[00:59:46]
<Echo1> maranda committed --
mam.lib: correct behaviour on chunk results' overflow. (Fixes #281)
-> https://github.com/maranda/metronome/commit/449759070a17b6472f162c9c72083ba0ebdc9fc5
[08:04:12]
<Maranda> @restart
[09:44:47]
<Echo1> maranda committed --
validate.lib: if <max /> exceedes server defaults just make it match …
-> https://github.com/maranda/metronome/commit/2db411ef2b8e88c90e3905a5ffcd8a00e8184e40
[10:23:25]
<jonasw> so I’m using this config, but metronome cannot start STARTTLS: https://paste.debian.net/hidden/46b7d78d/
[10:23:28]
<jonasw> (logs follow)
[10:23:51]
<jonasw> https://paste.debian.net/hidden/f480a4be/
[10:24:05]
<jonasw> any clues what’s wrong there?
[10:24:18]
<SouL> o/
[10:24:52]
<jonasw> certs/localhost.{key,crt} *do* exist (but they are behind a symlink, does that matter?); also I’d expect a log message if those weren’t okay
[10:25:47]
<jonasw> I removed the symlink indirection to no avail
[10:26:32]
<Maranda> Built it with ./configure --ostype=debian I take righto?
[10:26:41]
<jonasw> I didn’t specify an ostype
[10:27:02]
<jonasw> I only passed --with-lua-include explicitly
[10:27:47]
<jonasw> I tried re-configuring with --ostype=debian instead && make clean && make, didn’t change anything
[10:28:06]
<Maranda> Hmm gimme a second
[10:29:36]
<jonasw> if you want, you can have the key && cert, they’re public anyways
[10:30:59]
<Maranda> jonasw, try inserting the full path to the cert and key
[10:31:04]
<jonasw> I can’t.
[10:31:10]
<jonasw> I won’t know the full path
[10:31:14]
<jonasw> I mean I can try now
[10:31:22]
<Maranda> In the config I mean
[10:31:44]
<jonasw> that doesn’t help
[10:32:02]
<jonasw> wait
[10:32:23]
<jonasw> no, doesn’t help
[10:32:44]
<jonasw> proof: https://paste.debian.net/hidden/c12881f1/
[10:33:27]
<jonasw> it is using lua5.1
[10:34:32]
<Maranda> I see no error from certmanager so I take it's able to open those files
[10:35:00]
<Maranda> Could you load the telnet console?
[10:35:08]
<jonasw> sure
[10:35:23]
<jonasw> got it
[10:36:06]
<Maranda> telnet to localhost 5582 as usual
[10:36:08]
<jonasw> yeah
[10:36:14]
<jonasw> "I’m in"
[10:36:30]
<Maranda> Then... (sec I'm on phone)
[10:36:47]
<jonasw> oh, if you’re busy, don’t worry -- I can do this at a later time
[10:38:27]
<Maranda> >for i,v in pairs(hosts["localhost"]) do print(i,v) end
[10:38:49]
<Maranda> I'm on a train for now just impaired at typing lol
[10:39:36]
<jonasw>
| type local
| sessions table: 0x5568c34d41d0
| s2sout table: 0x5568c34c92f0
| send function(hostmanager.lua:77)
| modules table: 0x5568c34d4180
| dialback_capable true
| events table: 0x5568c34deff0
| dialback_secret 6df7fd20-d409-449b-8bac-94eb410d3299
| users table: 0x5568c35070c0
| host localhost
| supports_rosters true
| Result: nil
[10:39:42]
<Maranda> Remember the > in fron of for to escape the sandbox
[10:41:58]
<Maranda> Yeah no ssl ctx object
[10:43:10]
<Maranda> >for i,v in pairs(package.loaded) do print(i,v) end
[10:43:48]
*Maranda thinks LuaSec is either having troubles or not being loaded
[10:44:06]
<jonasw> >for i,v in pairs(package.loaded) do print(i,v) end
| caps table: 0x5568c35922b0
| util.caps table: 0x5568c35922b0
| util.hmac table: 0x5568c3398810
| rostermanager table: 0x5568c34e7130
| util.timer table: 0x5568c33843d0
| set table: 0x5568c33a4440
| util.s2smanager table: 0x5568c34701e0
| pubsub table: 0x5568c34e5090
| socket.url table: 0x5568c343ba60
| util.encodings table: 0x5568c332dfe0
| os table: 0x5568c331d830
| loggingmanager table: 0x5568c33a24e0
| dependencies table: 0x5568c333a910
| util.pubsub table: 0x5568c34e5090
| hmac table: 0x5568c3398810
| util.serialization table: 0x5568c3339d70
| luaevent table: 0x5568c3348b20
| encodings table: 0x5568c332dfe0
| debug table: 0x5568c33201a0
| stanza table: 0x5568c33c4c90
| dns table: 0x5568c34612a0
| storagemanager table: 0x5568c339fd20
| core.portmanager table: 0x5568c33e5770
| util.events table: 0x5568c3330b00
| pluginloader table: 0x5568c33dd220
| io table: 0x5568c331cf10
| util.pluginloader table: 0x5568c33dd220
| socket.core table: 0x5568c3334300
| lxp table: 0x5568c3344490
| array table: 0x5568c33ce9a0
| util.x509 table: 0x5568c349dd20
| net.server table: 0x5568c3388500
| net.adns table: 0x5568c34b9f00
| socket table: 0x5568c3334300
| util.address_selection table: 0x5568c3461a20
| util.filters table: 0x5568c3426a70
| util.auxiliary table: 0x5568c3386960
