Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
O
Openfire
Project
Project
Details
Activity
Releases
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
Administrator
Openfire
Commits
4bdbde1a
Commit
4bdbde1a
authored
Dec 13, 2016
by
Dave Cridland
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
OF-1081 Enforce StartTLS policy even when dialback enabled
parent
7a1d02a5
Changes
4
Hide whitespace changes
Inline
Side-by-side
Showing
4 changed files
with
21 additions
and
4 deletions
+21
-4
SocketConnection.java
src/java/org/jivesoftware/openfire/net/SocketConnection.java
+3
-0
ServerDialback.java
...java/org/jivesoftware/openfire/server/ServerDialback.java
+8
-0
LocalIncomingServerSession.java
...software/openfire/session/LocalIncomingServerSession.java
+1
-3
LocalOutgoingServerSession.java
...software/openfire/session/LocalOutgoingServerSession.java
+9
-1
No files found.
src/java/org/jivesoftware/openfire/net/SocketConnection.java
View file @
4bdbde1a
...
...
@@ -154,6 +154,9 @@ public class SocketConnection implements Connection {
xmlSerializer
=
new
XMLSocketWriter
(
writer
,
this
);
instances
.
put
(
this
,
""
);
// Default this sensibly.
this
.
tlsPolicy
=
this
.
getConfiguration
().
getTlsPolicy
();
}
/**
...
...
src/java/org/jivesoftware/openfire/server/ServerDialback.java
View file @
4bdbde1a
...
...
@@ -483,6 +483,14 @@ public class ServerDialback {
final
Logger
log
=
LoggerFactory
.
getLogger
(
Log
.
getName
()
+
"[Acting as Receiving Server: Validate domain:"
+
recipient
+
"(id "
+
streamID
+
") for OS: "
+
remoteDomain
+
"]"
);
log
.
debug
(
"Validating domain..."
);
if
(
connection
.
getTlsPolicy
()
==
Connection
.
TLSPolicy
.
required
&&
!
connection
.
isSecure
())
{
connection
.
deliverRawText
(
new
StreamError
(
StreamError
.
Condition
.
policy_violation
).
toXML
());
// Close the underlying connection
connection
.
close
();
return
false
;
}
if
(!
RemoteServerManager
.
canAccess
(
remoteDomain
))
{
connection
.
deliverRawText
(
new
StreamError
(
StreamError
.
Condition
.
policy_violation
).
toXML
());
// Close the underlying connection
...
...
src/java/org/jivesoftware/openfire/session/LocalIncomingServerSession.java
View file @
4bdbde1a
...
...
@@ -152,9 +152,7 @@ public class LocalIncomingServerSession extends LocalServerSession implements In
// Remote server is XMPP 1.0 compliant so offer TLS and SASL to establish the connection (and server dialback)
// Indicate the TLS policy to use for this connection
Connection
.
TLSPolicy
tlsPolicy
=
ServerDialback
.
isEnabled
()
?
Connection
.
TLSPolicy
.
optional
:
Connection
.
TLSPolicy
.
required
;
Connection
.
TLSPolicy
tlsPolicy
=
connection
.
getTlsPolicy
();
boolean
hasCertificates
=
false
;
try
{
hasCertificates
=
XMPPServer
.
getInstance
().
getCertificateStoreManager
().
getIdentityStore
(
ConnectionType
.
SOCKET_S2S
).
getStore
().
size
()
>
0
;
...
...
src/java/org/jivesoftware/openfire/session/LocalOutgoingServerSession.java
View file @
4bdbde1a
...
...
@@ -312,6 +312,11 @@ public class LocalOutgoingServerSession extends LocalServerSession implements Ou
}
log
.
debug
(
"Unable to secure and authenticate the connection with TLS & SASL."
);
}
else
if
(
connection
.
getTlsPolicy
()
==
Connection
.
TLSPolicy
.
required
)
{
log
.
debug
(
"I have no StartTLS yet I must TLS"
);
connection
.
close
();
return
null
;
}
// Check if we are going to try server dialback (XMPP 1.0)
else
if
(
ServerDialback
.
isEnabled
()
&&
features
.
element
(
"dialback"
)
!=
null
)
{
log
.
debug
(
"Both us and the remote server support the 'dialback' feature. Authenticate the connection with dialback..."
);
...
...
@@ -340,9 +345,12 @@ public class LocalOutgoingServerSession extends LocalServerSession implements Ou
}
log
.
debug
(
"Something went wrong so close the connection and try server dialback over a plain connection"
);
if
(
connection
!=
null
)
{
if
(
connection
.
getTlsPolicy
()
==
Connection
.
TLSPolicy
.
required
)
{
log
.
debug
(
"I have no StartTLS yet I must TLS"
);
connection
.
close
();
return
null
;
}
connection
.
close
();
}
catch
(
SSLHandshakeException
e
)
{
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment