Tigase Forge
Dashboards
Projects
Pull Requests
Issues
Builds
Packages
Code Search
server-core
Code
Pull Requests
Issues
List
Boards
Iterations
Builds
Packages
Statistics
Child Projects
OneDev 11.5.2
Documentation Support & Bug Report RESTful API Incompatibilities License Agreement Check Update
Projects tigase _server server-core Issues #1047
Add SASL-EXTERNAL on s2s conections (#1047)
wojciech.kapcia@tigase.net opened 5 years ago

XEP-0178: Best Practices for Use of SASL EXTERNAL with Certificates: Server-to-Server Recommendation

  • "If the 'from' attribute of stream header sent by Server1 can be matched against one of the identifiers provided in the certificate following the matching rules from RFC 6125, Server2 returns success."
  • CA chain verification based on CAs from JVM
wojciech.kapcia@tigase.net commented 5 years ago

With sasl-external enabled almost all remote, non-Tigase servers fail to establish s2s with:

[2019-09-05 19:19:53:291] [FINEST  ] [      pool-32-thread-8 ] XMPPIOService.processSocketData(): CID: tigase.im@wielicki.name, null, type: connect, Socket: TLS: nullSocket[addr=/95.217.50.18,port=5269,localport=10976], jid: null, READ:<?xml version='1.0'?><stream:stream version='1.0' xmlns:stream='http://etherx.jabber.org/streams' from='wielicki.name' xml:lang='en' to='tigase.im' xmlns:db='jabber:server:dialback' xmlns='jabber:server'><stream:error><invalid-namespace xmlns='urn:ietf:params:xml:ns:xmpp-streams'/></stream:error></stream:stream>
Bartosz Małkowski commented 5 years ago

@wojtek Do you have more logs? What exactly packed caused this response?
Bartosz Małkowski commented 5 years ago

I hope problem are fixed.
issue 1 of 1
Type
New Feature
Priority
Normal
Assignee
wojciech.kapcia@tigase.net
Version
tigase-server-8.1.0
Estimation
20h
Spent time
26h 48m
Related
Issue Votes (0)
Login to vote
Watchers (0)
Reference
tigase/_server/server-core#1047
Please wait...
Page is in error, reload to recover