| _G table: 0x5568c3318900
| util.pposix table: 0x5568c33e1760
| package table: 0x5568c331b390
| s2smanager table: 0x5568c34701e0
| ssl.x509 table: 0x5568c332a990
| dataforms table: 0x5568c3468290
| filters table: 0x5568c3426a70
| net.http table: 0x5568c3440d20
| ssl table: 0x5568c3349300
| coroutine table: 0x5568c331aff0
| util.rostermanager table: 0x5568c34e7130
| logger table: 0x5568c33a5c40
| core.configmanager table: 0x5568c335bf20
| core.modulemanager table: 0x5568c33bf8c0
| util.signal table: 0x5568c33a62b0
| configmanager table: 0x5568c335bf20
| util.debug table: 0x5568c3415280
| util.dependencies table: 0x5568c333a910
| util.sasl table: 0x5568c33f0cb0
| util.ip table: 0x5568c348d7d0
| util.helpers table: 0x5568c33d2ef0
| events table: 0x5568c3330b00
| luaevent.core table: 0x5568c33525e0
| modulemanager table: 0x5568c33bf8c0
| datetime table: 0x5568c3443e80
| core.hostmanager table: 0x5568c33b7920
| hashes table: 0x5568c334c4b0
| util.datetime table: 0x5568c3443e80
| util.xmppstream table: 0x5568c33d84a0
| http table: 0x5568c3440d20
| util.termcolours table: 0x5568c33a1210
| auxiliary table: 0x5568c3386960
| httpstream table: 0x5568c343dbb0
| util.logger table: 0x5568c33a5c40
| debugx table: 0x5568c3415280
| sessionmanager table: 0x5568c33ecae0
| certmanager table: 0x5568c33b8b00
| util.datamanager table: 0x5568c33dc480
| table table: 0x5568c331a140
| util.sasl.scram table: 0x5568c33e8bd0
| sasl.external table: 0x5568c3391300
| util.dataforms table: 0x5568c3468290
| core.storagemanager table: 0x5568c339fd20
| portmanager table: 0x5568c33e5770
| net.dns table: 0x5568c34612a0
| hostmanager table: 0x5568c33b7920
| util.set table: 0x5568c33a4440
| xmppstream table: 0x5568c33d84a0
| pposix table: 0x5568c33e1760
| util.iterators table: 0x5568c33f59a0
| serialization table: 0x5568c3339d70
| util.stanza table: 0x5568c33c4c90
| adns table: 0x5568c34b9f00
| sasl.anonymous table: 0x5568c3406c80
| jid table: 0x5568c33dee10
| timer table: 0x5568c33843d0
| util.uuid table: 0x5568c33e4b80
| util.envload table: 0x5568c3381dd0
| util.sasl.plain table: 0x5568c340c010
| util.sasl.digest-md5 table: 0x5568c3407c20
| net.server_event table: 0x5568c3388500
| sasl.digest-md5 table: 0x5568c3407c20
| sasl.scram table: 0x5568c33e8bd0
| util.sasl.external table: 0x5568c3391300
| sasl table: 0x5568c33f0cb0
| util.multitable table: 0x5568c3395a50
| util.import true
| core.sessionmanager table: 0x5568c33ecae0
| usermanager table: 0x5568c340ed40
| util.hashes table: 0x5568c334c4b0
| uuid table: 0x5568c33e4b80
| math table: 0x5568c331f0d0
| util.certmanager table: 0x5568c33b8b00
| util.sasl.anonymous table: 0x5568c3406c80
| ssl.context table: 0x5568c337c4d0
| util.jid table: 0x5568c33dee10
| string table: 0x5568c331e770
| multitable table: 0x5568c3395a50
| x509 table: 0x5568c349dd20
| lfs table: 0x5568c3355e10
| util.array table: 0x5568c33ce9a0
| helpers table: 0x5568c33d2ef0
| sasl.plain table: 0x5568c340c010
| core.usermanager table: 0x5568c340ed40
| core.loggingmanager table: 0x5568c33a24e0
| util.httpstream table: 0x5568c343dbb0
| ssl.core table: 0x5568c337b020
| datamanager table: 0x5568c33dc480
| termcolours table: 0x5568c33a1210
| core.moduleapi table: 0x5568c33be270
| signal table: 0x5568c33a62b0
| Result: nil
[10:44:30]
<jonasw> ssl.context, ssl.core, ssl.x509 are loaded at least
[10:44:39]
<jonasw> FWIW, a prosody 0.10 and prosody trunk work fine on the same machine
[10:47:57]
<Maranda> I have no doubt on that what version of LuaSec is it?
[10:49:25]
<jonasw>
[11:49:19] horazont@sinistra metronome › apt show lua-sec
Package: lua-sec
Version: 0.6-3
[10:54:37]
<Maranda> >for i, v in pairs(package.loaded.ssl) do print(i, v) end
[10:54:52]
<jonasw> | _COPYRIGHT LuaSec 0.6 - Copyright (C) 2006-2016 Bruno Silvestre, UFG
| loadcertificate function([C]:-1)
| newcontext function(ssl.lua:34)
| _VERSION 0.6
| wrap function(ssl.lua:112)
| Result: nil
[10:55:32]
<Maranda> Last thing, then please open a ticket on the tracker if you can not much I can do from here 🤣
[10:56:34]
<Maranda> I don't have my private key on this device so I can't look on my server 🤷♂️
[10:56:43]
<jonasw> k
[10:59:11]
<jonasw> Maranda, https://github.com/maranda/metronome/issues/282
[11:00:03]
<Maranda> Thanks, what is weird is that certmanager is not throwing an error
[11:00:16]
<jonasw> Maranda, are tracebacks logged into the debug log?
