Projects tigase _server server-core Issues #1133
Not able to connect via S2S to server with incorrect SSL certificate (#1133)
Andrzej Wójcik (Tigase) opened 5 years ago

Not able to connect via S2S to the server with an incorrect SSL certificate. That server is dropping handshake only dialback connection on SASL external requests.

Andrzej Wójcik (Tigase) commented 5 years ago

While dialback is in progress, we can assume that SASL external will fail anyway and can skip that step. This solves that issue and is a reasonable solution.

wojciech.kapcia@tigase.net commented 5 years ago

Looks sensible though it should be included in master branch.

wojciech.kapcia@tigase.net commented 5 years ago

@andrzej.wojcik

I was looking at this change while looking at #issue #1111 and I think we could change this condition to OR:

if (certCheckResult == CertCheckResult.invalid && serv.isHandshakingOnly()) {
	return true;
}

(if it's handshakingOnly then it's most likely dialback, and if certificate is invalid then possibly we will be able to establish s2s as a client but return connection will definitely fail. What do you think?

Andrzej Wójcik (Tigase) commented 5 years ago

Well, we could try that. I've added && as I was no sure if the usage of || will not make it too relaxed and wanted to make the smallest possible change.

wojciech.kapcia@tigase.net commented 5 years ago

I was pondering it a little bit more and I think that with #issue #1112 and #issue #1132 we could actually stick with && with the assumption that it would still be possible to establish and authenticate connection in one way using SASL-EXTERNAL and other way around using dialback.

issue 1 of 1
Type
Bug
Priority
Normal
Assignee
Version
tigase-server-8.1.0
Spent time
2h
Issue Votes (0)
Watchers (0)
Reference
tigase/_server/server-core#1133
Please wait...
Page is in error, reload to recover