc
    *aes256-cbc-pkcs7
    *aes256-cfb
    *aes256-ofb
    *blowfish-ecb
    *blowfish-cbc-pkcs7
    *blowfish-cbc
    *blowfish-cfb
    *blowfish-ofb
    *tripledes-ecb
    *tripledes-cbc
    *des-ecb
    *des-ecb-pkcs7
    *des-cbc
    *des-cbc-pkcs7
    *des-cfb
    *des-ofb
    *cast5-ecb
    *cast5-cbc
    *cast5-cbc-pkcs7
    *cast5-cfb
    *cast5-ofb
    *pbkdf1(md2)
    *pbkdf1(sha1)
    *pbkdf2(sha1)
    *pkey
    *dlgroup
    *rsa
    *dsa
    *dh
    *cert
    *csr
    *crl
    *certcollection
    *pkcs12
    *tls
    *cms
    *ca
plugin: Unloaded: qca-gnupg
plugin: Unloaded: qca-ossl

Slackware

Code:

Qt Library Paths:
  /usr/lib/qt/plugins
  /usr/bin
  /usr/lib/kde4/plugins
plugin: Checking Qt static plugins:
plugin:   (none)
plugin: Checking Qt Library Path: /usr/lib/qt/plugins
plugin:   libqca-cyrus-sasl.so: (class: saslPlugin) loaded as qca-cyrus-sasl
plugin:   libqca-cyrus-sasl.so.debug: not a library, skipping
plugin:   libqca-gnupg.so: (class: gnupgPlugin) loaded as qca-gnupg
plugin:   libqca-gnupg.so.debug: not a library, skipping
plugin:   libqca-ossl.so: (class: opensslPlugin) loaded as qca-ossl
plugin:   libqca-ossl.so.debug: not a library, skipping
plugin: Checking Qt Library Path: /usr/bin
plugin:   (No 'crypto' subdirectory)
plugin: Checking Qt Library Path: /usr/lib/kde4/plugins
plugin:   (No 'crypto' subdirectory)
Available Providers:
  qca-cyrus-sasl
  qca-gnupg
  qca-ossl
    This product includes cryptographic software written by Eric Young
    (eay@cryptsoft.com)
plugin: Unloaded: qca-cyrus-sasl
plugin: Unloaded: qca-gnupg
plugin: Unloaded: qca-ossl

Something must be missing?