[11:00:43]
<Maranda> No error
[11:01:07]
<jonasw> I don’t have an error log configured
[11:01:14]
<jonasw> I also think that prosody does log tracebacks to debug if no error log is configured
[11:01:15]
<Maranda> 🤣
[11:01:31]
<Maranda> Ok no Metronome doesn't
[11:01:47]
<jonasw> FWIW, adding 'error = "*console"' to the log thing doesn’t change the output
[11:01:52]
<jonasw> but I’ll make another run in CI and link that
[11:02:13]
<Maranda> Ok 👍
[11:05:09]
<jonasw> done
[11:07:01]
<Maranda> If logging to std doesn't work do output to files. That's bound to work, probably loggingmanager needs a passage too, that code predates 0.9
[11:07:16]
<Maranda> And i didn't touch it much
[11:08:59]
<Maranda> jonasw anything in the error output?
[11:09:16]
<jonasw> I used error = "*console" and that didn’t change anything
[11:09:24]
<jonasw> (so no additinoal output, tracebacks or so)
[11:09:49]
<jonasw> also not if I use file output
[11:09:52]
<jonasw> the file is created, but empty
[11:10:21]
<Maranda> 🤔🤔🤔🤔
[11:13:52]
<Maranda> >print(package.path)
[11:14:32]
<jonasw> | ./?.lua;/usr/local/share/lua/5.1/?.lua;/usr/local/share/lua/5.1/?/init.lua;/usr/local/lib/lua/5.1/?.lua;/usr/local/lib/lua/5.1/?/init.lua;/usr/share/lua/5.1/?.lua;/usr/share/lua/5.1/?/init.lua
[11:15:30]
<Maranda> >print(metronome.paths.source)
[11:15:44]
<jonasw> nil
[11:17:01]
<jonasw> (I did not and don’t intend to run make install)
[11:21:21]
<Maranda> So you're running ./metronome from the source directory I take?
[11:21:39]
<jonasw> yeah
[11:23:52]
<Maranda> Can you paste here the very first lines of the starting script ./metronome and metronome.install if it's there
[11:24:12]
<jonasw> [12:24:01] horazont@sinistra metronome › head metronome
#!/usr/bin/env lua
-- * Metronome IM *
--
-- This file is part of the Metronome XMPP server and is released under the
-- ISC License, please see the LICENSE file in this source package for more
-- information about copyright and licensing.
CFG_SOURCEDIR=os.getenv("METRONOME_SRCDIR");
CFG_CONFIGDIR=os.getenv("METRONOME_CFGDIR");
CFG_PLUGINDIR=os.getenv("METRONOME_PLUGINDIR");
[12:24:04] horazont@sinistra metronome › head metronome.install
#!/usr/bin/env lua5.1
-- * Metronome IM *
--
-- This file is part of the Metronome XMPP server and is released under the
-- ISC License, please see the LICENSE file in this source package for more
-- information about copyright and licensing.
CFG_SOURCEDIR='/usr/local/lib/metronome';
CFG_CONFIGDIR='/usr/local/etc/metronome';
CFG_PLUGINDIR='/usr/local/lib/metronome/modules/';
[11:24:21]
<jonasw> [12:24:15] horazont@sinistra metronome › /usr/bin/env lua
Lua 5.1.5 Copyright (C) 1994-2012 Lua.org, PUC-Rio
>
[11:25:57]
<Maranda> Also you can configure it so that it installs everything in your homedir,
[11:26:09]
<jonasw> I could, but I don’t want to
[11:26:14]
<Maranda> I think we may have the coulprit
[11:26:39]
<jonasw> I can set the environment variables if that helps
[11:26:41]
<jonasw> that’s probably easier
[11:27:56]
<Maranda> Do it see if it changes anything https://github.com/maranda/metronome/blob/master/Makefile#L84
[11:28:07]
<Maranda> Those are sedded on make install
[11:28:38]
<jonasw> I don’t follow?
[11:34:37]
<Maranda> jonasw I meant that the env var are set on make install
[11:35:35]
<jonasw> yeah; I tried to run it with: METRONOME_SRCDIR=$(pwd) METRONOME_CFGDIR=$(pwd) METRONOME_PLUGINDIR=$(pwd)/plugins METRONOME_DATADIR=$(pwd) ./metronome
[11:35:39]
<jonasw> but that didn’t change the behaviour
[11:35:58]
<jonasw> (except that the storage path now differs)
[11:36:09]
<jonasw> (so it did take effect)
[11:37:50]
<Maranda> I guess that's all for now, I'll look into it a bit later if you're around 👍
[11:38:00]
<jonasw> yeah
[11:38:10]
<jonasw> ping me on github or in some MUC
[11:38:29]
<jonasw> (I might leave this MUC because I’m running out of screen space)
[13:32:27]
<Maranda> jonasw 1 hour and I'll be home
[13:34:40]
<Maranda> Just to make sure lua5.2 isn't installed right?
[13:40:35]
<jonasw> Package 'lua5.2' is not installed, so not removed
[13:53:18]
<Maranda> It's obvious that running in a "portable" manner is breaking it, as of why I'm not sure yet. I'll see in a few and I don't think it's because you're using the Prosody config file half those directives are ignored anyways
[15:20:57]
<Maranda> jonasw, >certmanager.create_context("localhost", "client", configmanager.get("*", "ssl"))
| Command completed with a problem
| Message: LuaSec (required for encryption) was not found
[15:21:16]
<Maranda> jonasw, can you try running that same command on the telnet console?
