Wednesday, December 08, 2010
interop@muc.xmpp.org
December
Mon Tue Wed Thu Fri Sat Sun
    1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18 19
20 21 22
23
24
25 26
27 28 29 30 31    
             
http://wiki.xmpp.org/web/Verify | http://wiki.xmpp.org/web/Interop

[00:07:46] *** steve.kille shows as "away" and his status message is "At Home"
[00:09:56] *** Zash shows as "away" and his status message is "Kaffe!"
[00:16:58] *** Florob shows as "away" and his status message is " (Abwesend wegen Untätigkeit für mehr als 5 Minuten)"
[00:18:16] *** Florob shows as "online"
[00:21:36] *** Zash shows as "online" and his status message is "Kaffe!"
[00:46:42] *** Florob has left the room
[00:49:39] *** Florian shows as "away" and his status message is "Auto Status (idle)"
[00:50:17] *** Florian shows as "online"
[01:11:07] *** Zash has left the room
[01:19:22] *** sjoerd.simons has joined the room
[01:19:22] *** sjoerd.simons shows as "online"
[01:19:26] *** sjoerd.simons shows as "online"
[01:28:23] *** steve.kille shows as "online" and his status message is "At Home"
[01:35:56] *** Florian shows as "away" and his status message is "Auto Status (idle)"
[01:36:17] *** Florian shows as "online"
[01:39:29] *** steve.kille has left the room
[01:39:39] *** steve.kille has joined the room
[01:39:40] *** steve.kille shows as "away" and his status message is "At Home"
[01:45:45] *** steve.kille shows as "online" and his status message is "At Home"
[01:46:40] *** sjoerd.simons shows as "away"
[01:50:54] *** sjoerd.simons shows as "online"
[02:11:34] *** sjoerd.simons shows as "away" and his status message is "ZzZZZzZz"
[02:14:54] *** Florian shows as "away" and his status message is "Auto Status (idle)"
[02:34:29] *** Florian shows as "xa" and his status message is "Auto Status (idle)"
[02:59:44] *** sjoerd.simons shows as "xa" and his status message is "ZzZZZzZz"
[03:08:26] *** steve.kille shows as "away" and his status message is "At Home"
[03:13:53] *** steve.kille has left the room
[03:14:02] *** steve.kille has joined the room
[03:14:03] *** steve.kille shows as "away" and his status message is "At Home"
[03:36:21] *** steve.kille has left the room
[03:36:32] *** steve.kille has joined the room
[03:36:33] *** steve.kille shows as "away" and his status message is "At Home"
[03:51:31] *** steve.kille has left the room
[03:51:31] *** steve.kille has joined the room
[03:51:34] *** steve.kille shows as "away" and his status message is "At Home"
[03:52:52] *** steve.kille has left the room
[03:52:54] *** steve.kille has joined the room
[03:52:57] *** steve.kille shows as "away" and his status message is "At Home"
[03:58:25] *** steve.kille has left the room
[03:58:37] *** steve.kille has joined the room
[03:59:16] *** steve.kille has left the room
[03:59:25] *** steve.kille has joined the room
[03:59:30] *** steve.kille shows as "away" and his status message is "At Home"
[04:18:52] *** sjoerd.simons has left the room
[04:18:53] *** sjoerd.simons has joined the room
[04:18:53] *** sjoerd.simons shows as "away" and his status message is "ZzZZZzZz"
[04:26:46] *** steve.kille has left the room
[04:26:57] *** steve.kille has joined the room
[04:26:57] *** steve.kille shows as "away" and his status message is "At Home"
[04:29:27] *** steve.kille shows as "online" and his status message is "At Home"
[04:39:27] *** steve.kille shows as "away" and his status message is "At Home"
[04:45:24] *** steve.kille shows as "online" and his status message is "At Home"
[04:56:58] *** steve.kille has left the room
[04:57:09] *** steve.kille has joined the room
[04:57:09] *** steve.kille shows as "online" and his status message is "At Home"
[05:12:10] *** steve.kille has left the room
[05:12:13] *** steve.kille has joined the room
[05:12:13] *** steve.kille shows as "online" and his status message is "At Home"
[05:30:30] *** sjoerd.simons has left the room
[05:31:17] *** sjoerd.simons has joined the room
[05:31:21] *** sjoerd.simons shows as "away" and his status message is "ZzZZZzZz"
