Tigase Forge
Dashboards
Projects
Pull Requests
Issues
Builds
Packages
Code Search
siskin-im
Code
Pull Requests
Issues
List
Boards
Iterations
Builds
Statistics
Child Projects
OneDev 10.9.4
Documentation Support & Bug Report RESTful API Incompatibilities License Agreement Check Update
Projects tigase _clients siskin-im Issues #479
Upload does not fully work (#479)
Open
Unknown opened 4 years ago

Describe the bug Upload of pictures does not work on siskin on my iPhone. On Beagle it works well.

The picture is uploaded and also the file is accepted by Ejabberd and stored correctly. However siskin is not submitting the according link to it.

Details (please complete the following information):

  • Siskin Version: [e.g. 6.2.0]
  • iOS version [e.g. 14.4]
  • iPhone model [e.g. iPhone 10]
Unknown commented 2 years ago

Same issue here, I'm wondering whether that has something to do with the fact that I'm using a self-signed certificate (which I did trust so that Siskin could connect). This is the output on the server side:

2022-04-10 19:48:36.262640+00:00 [info] Got HTTP upload slot for xxx@xxx.lan/xxx (file: IMG_7439.png, size: 709944)
2022-04-10 19:48:36.279022+00:00 [info] (<0.804.0>) Accepted connection [::ffff:10.0.0.23]:58194 -> [::ffff:172.17.0.7]:5443

Even thought the server reports an accepted connection, Siskin reports an issue when trying to upload a photo.
Unknown commented 2 years ago

@mrusme If you have accepted a self-signed certificate during XMPP connection establishment, then it is only accepted for establishing an XMPP connection for a particular account.

This means it is not trusted nor accepted for establishing the HTTPS connection required for HTTP File Upload to work correctly. This is not a bug, but how the app works.

Accepting self-signed SSL certificates for XMPP connections is part of the app, but was introduced to allow testing the app on the development servers which are not accessible from the internet. HTTP File Upload, on the other hand, should be accessible from the internet, as this should allow anyone to have a link to access the uploaded file. Having a self-signed certificate may forbid the recipient of a link from downloading a file and verifying HTTP server identity. Due to that, HTTP File Upload HTTP servers should have a valid SSL certificate.

Due to that, and the fact that many can acquire SSL certificates for HTTPS connections for free (ie. from LetsEncrypt), I think that this is how the app should work.
Unknown commented 2 years ago

@hantu85 in my case I'm using ejabberd internally, without access to the outside world. Assuming a company is setting up something like that inside their VPC, where no Let's Encrypt certificate could be issued, how would they go with sharing files through XMPP?

I understand the security impact of accepting a self-signed certificate and I guess one way to mitigate this issue is to install the company's CA on each device. However, I believe it would be nice if there was a big fat warning with an "I agree" checkmark that would allow people to accept self-signed certs for file uploads as well, in cases in which they might not be able to install the root CA on every machine due to BYOD.
Unknown commented 2 years ago

@mrusme We may consider this in the future, but we will treat it as a low priority feature. We are open to PR with the implementation of this feature.
issue 1 of 1
Type
Bug
Issue Votes (0)
Login to vote
Watchers (0)
Reference
tigase/_clients/siskin-im#479
Please wait...
Page is in error, reload to recover