[15:26:30]
<Maranda> found the bug
[15:32:01]
<jonasw> Maranda, yeah, command completed with a problem
[15:32:06]
<jonasw> like yours
[15:33:02]
<Maranda> jonasw, problem with the new luasec version I know how to fix it
[15:33:07]
<Maranda> just a sec
[15:33:09]
<jonasw> cool
[15:42:51]
<Maranda> jonasw, ok commited repull, and retry
[15:44:46]
<Echo1> maranda committed --
util.certmanager: don't try to pick up LuaSec from _G. (Fixes #282)
-> https://github.com/maranda/metronome/commit/52680f4ce66ecb69b7647bdc0b643c2bf2124417
[15:46:09]
<jonasw> I’ll to switch to master for that?
[15:46:36]
<Maranda> It's already in master
[15:46:51]
<jonasw> this doesn’t seem to help
[15:48:00]
<jonasw> https://paste.debian.net/hidden/a960f26d/
[15:51:47]
<Maranda> are you certain?
[15:51:49]
<Maranda> >for i,v in pairs(hosts["localhost"]) do print(i,v) end
| type local
| sessions table: 0x1047ae0
| s2sout table: 0x1047620
| ssl_ctx SSL context: 0x1104f68
| send function(hostmanager.lua:77)
| modules table: 0x1047a90
| dialback_capable true
| events table: 0x1047a00
| dialback_secret SELsckt2jLuSukDv5iq5Dzx7IRNcABPNeVccKMSVWd/qIbqYx6V8vfswIjGKYkaTt9ZyLa4ugdhmxTVghZFObNBJkePC8WDjB0k+7rCqBvR0dkr1dBtO+cTGvd290uvy13mV2GiE1+XcZ++zDSyjN66uI3lIW8ufbBLgU4hmHSvtY79jfFiGakR/FYeohwS5N9vrfSYTzAMmQBCoqPNi+Ajm2eOVw50LbyLTrMhHisIwDvrlz7O0GzMVWfUmBKhXFiCuhbdqC47LoHr47URnwxiL1wQkwNuABRwc4LF+ONxopmIhb0INA/dSRFQUczbMg6ZlAZXvb7CeZNhRurIRzA==
| users table: 0x10f5080
| host localhost
| supports_rosters true
| ssl_ctx_in SSL context: 0x1105bd8
| Result: nil
[15:53:19]
<Maranda> beside try replacing the file with -- ** Metronome's config file example **
--
-- The format is exactly equal to Prosody's:
--
-- Lists are written { "like", "this", "one" }
-- Lists can also be of { 1, 2, 3 } numbers, etc.
-- Either commas, or semi-colons; may be used as seperators.
--
-- A table is a list of values, except each value has a name. An
-- example would be:
--
-- ssl = { key = "keyfile.key", certificate = "certificate.cert" }
--
-- Tip: You can check that the syntax of this file is correct when you have finished
-- by running: luac -p metronome.cfg.lua
-- If there are any errors, it will let you know what and where they are, otherwise it
-- will keep quiet.
-- Global settings go in this section
-- This is the list of modules Metronome will load on startup.
-- It looks for mod_modulename.lua in the plugins folder, so make sure that exists too.
modules_enabled = {
-- Generally required
"roster"; -- Allow users to have a roster. Recommended.
"saslauth"; -- Authentication for clients. Recommended if you want to log in.
"tls"; -- Add support for secure TLS on c2s/s2s connections
"disco"; -- Service discovery
-- Not essential, but recommended
"private"; -- Private XML storage (for room bookmarks, etc.)
"vcard"; -- Allow users to set vCards
"pep"; -- Allows setting of mood, tune, etc.
"posix"; -- POSIX functionality, sends server to background, enables syslog, etc.
"bidi"; -- Enables Bidirectional Server-to-Server Streams.
-- Nice to have
"version"; -- Replies to server version requests
"uptime"; -- Report how long server has been running
"time"; -- Let others know the time here on this server
"ping"; -- Replies to XMPP pings with pongs
"register"; -- Allow users to register on this server using a client and change passwords
"stream_management"; -- Allows clients and servers to use Stream Management
"message_carbons"; -- Allows clients to enable carbon copies of messages
"lastactivity"; -- Enables clients to know the last presence status of an user
"adhoc_cm"; -- Allow to set client certificates to login through SASL External via adhoc
"admin_adhoc"; -- administration adhoc commands
-- Other specific functionality
"admin_telnet"; -- administration console, telnet to port 5582
--"admin_web"; -- administration web interface
--"bosh"; -- Enable support for BOSH clients, aka "XMPP over Bidirectional Streams over Synchronous HTTP"
--"compression"; -- Allow clients to enable Stream Compression
--"incidents_handling"; -- Enable Incidents Handling support (can be administered via adhoc commands)
--"mam"; -- Enable server-side message archives using Message Archive Management
--"server_presence"; -- Enables Server Buddies extension support
--"websocket"; -- Enable support for WebSocket clients, aka "XMPP over WebSockets"
};
-- Default pidfile path
-- pidfile = "/var/run/metronome/metronome.pid";
daemonize = false;
-- Disable account creation by default, for security
allow_registration = false;
-- These are the SSL/TLS-related settings. If you don't want
-- to use SSL/TLS, you may comment or remove this
ssl = {
key = "certs/localhost.key";
certificate = "certs/localhost.cert";
}
log = { debug = "*console", error = "*console" }
-- This allows clients to connect to localhost. No harm in it.