[05:45:49] *** steve.kille has left the room
[05:46:07] *** steve.kille has joined the room
[05:46:07] *** steve.kille shows as "online" and his status message is "At Home"
[05:53:37] *** steve.kille has left the room
[05:53:39] *** steve.kille has joined the room
[05:53:39] *** steve.kille shows as "online" and his status message is "At Home"
[05:55:49] *** steve.kille has left the room
[05:56:30] *** steve.kille has joined the room
[05:57:07] *** steve.kille has left the room
[05:57:16] *** steve.kille has joined the room
[05:57:33] *** steve.kille shows as "online" and his status message is "At Home"
[05:57:48] *** sjoerd.simons has left the room
[06:13:17] *** steve.kille has left the room
[06:13:18] *** steve.kille has joined the room
[06:13:18] *** steve.kille shows as "online" and his status message is "At Home"
[06:25:59] *** steve.kille shows as "away" and his status message is "At Home"
[06:36:00] *** steve.kille shows as "online" and his status message is "At Home"
[06:43:04] *** Simon Josefsson shows as "online"
[06:47:09] *** steve.kille has left the room
[06:47:19] *** steve.kille has joined the room
[06:47:20] *** steve.kille shows as "online" and his status message is "At Home"
[06:51:28] *** Simon Josefsson shows as "away"
[06:52:09] *** Kev shows as "online"
[07:14:48] *** Simon Josefsson shows as "online"
[07:27:41] *** steve.kille shows as "away" and his status message is "At Home"
[07:33:55] *** Tobias has joined the room
[07:39:02] *** Simon Josefsson shows as "away"
[07:57:08] *** steve.kille shows as "online" and his status message is "At Home"
[08:09:03] *** Simon Josefsson shows as "xa"
[08:10:41] *** remko has joined the room
[08:10:42] *** remko shows as "online"
[08:26:24] *** Tobias shows as "away" and his status message is "Auto Status (idle)"
[08:29:24] *** Tobias shows as "online"
[08:38:31] *** Dave Cridland shows as "online"
[08:44:41] *** Tobias shows as "away" and his status message is "Auto Status (idle)"
[08:46:00] *** Tobias shows as "online"
[08:46:11] *** tuomas has joined the room
[08:46:12] *** tuomas shows as "online"
[08:54:42] *** Flo has joined the room
[08:57:08] *** steve.kille has left the room
[09:00:08] *** steve.kille has joined the room
[09:00:09] *** steve.kille shows as "away" and his status message is "At Home"
[09:00:49] *** steve.kille shows as "online" and his status message is "At Home"
[09:02:36] *** MattJ has joined the room
[09:04:32] *** Dave Cridland shows as "away" and his status message is " (Away as a result of being idle more than 5 min)"
[09:04:41] *** steve.kille shows as "online" and his status message is "At my Desk"
[09:06:46] *** Dave Cridland shows as "online"
[09:14:34] *** Dave Cridland shows as "away" and his status message is " (Away as a result of being idle more than 5 min)"
[09:22:35] *** Dave Cridland shows as "online"
[09:27:36] *** steve.kille shows as "away" and his status message is "At my Desk"
[09:32:33] *** MattJ shows as "xa" and his status message is "Not available as a result of not being here"
[09:34:14] *** steve.kille shows as "online" and his status message is "At my Desk"
[09:38:15] *** Flo shows as "away" and his status message is " (Away as a result of being idle more than 5 min)"
[09:48:15] *** Flo shows as "xa" and his status message is " (Not available as a result of being idle more than 15 min)"
[09:58:45] *** Sjoerd has joined the room
[10:00:06] *** Sjoerd shows as "away" and his status message is "ZzZZZzZz"
[10:01:00] *** Sjoerd shows as "online"
[10:05:21] *** Flo shows as "online"
[10:05:49] *** tuomas shows as "away"
[10:07:20] *** tuomas shows as "online"
[10:13:52] *** Flo shows as "away" and his status message is " (Away as a result of being idle more than 5 min)"
[10:14:42] *** Tobias has left the room
[10:18:05] *** Dave Cridland has left the room
[10:19:16] *** Flo shows as "online"
[10:20:22] *** steve.kille shows as "online" and his status message is "At my Desk"
[10:20:26] *** steve.kille shows as "online" and his status message is "At my Desk"
