1. 05 Aug, 2014 1 commit
    • Dave Cridland's avatar
      More S2S fixes · dc21027b
      Dave Cridland authored
      Kim 'Zash' Alvefur commented that an empty authzid in EXTERNAL wasn't working.
      
      This patch adds this handling, and also changes authorization checks from a
      domain.contains() to a domain.equals().
      dc21027b
  2. 04 Aug, 2014 3 commits
  3. 23 Jul, 2014 1 commit
  4. 22 Jul, 2014 2 commits
  5. 16 Jul, 2014 2 commits
  6. 11 Jul, 2014 1 commit
  7. 10 Jul, 2014 1 commit
    • Redor's avatar
      MUC Service Plugin 0.2.0 · a98343cc
      Redor authored
      - Extended the service with /participants endpoint to get all room
      participants
      - Extended the muc service to manage chat room roles (owners, admins,
      members, outcasts)
      a98343cc
  8. 30 Jun, 2014 4 commits
  9. 24 Jun, 2014 2 commits
  10. 23 Jun, 2014 5 commits
  11. 22 Jun, 2014 1 commit
  12. 21 Jun, 2014 1 commit
    • Dele Olajide's avatar
      Section 8.5.1 of RFC 6121 - No such user · 637cc817
      Dele Olajide authored
      This cannot be enforced strictly for openfire IQ handlers to process packets for custom namespaces. I am modifying the original fix to exclude IQ handlers and also check for anonymous users.
      637cc817
  13. 18 Jun, 2014 4 commits
  14. 17 Jun, 2014 6 commits
    • Dave Cridland's avatar
      Add TLS/Authentication diagnostics · 5eb60080
      Dave Cridland authored
      This adds TLS information and Authentication choices to the server session
      details page.
      
      In doing so, it factors out a ServerSession interface, and LocalServerSession
      class.
      5eb60080
    • Dave Cridland's avatar
      Remove redundant certificate logic in TrustManager · 2827a330
      Dave Cridland authored
      Now subsumed by other checks.
      2827a330
    • Dave Cridland's avatar
      Tidy up outgoing sessions · 1aadb51f
      Dave Cridland authored
      A few changes here:
      
      1) Don't recurse up the DNS tree. That's just wrong.
      
      2) Also, don't assume that a subdomain is handled by a parent domain's server.
      Still wrong.
      
      3) Check certificates post-connect using our new logic, and drop the session
      if they don't match and we're not meant to be doing dialback.
      
      4) Do use EXTERNAL if offered, even if we're using a self-signed certificate.
      There's no value in not doing so, it's a bizarre behaviour.
      
      5) Disable S2S Compression; it's currently not working. XPP reset seems to fail,
      so doing replacement of the input stream instead.
      
      6) Protect against a null features after TLS. Seems unlikely to happen, but
      still.
      1aadb51f
    • Dave Cridland's avatar
      Log TLS requirement when trying Dialback · 1e14fddb
      Dave Cridland authored
      If a server requires TLS, it will reject our attempts to verify a dialback
      key currently. Log this in the logs rather than (confusingly) ignoring it.
      1e14fddb
    • Dave Cridland's avatar
      Support Dialback Without Dialback · 4c528c9d
      Dave Cridland authored
      When processing a <db:result/>, this checks for the certificate first. If
      this matches, then we don't bother actually dialling back, speeding up the
      session setup.
      
      This factors out the certificate verification function.
      4c528c9d
    • Dave Cridland's avatar
      Support dialback errors · 026c3f2f
      Dave Cridland authored
      See XEP-0220, Dialback Errors.
      
      This reduces disconnect in the case of piggybacking errors, and provides better
      diagnostics.
      026c3f2f
  15. 16 Jun, 2014 2 commits
  16. 11 Jun, 2014 3 commits
  17. 10 Jun, 2014 1 commit