- 07 Dec, 2014 1 commit
-
-
Florian Schmaus authored
when performing SASL authentication. Since 3eadecb6 Openfire would return incorrect-encoding when a SASL auth packet would contain just a single equals sign ('='). But this is correct (client) behavior according to RFC 6120 6.4.2. Related to OF-736 07:25:42 PM SENT (2109957412): <stream:stream xmlns='jabber:client' to='igniterealtime.org' xmlns:stream='http://etherx.jabber.org/streams' version='1.0'> 07:25:42 PM RCV (2109957412): <?xml version='1.0' encoding='UTF-8'?><stream:stream xmlns:stream="http://etherx.jabber.org/streams" xmlns="jabber:client" from="igniterealtime.org" id="1d96e3b3" xml:lang="en" version="1.0"> 07:25:43 PM RCV (2109957412): <stream:features><starttls xmlns="urn:ietf:params:xml:ns:xmpp-tls"></starttls><mechanisms xmlns="urn:ietf:params:xml:ns:xmpp-sasl"><mechanism>DIGEST-MD5</mechanism><mechanism>JIVE-SHAREDSECRET</mechanism><mechanism>PLAIN</mechanism><mechanism>ANONYMOUS</mechanism><mechanism>CRAM-MD5</mechanism></mechanisms><compression xmlns="http://jabber.org/features/compress"><method>zlib</method></compression><auth xmlns="http://jabber.org/features/iq-auth"/><register xmlns="http://jabber.org/features/iq-register"/></stream:features> 07:25:43 PM SENT (2109957412): <auth xmlns='urn:ietf:params:xml:ns:xmpp-sasl' mechanism='DIGEST-MD5'>=</auth> 07:25:43 PM RCV (2109957412): <failure xmlns="urn:ietf:params:xml:ns:xmpp-sasl"><incorrect-encoding/></failure>
-
- 05 Aug, 2014 1 commit
-
-
Dave Cridland authored
Kim 'Zash' Alvefur commented that an empty authzid in EXTERNAL wasn't working. This patch adds this handling, and also changes authorization checks from a domain.contains() to a domain.equals().
-
- 17 Jun, 2014 1 commit
-
-
Dave Cridland authored
When processing a <db:result/>, this checks for the certificate first. If this matches, then we don't bother actually dialling back, speeding up the session setup. This factors out the certificate verification function.
-
- 05 Jun, 2014 1 commit
-
-
Dave Cridland authored
- Always check validity of EE Cert - Change variable name (and flip sense).
-
- 04 Jun, 2014 2 commits
-
-
Dave Cridland authored
-
Dave Cridland authored
What this patch actually does is place existing certificates into a CertStore, including those from its (untrusted) keystore, the trust store, and any from the chain supplied by the peer, and then rebuild a chain back to a known trust anchor (from the trust store). This strategy will cope with unknown ICAs in chains, abbreviated chains, and so on, and replaces attempts to specifically handle self-signed certificates. That last said, there is an explicit shortcut to handle self-signed certificates which are supplied as end-entity certificates. These are simply checked against the trust store without any attempt to build a path.
