Tigase Forge
Dashboards
Projects
Global Views
Code Search
server-core
Code
Pull Requests
Issues
List
Boards
Iterations
Builds
Packages
Statistics
Child Projects
OneDev 11.9.7
Documentation Support & Bug Report RESTful API Incompatibilities License Agreement Check Update
Projects tigase _server server-core Issues #1047
Add SASL-EXTERNAL on s2s conections (#1047)
Wojciech Kapcia (Tigase) opened 6 years ago

XEP-0178: Best Practices for Use of SASL EXTERNAL with Certificates: Server-to-Server Recommendation

  • "If the 'from' attribute of stream header sent by Server1 can be matched against one of the identifiers provided in the certificate following the matching rules from RFC 6125, Server2 returns success."
  • CA chain verification based on CAs from JVM
  • Wojciech Kapcia (Tigase) commented 6 years ago

    With sasl-external enabled almost all remote, non-Tigase servers fail to establish s2s with:

    [2019-09-05 19:19:53:291] [FINEST  ] [      pool-32-thread-8 ] XMPPIOService.processSocketData(): CID: tigase.im@wielicki.name, null, type: connect, Socket: TLS: nullSocket[addr=/95.217.50.18,port=5269,localport=10976], jid: null, READ:<?xml version='1.0'?><stream:stream version='1.0' xmlns:stream='http://etherx.jabber.org/streams' from='wielicki.name' xml:lang='en' to='tigase.im' xmlns:db='jabber:server:dialback' xmlns='jabber:server'><stream:error><invalid-namespace xmlns='urn:ietf:params:xml:ns:xmpp-streams'/></stream:error></stream:stream>
  • Bartosz Małkowski commented 6 years ago

    @wojtek Do you have more logs? What exactly packed caused this response?

  • Bartosz Małkowski commented 6 years ago

    I hope problem are fixed.

issue 1 of 1
Type
New Feature
Priority
Normal
Assignee
Wojciech Kapcia (Tigase)
Version
tigase-server-8.1.0
Estimation
0
Spent time
0
Issue Votes (0)
Login to vote
Watchers (0)
Reference
tigase/_server/server-core#1047
Please wait...
Page is in error, reload to recover