VirtualHost "localhost"
-- Section for example.com
-- (replace example.com with your domain name)
VirtualHost "example.com"
-- Assign this host a certificate for TLS, otherwise it would use the one
-- set in the global section (if any).
-- Note that old-style SSL on port 5223 only supports one certificate, and will always
-- use the global one.
ssl = {
key = "certs/example.com.key";
certificate = "certs/example.com.cert";
}
enabled = false -- This will disable the host, preserving the config, but denying connections
-- Set up a MUC (multi-user chat) room server on conference.example.com:
Component "conference.example.com" "muc"
[15:53:37]
<Maranda> configuration that is
[15:54:28]
<jonasw> what’s the difference?
[15:55:33]
<jonasw> this doesn’t configure anonymous auth
[15:55:34]
<jonasw> (I need that)
[15:56:37]
<Maranda> just add what you need to it
[15:57:00]
<Maranda> anyhow it looks like you didn't update
[15:57:15]
<Maranda> That should indeedly fix the luasec issue
[15:57:17]
<jonasw> I’m on 52680f4ce66ecb69b7647bdc0b643c2bf2124417 though O_o
[15:57:40]
<Maranda> are you sure that you're not getting any error now?
[15:57:47]
<jonasw> >for i,v in pairs(hosts["localhost"]) do print(i,v) end
| type local
| sessions table: 0x56044264d130
| ssl_ctx SSL context: 0x5604426c4648
| s2sout table: 0x560442632270
| send function(hostmanager.lua:77)
| modules table: 0x5604425e1f10
| dialback_capable true
| events table: 0x560442636e10
| dialback_secret p3hktKftw77QB2Y5fu8Rv0vv1iNoBBQb4EgEZ7rVuAL9iyT0WvzLyUhhpagKfygn+Y0uJ3Ki5RxxFVsc6R73Pw3hbFz0UEhBbxVZqbfNfLGG9G4z64vUn8pbt4EXBE9sSytxOjUwFDS6peshgUi4rAU9yBM14kUqb56l+ZcvTNpgkuUWc1KNYHxKSvVFHCIJJJpSMud3qcoFp3r7oLX+EE6Vl881UphOx7aLZZqVehIZ0Xf921h6SP9wa1CmE+NSeRZpsinCV+dI/xQ0TOuzvuWFNSdzXZd0azDoUWcDucxx86263NNkrN0LeTQYzcu3pt7vZWOPVxuw0dQuqBb4Lw==
| users table: 0x560442675f90
| host localhost
| supports_rosters true
| ssl_ctx_in SSL context: 0x56044259a5f8
| Result: nil
[15:57:51]
<jonasw> I pasted you the logs
[15:58:24]
<Maranda> have log = { debug = "*console", error = "*console" } in the config now?
[15:58:27]
<jonasw> yeah
[15:58:38]
<Maranda> ...
[15:58:45]
<jonasw> this to be specific:
log = {
-- "*syslog"; -- Uncomment this for logging to syslog
debug = "*console"; -- Log to the console, useful for debugging with daemonize=false
error = "*console";
}
[16:00:27]
<Maranda> >certmanager.create_context("localhost", "client", configmanager.get("*", "ssl"))
[16:00:42]
<Maranda> jonasw, tell me if anything differs
[16:00:46]
<jonasw> (ipv6 on your pastebin seems to be broken by the way)
[16:01:08]
<jonasw>
>certmanager.create_context("localhost", "client", configmanager.get("*", "ssl"))
| Result: SSL context: 0x55e048503438
[16:01:13]
<Maranda> .
[16:01:23]
<Maranda> what's your config file again?
[16:01:38]
<jonasw> http://paste.debian.net/hidden/40702bea/
[16:01:40]
<jonasw> I’m about to try yours
[16:02:20]
<jonasw> same thing
[16:02:46]
<jonasw> (I had to fix the paths to the SSL cert, but otherwise it’? what you pasted at 15:53:19Z)
[16:03:28]
<Maranda> add ssl = { key = "/home/horazont/Builds/metronome/certs/localhost.key"; certificate = "/home/horazont/Builds/metronome/certs/localhost.crt"; } under the localhost virtual host section pretty please
[16:04:15]
<jonasw> no change
[16:05:26]
<Maranda> >for i,v in pairs(configmanager.get("localhost", "ssl")) do print(i,v) end
[16:05:45]
<jonasw> >for i,v in pairs(configmanager.get("localhost", "ssl")) do print(i,v) end
| key /home/horazont/Builds/metronome/certs/localhost.key
| certificate /home/horazont/Builds/metronome/certs/localhost.crt
| Result: nil
[16:06:16]
<Maranda> and config:reload(), module:reload"tls" does nothing?
[16:06:22]
<jonasw> I restarted the thing between each test
[16:06:34]
<jonasw> config:reload()
| OK: Config reloaded (you may need to reload modules to take effect)
module:reload"tls"
| Reloaded on localhost
| Reloaded on muc.localhost
| Reloaded on pubsub.localhost
| OK: Module reloaded on 3 hosts
[16:06:41]
<jonasw> doesn’t change anything
[16:06:56]
<Maranda> >for i,v in pairs(hosts["localhost"]) do print(i,v) end
[16:07:03]
<Maranda> still shows no context?