[10:24:22] *** Flo shows as "away" and his status message is " (Away as a result of being idle more than 5 min)"
[10:24:24] *** remko shows as "away"
[10:26:13] *** Dave Cridland has joined the room
[10:28:00] *** remko shows as "online"
[10:29:02] *** Florian shows as "online"
[10:34:22] *** Flo shows as "xa" and his status message is " (Not available as a result of being idle more than 15 min)"
[10:35:22] *** Sjoerd shows as "away"
[10:36:36] *** Flo shows as "online"
[10:36:43] *** Flo shows as "away" and his status message is "http://sowhyiswikileaksagoodthingagain.com/"
[10:37:21] *** Simon Josefsson shows as "online"
[10:38:31] *** remko shows as "away"
[10:39:00] *** Dave Cridland shows as "away" and his status message is " (Away as a result of being idle more than 5 min)"
[10:39:27] *** remko shows as "online"
[10:41:30] *** Dave Cridland shows as "online"
[10:47:02] *** Simon Josefsson shows as "away"
[10:50:42] *** tuomas shows as "away"
[10:52:47] *** tuomas shows as "online"
[10:54:12] *** Sjoerd shows as "online"
[11:01:17] *** Sjoerd has left the room
[11:01:17] *** remko shows as "away"
[11:02:31] *** steve.kille shows as "away" and his status message is "At my Desk"
[11:02:35] *** remko shows as "online"
[11:04:50] *** steve.kille shows as "online" and his status message is "At my Desk"
[11:12:32] *** Simon Josefsson shows as "online"
[11:14:50] *** steve.kille shows as "away" and his status message is "At my Desk"
[11:15:04] *** tuomas shows as "away"
[11:18:41] *** Simon Josefsson shows as "away"
[11:20:32] *** Simon Josefsson shows as "online"
[11:24:48] *** steve.kille shows as "online" and his status message is "At my Desk"
[11:25:45] *** sjoerd.simons has joined the room
[11:25:45] *** sjoerd.simons shows as "online"
[11:26:49] *** Simon Josefsson shows as "away"
[11:31:12] *** Dave Cridland has left the room
[11:31:17] *** Dave Cridland has joined the room
[11:31:36] <Kev> Right, yes, DNS. fippo / Dave Cridland: What were the records you were suggesting adding yesterday?
[11:32:41] *** Simon Josefsson shows as "online"
[11:37:50] <Dave Cridland> Yesterday [20:56:49] [Isode Unclassified] Dave Cridland: [[Isode Unclassified]]
Kev, When you're back, then, I have 217.155.137.58 (5222/5269) servicing mlinkrelease.xmpptest.com - feel free to give it a random hostname, like, say, mlinktrunk.xmpptest.com. :-)
[11:40:34] *** Simon Josefsson shows as "away"
[11:40:56] <Kev> Please check it's now right.
[11:42:07] <Dave Cridland> Kev, No A/AAAA records, but the SRV looks OK.
[11:42:33] <Dave Cridland> A is 217.155.137.58, AAAA is 2001:470:1f09:882:c0c8:f9ff:fec0:d982
[11:42:36] <Kev> Relly?
[11:42:40] <Kev> *really
[11:43:00] <Kev> mlinktrunk.xmpptest.com IN A 217.155.137.58
[11:43:04] <Kev> That *looks* right to me.
[11:43:10] <Kev> Ah, no, because I'm a twit.
[11:43:16] <Dave Cridland> "."
[11:43:51] <Kev> mlinktrunk IN A 217.155.137.58

[11:43:56] <Kev> Should be happier now.
[11:44:18] <Dave Cridland> If I hadn't cached the duff records.
[11:44:38] <Kev> Oh, I'd assumed you'd be querying athena.
[11:44:54] <Dave Cridland> Can you stick in the AAAA as well, in case anyone's doing IPv6 interop too?
[11:45:04] *** tuomas shows as "xa"
[11:45:38] <Kev> Done
[11:46:07] *** remko shows as "away"
[11:46:34] <Dave Cridland> Marv.
[11:47:09] <Dave Cridland> Can any server developers confirm that the service xmpp:mlinkrelease.xmpptest.com is reachable now?
[11:48:01] *** Simon Josefsson shows as "online"
[11:48:18] <fippo> it is - but it does not seem to do tls anymore?
[11:49:40] *** Tobias has joined the room
[11:50:28] <Dave Cridland> fippo, No, that's okay, haven't done that bit yet - doing that now. Thanks.
[11:53:01] *** Simon Josefsson shows as "away"
[11:53:49] <bear> I have a draft post for a very brief "day one" report of the interop - still chewing thru the logs for details but I wanted to get a post going
[11:54:26] <bear> could someone take a quick look for a review (I'm also going to post to comm team list)
[11:56:23] <Dave Cridland> Mail a draft to the interop mailing list?