-
- 02 Jun, 2014 1 commit
-
-
Sven Bunge authored
-
- 18 May, 2014 1 commit
-
-
Christian Schudt authored
OF-736 Openfire should return <incorrect-encoding></incorrect> SASL failure, when not using base64 encoding
-
- 10 Apr, 2014 1 commit
-
-
Tom Evans authored
Deprecate AuthFactory.getAuthProvider() and remove references from core classes
-
- 04 Mar, 2014 1 commit
-
-
csh authored
git-svn-id: http://svn.igniterealtime.org/svn/repos/openfire/trunk@13981 b35dd754-fafc-0310-a699-88a17e54d16e
-
- 16 Feb, 2014 2 commits
-
-
csh authored
git-svn-id: http://svn.igniterealtime.org/svn/repos/openfire/trunk@13959 b35dd754-fafc-0310-a699-88a17e54d16e
-
csh authored
OF-735 Openfire should return <invalid-mechanism/> SASL failure, when requesting an unknown mechanism git-svn-id: http://svn.igniterealtime.org/svn/repos/openfire/trunk@13958 b35dd754-fafc-0310-a699-88a17e54d16e
-
- 09 Apr, 2011 1 commit
-
-
guus authored
Stop checking if every certificate in the local certificate chain is self-signed. Only the first certificate from the chain is the local certificate. The rest of them are CA's (OF-405). git-svn-id: http://svn.igniterealtime.org/svn/repos/openfire/trunk@12235 b35dd754-fafc-0310-a699-88a17e54d16e
-
- 07 Feb, 2010 1 commit
-
-
guus authored
git-svn-id: http://svn.igniterealtime.org/svn/repos/openfire/trunk@11608 b35dd754-fafc-0310-a699-88a17e54d16e
-
- 09 Nov, 2009 1 commit
-
-
guus authored
git-svn-id: http://svn.igniterealtime.org/svn/repos/openfire/trunk@11388 b35dd754-fafc-0310-a699-88a17e54d16e
-
- 30 Sep, 2009 1 commit
-
-
Matt Tucker authored
git-svn-id: http://svn.igniterealtime.org/svn/repos/openfire/trunk@11291 b35dd754-fafc-0310-a699-88a17e54d16e
-
- 21 Aug, 2009 1 commit
-
-
guus authored
git-svn-id: http://svn.igniterealtime.org/svn/repos/openfire/trunk@11195 b35dd754-fafc-0310-a699-88a17e54d16e
-
- 16 Jul, 2008 1 commit
-
-
Gaston Dombiak authored
git-svn-id: http://svn.igniterealtime.org/svn/repos/openfire/trunk@10683 b35dd754-fafc-0310-a699-88a17e54d16e
-
- 17 Jun, 2008 1 commit
-
-
Daniel Henninger authored
git-svn-id: http://svn.igniterealtime.org/svn/repos/openfire/trunk@10546 b35dd754-fafc-0310-a699-88a17e54d16e
-
- 11 Jun, 2008 3 commits
-
-
Gaston Dombiak authored
git-svn-id: http://svn.igniterealtime.org/svn/repos/openfire/trunk@10512 b35dd754-fafc-0310-a699-88a17e54d16e
-
Gaston Dombiak authored
git-svn-id: http://svn.igniterealtime.org/svn/repos/openfire/trunk@10511 b35dd754-fafc-0310-a699-88a17e54d16e
-
Gaston Dombiak authored
git-svn-id: http://svn.igniterealtime.org/svn/repos/openfire/trunk@10510 b35dd754-fafc-0310-a699-88a17e54d16e
-
- 03 Jun, 2008 1 commit
-
-
Jay Kline authored
* Use of CRLs is optional * Improved PKIX certificate path checking logic * Fixed IndexOutOfBoundsException in SASLAuthentication when no principals are found in a certificate git-svn-id: http://svn.igniterealtime.org/svn/repos/openfire/trunk@10467 b35dd754-fafc-0310-a699-88a17e54d16e
-
- 15 May, 2008 1 commit
-
-
guus authored
git-svn-id: http://svn.igniterealtime.org/svn/repos/openfire/trunk@10395 b35dd754-fafc-0310-a699-88a17e54d16e
-
- 11 Apr, 2008 1 commit
-
-
Gaston Dombiak authored
git-svn-id: http://svn.igniterealtime.org/svn/repos/openfire/trunk@10204 b35dd754-fafc-0310-a699-88a17e54d16e
-
- 08 Apr, 2008 1 commit
-
-
Daniel Henninger authored