[16:07:12]
<jonasw> >for i,v in pairs(hosts["localhost"]) do print(i,v) end
| type local
| sessions table: 0x5583488520c0
| ssl_ctx SSL context: 0x558348993c68
| s2sout table: 0x5583488f55b0
| send function(hostmanager.lua:77)
| modules table: 0x558348811030
| dialback_capable true
| events table: 0x558348810fa0
| dialback_secret GXChWAcmcKnvmcK8AbDYuKOiOyWg3xJxTOgwHH9p5uXyxRmoz/4ikt55bmkpMU+bALzm8f31f0vraAEllMgXoIv4BDyxct30SL3Po3UAeKlbs9OW6P3Bsq0ZJV1xUWgQyffMhZbcDjkx8TDZtZx/Wv/Fuyk3GRfSDsbBk4wADy+WFCY0j4AIwXbP2/mY5syttBUN1bO7hbQb3sfsbQg2Igu7pW3BKYERRDF2GmrQdkV3YiPdsfo2ERUdTO5P5FczAtMhsIUq/paZJla2WZ+nCoty/q3dwCYZ4xXaIVW5gbGCPLoBFyExjh9/t8J8q6EAv0gzNPi2FE0ELESIWYRWZQ==
| users table: 0x558348889b70
| host localhost
| supports_rosters true
| ssl_ctx_in SSL context: 0x558348995fc8
| Result: nil
[16:07:23]
<Maranda> !
[16:07:27]
<Maranda> the ctx is in
[16:07:45]
<jonasw> looks the same as the one I pasted at 15:57Z
[16:07:48]
<Maranda> but the client can't connect?
[16:07:50]
<jonasw> or am I stupid?
[16:07:52]
<jonasw> yeah, same error as before
[16:07:59]
<jonasw> c2s558348a2f3c0 warn Attempt to start TLS, but TLS is not available on this c2s_unauthed connection
[16:11:04]
<Maranda> so there's a problem on luasocket too?
[16:11:36]
<jonasw> maybe?
[16:13:19]
<Maranda> jonasw, what client is it out of curiousity? Because the only reason it's failing it's because session.conn.starttls is missing
[16:13:57]
<Maranda> so it's either that or a problem, yet with the new version of luasocket *pouts*
[16:14:15]
<jonasw> this is aioxmpp
[16:14:27]
<jonasw> I’m testing it against various servers during CI tests (prosody and ejabberd atm)
[16:14:47]
<jonasw> it works fine with both :-)
[16:17:46]
<Maranda> ok then I need some logging on your end Below line 38 of mod_tls could you please add this:
[16:18:53]
<Maranda> for i,v in pairs(session.conn) do module:log("debug","i - %s, v - %s",tostring(i),tostring(v)) end
[16:19:13]
<Maranda> jonasw, then retest?
[16:19:51]
<jonasw> uh
[16:19:53]
<Maranda> and paste the log after
[16:19:57]
<jonasw> two things: (a) that method doesn’t seem to have a session thing?
[16:20:02]
<jonasw> (b) why don’t I see a traceback from that?
[16:20:11]
<jonasw> (I also don’t see any additional log output)
[16:20:33]
<jonasw> but here you go: http://paste.debian.net/hidden/ad031dc1/
[16:20:42]
<Maranda> https://github.com/maranda/metronome/blob/master/plugins/mod_tls.lua#L38 - < below this line
[16:21:00]
<jonasw> oh
[16:21:01]
<jonasw> damn
[16:21:05]
<jonasw> I read 83 instead of 38
[16:21:26]
<jonasw> c2s559974841d30 debug Sent reply <stream:stream> to client
localhost:tls debug i - writebufferlen, v - 193
localhost:tls debug i - send, v - function([C]:-1)
localhost:tls debug i - noreading, v - false
localhost:tls debug i - currenttime, v - 1519489281.6719
localhost:tls debug i - _serverport, v - 5222
localhost:tls debug i - eventhandshake, v - false
localhost:tls debug i - eventread, v - userdata: 0x559974858998
localhost:tls debug i - eventwrite, v - userdata: 0x55997480dfb8
localhost:tls debug i - conn, v - tcp{client}: 0x55997482f078
localhost:tls debug i - position, v - 4
localhost:tls debug i - startsslcallback, v - false
localhost:tls debug i - onconnect, v - function(mod_c2s.lua:180)
localhost:tls debug i - eventstarthandshake, v - false
localhost:tls debug i - writebuffer, v - table: 0x559974841d80
localhost:tls debug i - eventclose, v - false
localhost:tls debug i - _port, v - 44462
localhost:tls debug i - eventreadtimeout, v - false
localhost:tls debug i - writecallback, v - function(server_event.lua:498)
localhost:tls debug i - nointerface, v - false
localhost:tls debug i - _pattern, v - *a
localhost:tls debug i - readcallback, v - function(server_event.lua:561)
localhost:tls debug i - type, v - client
localhost:tls debug i - onincoming, v - function(mod_c2s.lua:228)
localhost:tls debug i - id, v - 559974841d30
localhost:tls debug i - starttls, v - false
localhost:tls debug i - _usingssl, v - false
localhost:tls debug i - ondisconnect, v - function(mod_c2s.lua:235)
localhost:tls debug i - eventwritetimeout, v - false
localhost:tls debug i - _server, v - table: 0x55997480d0a0
localhost:tls debug i - _ip, v - 127.0.0.1
localhost:tls debug i - nowriting, v - false
localhost:tls debug i - receive, v - function([C]:-1)
localhost:tls debug i - eventconnect, v - false
localhost:tls debug i - fatalerror, v - false
c2s559974841d30 debug Received[c2s_unauthed]: <starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'>
localhost:tls debug i - writebufferlen, v - 0
localhost:tls debug i - send, v - function([C]:-1)
localhost:tls debug i - noreading, v - false
localhost:tls debug i - currenttime, v - 1519489281.6719
localhost:tls debug i - _serverport, v - 5222
localhost:tls debug i - eventhandshake, v - false
localhost:tls debug i - eventread, v - userdata: 0x559974858998
localhost:tls debug i - conn, v - tcp{client}: 0x55997482f078
localhost:tls debug i - position, v - 4
localhost:tls debug i - startsslcallback, v - false
localhost:tls debug i - onconnect, v - function(mod_c2s.lua:180)
localhost:tls debug i - eventstarthandshake, v - false
localhost:tls debug i - writebuffer, v - table: 0x5599747f86b0
localhost:tls debug i - eventclose, v - false
localhost:tls debug i - _port, v - 44462
localhost:tls debug i - eventreadtimeout, v - false
localhost:tls debug i - writecallback, v - function(server_event.lua:498)
localhost:tls debug i - nointerface, v - false
localhost:tls debug i - _pattern, v - *a
localhost:tls debug i - readcallback, v - function(server_event.lua:561)
localhost:tls debug i - type, v - client
localhost:tls debug i - onincoming, v - function(mod_c2s.lua:228)
localhost:tls debug i - id, v - 559974841d30
localhost:tls debug i - starttls, v - false
localhost:tls debug i - _usingssl, v - false
localhost:tls debug i - ondisconnect, v - function(mod_c2s.lua:235)
localhost:tls debug i - eventwritetimeout, v - false
localhost:tls debug i - _server, v - table: 0x55997480d0a0
localhost:tls debug i - _ip, v - 127.0.0.1
localhost:tls debug i - nowriting, v - false
localhost:tls debug i - receive, v - function([C]:-1)
localhost:tls debug i - eventconnect, v - false
localhost:tls debug i - fatalerror, v - false
[16:21:33]
<jonasw> that’s the interesting part I suppose?
