Disable errbot cert verification - errbot

I'm having hard time trying to connect errbot to dev HipChat server because of invalid ssl cert.
log:
21:16:01 DEBUG sleekxmpp.xmlstream.xmlst Event triggered: ssl_cert
21:16:01 ERROR sleekxmpp.xmlstream.xmlst Could not match certficate against hostname: chat.btf.hipchat.com
21:16:01 DEBUG sleekxmpp.xmlstream.xmlst Event triggered: session_end
21:16:01 DEBUG sleekxmpp.xmlstream.xmlst Event triggered: disconnected
21:16:01 INFO errbot.core Disconnect callback, deactivating all the plugins.
21:16:01 DEBUG sleekxmpp.thirdparty.stat ==== TRANSITION connected -> disconnected
21:16:01 DEBUG sleekxmpp.xmlstream.xmlst SEND (IMMED): <stream:stream to='chat.btf.hipchat.com' xmlns:stream='http://etherx.jabber.org/streams' xmlns='jabber:client' xml:lang='en' version='1.0'>
21:16:01 DEBUG sleekxmpp.xmlstream.xmlst Event triggered: socket_error
21:16:01 WARNING sleekxmpp.xmlstream.xmlst Failed to send b"<stream:stream to='chat.btf.hipchat.com' xmlns:stream='http://etherx.jabber.org/streams' xmlns='jabber:client' xml:lang='en' version='1.0'>"
21:16:01 DEBUG sleekxmpp.xmlstream.xmlst Event triggered: session_end
21:16:01 DEBUG sleekxmpp.xmlstream.xmlst Event triggered: socket_error
21:16:01 DEBUG sleekxmpp.xmlstream.xmlst Event triggered: disconnected
21:16:01 INFO errbot.core Disconnect callback, deactivating all the plugins.
21:16:01 DEBUG sleekxmpp.thirdparty.stat ==== TRANSITION connected -> disconnected
21:16:01 DEBUG sleekxmpp.xmlstream.xmlst Event triggered: socket_error
21:16:01 ERROR sleekxmpp.xmlstream.xmlst Socket Error #9: Bad file descriptor
Errbot keeps verify cert even though I specified "'verify': False" in BOT_IDENTITY as well as XMPP_CA_CERT_FILE = None in config.
part of config:
BOT_IDENTITY = {
## HipChat mode (Comment the above if using this mode)
'username' : '1_2#chat.btf.hipchat.com',
'password' : '123qweASD',
## Group admins can create/view tokens on the settings page after logging
## in on HipChat's website
'token' : 'sometoken',
## If you're using HipChat server (self-hosted HipChat) then you should set
## the endpoint below. If you don't use HipChat server but use the hosted version
## of HipChat then you may leave this commented out.
'endpoint' : 'hipchat.test.intra',
'verify': False,
}
XMPP_CA_CERT_FILE = None
Any ideas how to make it work are really appreciated.

The source of this error happens in the verify function which verifies the certificate is valid in terms of hostname and validity date.
The value of XMPP_CA_CERT_FILE set in errbot's config is eventually passed to ca_certs in the XMLStream class where it's used to influence the cert_policy. That sets ssl.CERT_NONE but even so, it still calls verify.
That means currently you can have a (possible self-signed) certificate without a valid trust root, but you will still have to ensure the hostname you're connecting to matches the hostname (CN) of the certificate. (This is something which SleekXMPP, the underlying XMPP library used by errbot imposes on us and not directly something from errbot itself).

Related

pulsar-admin sink localrun failure: ClientCnx Failed to authenticate the client. (tls auth enabled)

command:
bin/pulsar-admin sinks localrun -a connectors/pulsar-io-mongo-2.10.2.nar --tenant public --namespace default --inputs up-20wt --name mongo-sink --sink-config-file work/config.json --parallelism 1
log:
2023-01-06T14:56:27,441+0800 [pulsar-client-io-1-2] WARN org.apache.pulsar.client.impl.ConnectionPool - [[id: 0xb0292161, L:/127.0.0.1:57408 - R:localhost/127.0.0.1:6650]] Connection handshake failed: org.apache.pulsar.client.api.PulsarClientException$AuthenticationException: Unable to authenticate
ERROR org.apache.pulsar.client.impl.ClientCnx - [id: 0xb0292161, L:/127.0.0.1:57408 ! R:localhost/127.0.0.1:6650] Failed to authenticate the client
INFO org.apache.pulsar.client.impl.PulsarClientImpl - Client closing. URL: pulsar://localhost:6650
The deployment uses tls mutual auth: https://pulsar.apache.org/docs/2.10.x/security-tls-authentication
Both client.conf and broker.conf have enabled tls and related key files are setup correspondently.
And most importantly, my pulsar client(c++) can connect to the pulsar+ssl broker and pub message successfully.
so:
why the mongo-io-sink created with pulsar-admin connect to the 6650 broker binary data port instead of the ssl 6651 port?
how to fix this sink creating issue?

