- 07 Dec, 2014 1 commit
-
-
Florian Schmaus authored
when performing SASL authentication. Since 3eadecb6 Openfire would return incorrect-encoding when a SASL auth packet would contain just a single equals sign ('='). But this is correct (client) behavior according to RFC 6120 6.4.2. Related to OF-736 07:25:42 PM SENT (2109957412): <stream:stream xmlns='jabber:client' to='igniterealtime.org' xmlns:stream='http://etherx.jabber.org/streams' version='1.0'> 07:25:42 PM RCV (2109957412): <?xml version='1.0' encoding='UTF-8'?><stream:stream xmlns:stream="http://etherx.jabber.org/streams" xmlns="jabber:client" from="igniterealtime.org" id="1d96e3b3" xml:lang="en" version="1.0"> 07:25:43 PM RCV (2109957412): <stream:features><starttls xmlns="urn:ietf:params:xml:ns:xmpp-tls"></starttls><mechanisms xmlns="urn:ietf:params:xml:ns:xmpp-sasl"><mechanism>DIGEST-MD5</mechanism><mechanism>JIVE-SHAREDSECRET</mechanism><mechanism>PLAIN</mechanism><mechanism>ANONYMOUS</mechanism><mechanism>CRAM-MD5</mechanism></mechanisms><compression xmlns="http://jabber.org/features/compress"><method>zlib</method></compression><auth xmlns="http://jabber.org/features/iq-auth"/><register xmlns="http://jabber.org/features/iq-register"/></stream:features> 07:25:43 PM SENT (2109957412): <auth xmlns='urn:ietf:params:xml:ns:xmpp-sasl' mechanism='DIGEST-MD5'>=</auth> 07:25:43 PM RCV (2109957412): <failure xmlns="urn:ietf:params:xml:ns:xmpp-sasl"><incorrect-encoding/></failure>
-
- 07 Aug, 2014 4 commits
-
-
Dele Olajide authored
OF-834: Close Open_redirect
-
Dele Olajide authored
More S2S fixes
-
Dele Olajide authored
Fix for OF-835
-
jackrabbit128 authored
- install ReadThrottleFilterBuilder into filter chains - adjust SSLFilter positioning in chain so that ReadThrottleFilter works correctly
-
- 05 Aug, 2014 1 commit
-
-
Dave Cridland authored
Kim 'Zash' Alvefur commented that an empty authzid in EXTERNAL wasn't working. This patch adds this handling, and also changes authorization checks from a domain.contains() to a domain.equals().
-
- 04 Aug, 2014 4 commits
-
-
Dave Cridland authored
This now reassembles a URL from the path, query, and fragment supplied, and ignores the scheme and network location portions entirely. Thus http://www.google.com/foo redirects to /foo only. Credit to Jonathan Bush, Security Consultant at ProCheckUp http://www.procheckup.com
-
Dave Cridland authored
Added UTF-8 support for readme and changelog files
-
Redor authored
Fixed the issue that creates an empty line after each line of HTML code, which can break the layout by using <pre> This patch rewritten to avoid reformatting by Dave Cridland <dave@cridland.net>
-
Dave Cridland authored
Double-check removed, streamlining logic.
-
- 23 Jul, 2014 1 commit
-
-
Florian Schmaus authored
-
- 22 Jul, 2014 2 commits
-
-
-
Dele Olajide authored
Jitsi Videobridge: Fixes Jitsi VideoBridge Plugin problem redirects to webrtcrequired.html. See https://community.igniterealtime.org/thread/52934
-
- 16 Jul, 2014 2 commits
- 11 Jul, 2014 1 commit
-
-
Dele Olajide authored
MUC Service Plugin 0.2.0
-
- 10 Jul, 2014 1 commit
-
-
Redor authored
- Extended the service with /participants endpoint to get all room participants - Extended the muc service to manage chat room roles (owners, admins, members, outcasts)
-
- 30 Jun, 2014 4 commits
- 24 Jun, 2014 2 commits
-
-
Dele Olajide authored
Quick fix for old-skool Jabber on S2S
-
Dave Cridland authored
-
- 23 Jun, 2014 5 commits
-
-
Dele Olajide authored
MUC Service Plugin. I adding this to complement the User Service plugin.
-
Dele Olajide authored
-
Dele Olajide authored
-
Dele Olajide authored
-
Redor authored
-
- 22 Jun, 2014 1 commit
-
-
Dele Olajide authored
-
- 21 Jun, 2014 1 commit
-
-
Dele Olajide authored
This cannot be enforced strictly for openfire IQ handlers to process packets for custom namespaces. I am modifying the original fix to exclude IQ handlers and also check for anonymous users.
-
- 18 Jun, 2014 4 commits
-
-
Dele Olajide authored
S2s fixes. Thanks for doing this. I am experimenting with websockets for Openfire s2s and I need these fixes.
-
Dele Olajide authored
OF-709: Somewhere between my initial commit, Flow's squashing and the code review, this code change was dropped. It is required to enable access to http-bind root folder for static web pages.
-
Dele Olajide authored
OF-823 Numeric overflow in MUCPersistenceManager when loading history ol...
-
akrherz authored
-
- 17 Jun, 2014 6 commits
-
-
Dave Cridland authored
This adds TLS information and Authentication choices to the server session details page. In doing so, it factors out a ServerSession interface, and LocalServerSession class.
-
Dave Cridland authored
Now subsumed by other checks.
-
Dave Cridland authored
A few changes here: 1) Don't recurse up the DNS tree. That's just wrong. 2) Also, don't assume that a subdomain is handled by a parent domain's server. Still wrong. 3) Check certificates post-connect using our new logic, and drop the session if they don't match and we're not meant to be doing dialback. 4) Do use EXTERNAL if offered, even if we're using a self-signed certificate. There's no value in not doing so, it's a bizarre behaviour. 5) Disable S2S Compression; it's currently not working. XPP reset seems to fail, so doing replacement of the input stream instead. 6) Protect against a null features after TLS. Seems unlikely to happen, but still.
-
Dave Cridland authored
If a server requires TLS, it will reject our attempts to verify a dialback key currently. Log this in the logs rather than (confusingly) ignoring it.
-
Dave Cridland authored
When processing a <db:result/>, this checks for the certificate first. If this matches, then we don't bother actually dialling back, speeding up the session setup. This factors out the certificate verification function.
-
Dave Cridland authored
See XEP-0220, Dialback Errors. This reduces disconnect in the case of piggybacking errors, and provides better diagnostics.
-