[16:22:58]
<Maranda> yes
[16:25:14]
<Maranda> definitely a LuaSocket thing,
[16:25:31]
<Maranda> let me eat and I'll pull something together
[16:25:35]
<jonasw> good luck
[16:25:35]
<jonasw> :-)
[16:27:05]
<Maranda> jonasw, metronome expects session.conn.starttls when the client is able to perform starttls to be true but I guess they changed that
[16:27:13]
<Maranda> what version of luasocket is that?
[16:27:25]
<jonasw> is it possible that luasocket did the same change as luasec did?
[16:27:28]
<jonasw> Package: lua-socket
Version: 3.0~rc1+git+ac3201d-3
[16:44:15]
<Maranda> jonasw, no it's just that it's way different from 2.1
[16:44:37]
<Maranda> if it needs to be flagged somehow I have no idea how much
[16:44:55]
<Maranda> jonasw, for now this is the work around
[16:45:05]
<Maranda> local function can_do_tls(session)
if session.type == "c2s_unauthed" then
return session.conn.starttls and host.ssl_ctx_in;
elseif session.type == "s2sin_unauthed" and allow_s2s_tls then
return session.conn.starttls and host.ssl_ctx_in;
elseif session.direction == "outgoing" and allow_s2s_tls then
return session.conn.starttls and host.ssl_ctx;
end
return false;
end
[16:45:11]
<Maranda> ^ this needs to be changed to
[16:45:41]
<Maranda> local function can_do_tls(session)
if session.type == "c2s_unauthed" then
return host.ssl_ctx_in;
elseif session.type == "s2sin_unauthed" and allow_s2s_tls then
return host.ssl_ctx_in;
elseif session.direction == "outgoing" and allow_s2s_tls then
return host.ssl_ctx;
end
return false;
end
[16:45:58]
<Maranda> jonasw, hoping the server doesn't explode
[16:46:20]
<Maranda> jonasw, I won't commit it just now because I'm unsure it's the right way
[16:46:32]
<jonasw> mod_c2s error Traceback[c2s]: ./plugins/mod_tls.lua:57: attempt to call method 'starttls' (a boolean value): stack traceback:
./plugins/mod_c2s.lua:119: in function 'starttls'
./plugins/mod_tls.lua:57: in function '?'
./util/events.lua:67: in function 'fire_event'
./plugins/mod_router.lua:142: in function '?'
./util/events.lua:67: in function <./util/events.lua:63>
(tail call): ?
[C]: in function 'xpcall'
./plugins/mod_c2s.lua:123: in function 'cb_handlestanza'
./util/xmppstream.lua:148: in function <./util/xmppstream.lua:135>
[C]: in function 'parse'
./util/xmppstream.lua:200: in function 'feed'
./plugins/mod_c2s.lua:210: in function 'data'
./plugins/mod_c2s.lua:231: in function 'onincoming'
./net/server_event.lua:611: in function <./net/server_event.lua:561>
[C]: in function 'loop'
./net/server_event.lua:767: in function <./net/server_event.lua:766>
[C]: in function 'xpcall'
./metronome:324: in function 'loop'
./metronome:388: in main chunk
[C]: ?
[16:46:57]
<Maranda> :(
[16:47:15]
<Maranda> then it's really luasocket
[16:47:39]
<Maranda> I'll test a bit now, then do it tomorrow.
[16:47:41]
<jonasw> good luck
[16:49:01]
<Maranda> this version LuaSocket 2.1-rc1 (Prosody) should work, I'll have to try to find what doesn't work.
[16:49:12]
<Maranda> but not sure I have the time now.
[16:50:05]
<jonasw> yeah, don’t worry
[16:50:13]
<jonasw> it’s not like I was planning to use this productively
[17:06:48]
<Maranda> jonasw, ha, I missed a bit.
[17:08:27]
<Maranda> jonasw, try now I swear that if it doesn't work I'm gonna eat a hat. Repull and try.
