1. 24 Jun, 2014 1 commit
  2. 23 Jun, 2014 5 commits
  3. 22 Jun, 2014 1 commit
  4. 21 Jun, 2014 1 commit
    • Dele Olajide's avatar
      Section 8.5.1 of RFC 6121 - No such user · 637cc817
      Dele Olajide authored
      This cannot be enforced strictly for openfire IQ handlers to process packets for custom namespaces. I am modifying the original fix to exclude IQ handlers and also check for anonymous users.
      637cc817
  5. 18 Jun, 2014 4 commits
  6. 17 Jun, 2014 6 commits
    • Dave Cridland's avatar
      Add TLS/Authentication diagnostics · 5eb60080
      Dave Cridland authored
      This adds TLS information and Authentication choices to the server session
      details page.
      
      In doing so, it factors out a ServerSession interface, and LocalServerSession
      class.
      5eb60080
    • Dave Cridland's avatar
      Remove redundant certificate logic in TrustManager · 2827a330
      Dave Cridland authored
      Now subsumed by other checks.
      2827a330
    • Dave Cridland's avatar
      Tidy up outgoing sessions · 1aadb51f
      Dave Cridland authored
      A few changes here:
      
      1) Don't recurse up the DNS tree. That's just wrong.
      
      2) Also, don't assume that a subdomain is handled by a parent domain's server.
      Still wrong.
      
      3) Check certificates post-connect using our new logic, and drop the session
      if they don't match and we're not meant to be doing dialback.
      
      4) Do use EXTERNAL if offered, even if we're using a self-signed certificate.
      There's no value in not doing so, it's a bizarre behaviour.
      
      5) Disable S2S Compression; it's currently not working. XPP reset seems to fail,
      so doing replacement of the input stream instead.
      
      6) Protect against a null features after TLS. Seems unlikely to happen, but
      still.
      1aadb51f
    • Dave Cridland's avatar
      Log TLS requirement when trying Dialback · 1e14fddb
      Dave Cridland authored
      If a server requires TLS, it will reject our attempts to verify a dialback
      key currently. Log this in the logs rather than (confusingly) ignoring it.
      1e14fddb
    • Dave Cridland's avatar
      Support Dialback Without Dialback · 4c528c9d
      Dave Cridland authored
      When processing a <db:result/>, this checks for the certificate first. If
      this matches, then we don't bother actually dialling back, speeding up the
      session setup.
      
      This factors out the certificate verification function.
      4c528c9d
    • Dave Cridland's avatar
      Support dialback errors · 026c3f2f
      Dave Cridland authored
      See XEP-0220, Dialback Errors.
      
      This reduces disconnect in the case of piggybacking errors, and provides better
      diagnostics.
      026c3f2f
  7. 16 Jun, 2014 2 commits
  8. 11 Jun, 2014 3 commits
  9. 10 Jun, 2014 3 commits
  10. 09 Jun, 2014 8 commits
  11. 08 Jun, 2014 3 commits
  12. 07 Jun, 2014 3 commits