[JM-1277] Configuration that can be stored in the DB is now stored in the DB (providers, etc). Reviewer: Gabriel git-svn-id: http://svn.igniterealtime.org/svn/repos/openfire/trunk@10181 b35dd754-fafc-0310-a699-88a17e54d16e
-
- 27 Feb, 2008 1 commit
-
-
Gaston Dombiak authored
git-svn-id: http://svn.igniterealtime.org/svn/repos/openfire/trunk@10010 b35dd754-fafc-0310-a699-88a17e54d16e
-
- 13 Feb, 2008 1 commit
-
-
Daniel Henninger authored
[JM-160] Created LockOut infrastructure to allow for disabling accounts, associated listeners, and providers in case you want to write your own locked out accounts interface. git-svn-id: http://svn.igniterealtime.org/svn/repos/openfire/trunk@9903 b35dd754-fafc-0310-a699-88a17e54d16e
-
- 12 Dec, 2007 1 commit
-
-
Gaston Dombiak authored
git-svn-id: http://svn.igniterealtime.org/svn/repos/openfire/trunk@9637 b35dd754-fafc-0310-a699-88a17e54d16e
-
- 09 Oct, 2007 1 commit
-
-
Gaston Dombiak authored
git-svn-id: http://svn.igniterealtime.org/svn/repos/openfire/trunk@9296 b35dd754-fafc-0310-a699-88a17e54d16e
-
- 08 Oct, 2007 1 commit
-
-
Gaston Dombiak authored
git-svn-id: http://svn.igniterealtime.org/svn/repos/openfire/trunk@9290 b35dd754-fafc-0310-a699-88a17e54d16e
-
- 18 Sep, 2007 1 commit
-
-
Jay Kline authored
git-svn-id: http://svn.igniterealtime.org/svn/repos/openfire/trunk@9144 b35dd754-fafc-0310-a699-88a17e54d16e
-
- 13 Sep, 2007 1 commit
-
-
Jay Kline authored
git-svn-id: http://svn.igniterealtime.org/svn/repos/openfire/trunk@9111 b35dd754-fafc-0310-a699-88a17e54d16e
-
- 05 Sep, 2007 1 commit
-
-
Jay Kline authored
git-svn-id: http://svn.igniterealtime.org/svn/repos/openfire/trunk@9056 b35dd754-fafc-0310-a699-88a17e54d16e
-
- 20 Jun, 2007 1 commit
-
-
Jay Kline authored
Large restructure of SASL authorization and some SASL authentication changes: * Implemented PLAIN SASL Server * Moved PLAIN auth to using SASL Server object * Allow case for client EXTERNAL auth * Created AuthorizationMappings (allow for default usernames different from principal used) * More robust handling of LDAP authorization (allows JID != principal) * Fixes case sensitivy issue with default authorization policy * Removed UnixK5LoginPorivder, since it will likely never be used, has never been tested, and would be difficult to maintain in the long run. The Loose, Lazy, and Strict policies have been removed, and folded into a single Default policy that now resides in org.jivesoftware.openfire.auth.DefaultAuthorizationPolicy Issues: JM-1079 JM-1086 git-svn-id: http://svn.igniterealtime.org/svn/repos/openfire/trunk@8583 b35dd754-fafc-0310-a699-88a17e54d16e
-
- 30 May, 2007 1 commit
-
-
Gaston Dombiak authored
git-svn-id: http://svn.igniterealtime.org/svn/repos/openfire/trunk@8405 b35dd754-fafc-0310-a699-88a17e54d16e
-
- 28 Mar, 2007 1 commit
-
-
Gaston Dombiak authored
git-svn-id: http://svn.igniterealtime.org/svn/repos/wildfire/trunk@7742 b35dd754-fafc-0310-a699-88a17e54d16e
-
- 22 Mar, 2007 1 commit
-
-
Gaston Dombiak authored
git-svn-id: http://svn.igniterealtime.org/svn/repos/wildfire/trunk@7655 b35dd754-fafc-0310-a699-88a17e54d16e
-
- 09 Mar, 2007 1 commit
-
-
Gaston Dombiak authored
git-svn-id: http://svn.igniterealtime.org/svn/repos/wildfire/trunk@7436 b35dd754-fafc-0310-a699-88a17e54d16e
-
- 07 Feb, 2007 1 commit
-
-
Gaston Dombiak authored
git-svn-id: http://svn.igniterealtime.org/svn/repos/wildfire/trunk@7040 b35dd754-fafc-0310-a699-88a17e54d16e
-