[17:09:25]
<Maranda> (i tested on my local laptop and it does)
[17:11:19]
<Maranda> need to jet now
[17:14:46]
<Echo1> maranda committed --
net.server_event: properly require LuaSec. (Sorts #282)
-> https://github.com/maranda/metronome/commit/052be9ef69e176ac3bd1aef7ed66bad02b402a60
[17:46:02]
*Maranda should be barred from rushing
[18:19:38]
<Maranda> @ping swift.im
[18:19:42]
<Echo1> Maranda: Pong from swift.im in 3.976 seconds
[18:19:59]
<Maranda> @ping isode.com
[18:19:59]
<Echo1> Maranda: Ping failed (remote-server-not-found): Server-to-server connection failed: received a response of type invalid while authenticating with the authoritative server
[18:20:10]
<Maranda> @ping isode.com
[18:20:11]
<Echo1> Maranda: Ping failed (remote-server-not-found): Server-to-server connection failed: received a response of type invalid while authenticating with the authoritative server
[18:20:22]
<Maranda> @ping isode.com
[18:20:22]
<Echo1> Maranda: Ping failed (remote-server-not-found): Server-to-server connection failed: received a response of type invalid while authenticating with the authoritative server
[18:20:47]
<Maranda> @ping isode.com
[18:20:47]
<Echo1> Maranda: Ping failed (remote-server-not-found): Server-to-server connection failed: received a response of type invalid while authenticating with the authoritative server
[18:20:50]
<Maranda> @ping isode.com
[18:20:50]
<Echo1> Maranda: Ping failed (remote-server-not-found): Server-to-server connection failed: received a response of type invalid while authenticating with the authoritative server
[18:20:53]
<Maranda> @ping isode.com
[18:20:53]
<Echo1> Maranda: Ping failed (remote-server-not-found): Server-to-server connection failed: received a response of type invalid while authenticating with the authoritative server
[18:20:56]
<Maranda> @ping isode.com
[18:20:56]
<Echo1> Maranda: Ping failed (remote-server-not-found): Server-to-server connection failed: received a response of type invalid while authenticating with the authoritative server
[18:20:59]
<Maranda> @ping isode.com
[18:20:59]
<Echo1> Maranda: Ping failed (remote-server-not-found): Server-to-server connection failed: received a response of type invalid while authenticating with the authoritative server
[18:21:02]
<Maranda> @ping isode.com
[18:21:02]
<Echo1> Maranda: Ping failed (remote-server-not-found): Server-to-server connection failed: received a response of type invalid while authenticating with the authoritative server
[18:21:05]
<Maranda> @ping isode.com
[18:21:05]
<Echo1> Maranda: Ping failed (remote-server-not-found): Server-to-server connection failed: stream failure
[18:21:15]
<Maranda> 👍👍👍👍👍
[18:39:24]
<jonasw> Maranda, sweet
[18:39:25]
<jonasw> TLS works
[18:39:59]
<Maranda> Yay?
[18:40:12]
<Maranda> 😑😑😑
[18:40:16]
<Maranda> 🤣🤣
[18:41:35]
<jonasw> but now I need to figure out how to make it do SASL ANONYMOUS
[18:41:40]
<jonasw> authentication = "anonymous" dosen’t seem to cut it
[18:44:01]
<Maranda> authentication provider directives are per virtualhost in metronome you need to put under the virtualhost section
[18:44:15]
<Maranda> Same for storage directives
[18:44:36]
<jonasw> ah okay
[18:45:25]
<jonasw> lol
[18:45:28]
<jonasw> funny things are happening
[18:46:17]
<jonasw> so first, I need to raise some limit there, because Metronome won’t allow me arbitrary amounts of anon sessions
[18:46:19]
<jonasw> second: aioxmpp.e2etest.provision.client3.XMLStream: DEBUG: RECV b"<failure xmlns='urn:ietf:params:xml:ns:xmpp-sasl'><You're allowed to have only one anonymous session at any given time, good bye./></failure>"
[18:46:25]
<jonasw> it’s sending invalid XML in those cases
[18:50:58]
<Maranda> https://metronome.im/documentation/configuration
[18:51:21]
<Maranda> Mod_auth_anonymous
[18:52:24]
<Maranda> allow_anonymous_multiresourcing = true
[18:53:48]
<Maranda> jonasw, open another issue plx I'll fix laters 😆
[18:55:32]
<Maranda> Danke.
[18:57:22]
<jonasw> Private XML Storage (XEP-0049) seems to silently not work with mod_auth_anonymous (or in general?)
[19:01:34]
<Maranda> Storage could get disabled when mod_auth_anonymous is enabled
[19:02:18]
<Maranda> iirc don't exactly remember
[19:13:24]
<Maranda> jonasw I'll look later atm I'm outside, try to load mod_private on the host.
[19:14:18]
<jonasw> Maranda, I’ll open an issue in any case, the way it fails is probably bad
[20:06:13]
<Maranda> jonasw yes it's disabled, but I think Prosody may do the same https://github.com/maranda/metronome/blob/master/plugins/mod_auth_anonymous.lua#L96
[20:06:21]
<jonasw> it works with prosody
[20:28:19]
<Maranda> jonasw, as usual I'll look into it later 😂
[20:29:06]
<Maranda> I suppose it doesn't disable storage
[20:41:32]
<jonasw> no hurry :)
[20:42:08]
<jonasw> yours would’ve been the first server we haven’t found bugs in ;-)
[22:04:21]
<Maranda> jonasw, one fixed, now mod_private.
[22:38:49]
<Maranda> Restarting server guys, environment is way too tainted.