Projects tigase _server server-core Issues #1047
Add SASL-EXTERNAL on s2s conections (#1047)
Wojciech Kapcia (Tigase) opened 6 years ago

XEP-0178: Best Practices for Use of SASL EXTERNAL with Certificates: Server-to-Server Recommendation

  • "If the 'from' attribute of stream header sent by Server1 can be matched against one of the identifiers provided in the certificate following the matching rules from RFC 6125, Server2 returns success."
  • CA chain verification based on CAs from JVM
  • Wojciech Kapcia (Tigase) commented 6 years ago

    With sasl-external enabled almost all remote, non-Tigase servers fail to establish s2s with:

    [2019-09-05 19:19:53:291] [FINEST  ] [      pool-32-thread-8 ] XMPPIOService.processSocketData(): CID: tigase.im@wielicki.name, null, type: connect, Socket: TLS: nullSocket[addr=/95.217.50.18,port=5269,localport=10976], jid: null, READ:<?xml version='1.0'?><stream:stream version='1.0' xmlns:stream='http://etherx.jabber.org/streams' from='wielicki.name' xml:lang='en' to='tigase.im' xmlns:db='jabber:server:dialback' xmlns='jabber:server'><stream:error><invalid-namespace xmlns='urn:ietf:params:xml:ns:xmpp-streams'/></stream:error></stream:stream>
    
  • Bartosz Małkowski commented 6 years ago

    @wojtek Do you have more logs? What exactly packed caused this response?

  • Bartosz Małkowski commented 6 years ago

    I hope problem are fixed.

issue 1 of 1
Type
New Feature
Priority
Normal
Assignee
Version
tigase-server-8.1.0
Estimation
0
Spent time
0
Issue Votes (0)
Watchers (0)
Reference
tigase/_server/server-core#1047
Please wait...
Page is in error, reload to recover