phpmailer, client not responding to server

When trying to send an email through the phpmailer nothing happens. After looking at the log it seems that when the server asks for XOAUTH2 the client simply doesn't respond... Usually the client would send the XOAUTH2 authorisation
2020-09-09 21:14:20 SERVER -> CLIENT: 220 smtp.gmail.com ESMTP p9sm413427wma.42 - gsmtp
2020-09-09 21:14:20 CLIENT -> SERVER: EHLO 'website'
2020-09-09 21:14:20 SERVER -> CLIENT: 250-smtp.gmail.com at your service, ['ip']250-SIZE 35882577250-8BITMIME250-STARTTLS250-ENHANCEDSTATUSCODES250-PIPELINING250-CHUNKING250 SMTPUTF8
2020-09-09 21:14:20 CLIENT -> SERVER: STARTTLS
2020-09-09 21:14:20 SERVER -> CLIENT: 220 2.0.0 Ready to start TLS
2020-09-09 21:14:20 CLIENT -> SERVER: EHLO 'website'
2020-09-09 21:14:20 SERVER -> CLIENT: 250-smtp.gmail.com at your service, ['ip']250-SIZE 35882577250-8BITMIME250-AUTH LOGIN PLAIN XOAUTH2 PLAIN-CLIENTTOKEN OAUTHBEARER XOAUTH250-ENHANCEDSTATUSCODES250-PIPELINING250-CHUNKING250 SMTPUTF8
This suddenly stopped working recently for an unknown reason. Nothing has been altered on my end to cause this to occur.
Does anyone have any idea about what could be causing this?
So it seems it was an outdated refresh token.
Odd that no error was appearing in debug mode though

Sending reports to different puppet master than $server

There are two puppet masters. pupmasterone.localdomain and pupmastertwo.localdomain. pupmastertwo is fetching configuration from pupmasterone and sending its reports to pupmasterone. (This is normal behaviour)
If we change the report_server in pupmastertwo to report to itself, its throwing error.
puppet.conf (pupmastertwo)
[main]
report_server=pupmastertwo.localdomain
[agent]
server=pupmasterone.localdomain
Error:
Error: Could not send report: SSL_connect returned=1 errno=0 state=unknown state: sslv3 alert certificate unknown
How to get this working?

Socket.io in reconnecting loop when running in Amazon EC2

I am having a problem with socket.io (websocket) when running in EC2. I don't have any http proxy or loadbalancer installed infront of the node instance. Same code works fine when running in local environment but keep reconnecting in EC2. Also even in the EC2 instance xhr-polling works fine.
Following is socket.io debug log output when transport is set to websocket and xhr-polling.
debug - discarding transport
debug - authorized
info - handshake authorized aoiP_6qFnqiqEC3r2-0N
debug - setting request GET /socket.io/1/websocket/aoiP_6qFnqiqEC3r2-0N
debug - set heartbeat interval for client aoiP_6qFnqiqEC3r2-0N
debug - client authorized for
debug - websocket writing 1::
warn - websocket parser error: reserved fields must be empty
info - transport end (undefined)
debug - set close timeout for client NxkBCtJqwOscfHzE0xba
debug - cleared close timeout for client NxkBCtJqwOscfHzE0xba
debug - cleared heartbeat interval for client NxkBCtJqwOscfHzE0xba

Socket.io falls back to xhr in Firefox

My app use Node.js and Socket.io. It works fine but when I disconnect from the internet, Socket.io falls back to xhr but just on Firefox, On chrome it works fine.
This my debug messages:
info - socket.io started
Express server listening on port 3000 development
GET /connexion 200 38ms - 882
POST /connexion 302 5ms - 64
GET /jeu 200 8ms - 583
debug - client authorized
info - handshake authorized UTHMxCJEKx-DC3sSf57M
debug - setting request GET /socket.io/1/xhr-polling/UTHMxCJEKx-DC3sSf57M?t=1365791206086
debug - setting poll timeout
debug - client authorized for
debug - clearing poll timeout
debug - xhr-polling writing 1::
debug - set close timeout for client UTHMxCJEKx-DC3sSf57M
debug - xhr-polling received data packet 1::/jeu/Jeu1
s:B2ZSTca4rYyle+ooJCY5/Z+d.xuW1XrVrU+IG0UpLvs5q88hm6Nr83SOwr7fpOjfPhbM
B2ZSTca4rYyle+ooJCY5/Z+d
debug - client authorized for /jeu/Jeu1
debug - setting request GET /socket.io/1/xhr-polling/UTHMxCJEKx-DC3sSf57M?t=1365791206116
debug - setting poll timeout
debug - clearing poll timeout
debug - xhr-polling writing 1::/jeu/Jeu1
debug - set close timeout for client UTHMxCJEKx-DC3sSf57M
debug - discarding transport
debug - cleared close timeout for client UTHMxCJEKx-DC3sSf57M
newPlayer: hamou92
debug - broadcasting packet
debug - setting request GET /socket.io/1/xhr-polling/UTHMxCJEKx-DC3sSf57M?t=1365791206203
debug - setting poll timeout
debug - discarding transport
debug - cleared close timeout for client UTHMxCJEKx-DC3sSf57M
This is what Firebug shows me:
Firefox ne peut établir de connexion avec le serveur à l'adresse ws://localhost:3000/socket.io/1/websocket/_uQklvPYeYn-_BNg-WDa.
this.websocket = new Socket(this.prepareUrl() + query); socket.io.js (ligne 2371)

Resources