[11:56:36] <bear> ah
[11:56:38] <bear> yes
[11:56:57] *** tuomas shows as "online"
[11:57:56] <Dave Cridland> mlinkrelease.xmpptest.com should now have TLS-lovelyness.
[12:01:00] *** badlop has joined the room
[12:01:05] <bear> draft posted to list
[12:01:28] *** Kev shows as "away"
[12:01:31] *** Kev shows as "online"
[12:03:14] <Dave Cridland> bear, Matthew Wild was/is operating the CA.
[12:03:21] <bear> k
[12:03:40] <fippo> dave: works with with dialback-after-tls, that boring sasl thing and d-w-d
[12:04:13] <Dave Cridland> bear, And you're mixing both company names (Isode, Collabora) and product names (ejabberd, SAFEchat)
[12:04:48] <bear> I pulled from the wiki, hmm, guess I should also update/correct that then
[12:05:38] <Dave Cridland> bear, I think both are useful, but you're listing "SAFEchat" as a client developer (it's a client, the developers are BoldonJames) and Isode as a server (Whereas our server is called M-Link)
[12:06:25] <bear> oh - I see. that's a personal glitch of mine - I can never remember m-link and have always called your software Isode
[12:06:34] *bear will beat that out of himself later
[12:07:06] <Dave Cridland> bear, Quite. Or Will will.
[12:07:14] <bear> eeek
[12:07:32] *** sjoerd.simons shows as "away"
[12:11:57] <Dave Cridland> OK, I've flipped my mlinktrunk.xmpptest.com server into only accepting strong authentication (ie, TLS with a verifiable certificate) for anything within xmpptest.com
[12:12:28] <bear> ok, text adjusted - sending new version to list
[12:12:59] *fippo turns off tls and tests again
[12:13:19] <Dave Cridland> I'll do something similar for mlinkrelease in a moment. I'll require a valid cert, although mlinkrelease will accept dialback as sufficient and won't do CRL checking.
[12:13:37] <Dave Cridland> Actually, mlinkrelease will even accept no TLS at all, so I may not bother.
[12:15:18] <fippo> works - I get a policy violation dialback error
[12:15:25] <Dave Cridland> 12/ 8 12:12:29 xmppd 32268 (root ) D-MBOX-Auth Rejecting (require tls peer control) connect from server psyced-db.xmpptest.com

[12:15:37] <Dave Cridland> fippo, Ah, yes, dialback errors too. :-)
[12:15:45] <Dave Cridland> fippo, Posh, aren't we?
[12:16:12] <fippo> you might want to put a <required/> into starttls :-)
[12:16:54] *** waqas has joined the room
[12:17:06] *** Tobias has left the room
[12:17:30] <Dave Cridland> fippo, Oh, isn't it there? I thought I'd got that as long as you sent a from (so it can look for the peer control) or if it's global (which it isn't on that server)
[12:19:06] <Dave Cridland> Oh. No, we don't - I carefully set a flag and then never use it. Well, that's an easy fix.
[12:19:43] <fippo> :-)
[12:23:01] *** Simon Josefsson shows as "xa"
[12:27:42] *** Dave Cridland shows as "away" and his status message is " (Away as a result of being idle more than 5 min)"
[12:32:03] <fippo> mh... I have a problem reaching trunk from -sasl
[12:32:25] <fippo> you don't offer external
[12:37:33] *** sjoerd.simons shows as "xa"
[12:37:42] *** Dave Cridland shows as "xa" and his status message is " (Not available as a result of being idle more than 15 min)"
[12:39:38] *** steve.kille shows as "away" and his status message is "At my Desk"
[12:43:00] *** Dave Cridland shows as "online"
[12:43:29] *** Zash has joined the room
[12:43:42] <Dave Cridland> 12/ 8 12:38:53 xmppd 32268 (root ) I-MBOX-Info Verifying certificate
12/ 8 12:38:53 xmppd 32268 (root ) I-MBOX-Info certificate (subject emailA
ddress=fippo@mail.symlynx.com,OU=XMPP Department,O=Your Organisation,L=The Inter
net,C=DE,CN=psyced-dwd.xmpptest.com), detail (email=fippo\\40mail.symlynx.com,ou
=XMPP Department,o=Your Organisation,l=The Internet,c=DE,cn=psyced-dwd.xmpptest.
com) error revocation status unknown for this certificate
12/ 8 12:38:53 xmppd 32268 (root ) N-MBOX-Notice TLS certificate verificat
ion failed
12/ 8 12:38:53 xmppd 32268 (root ) D-MBOX-Auth Rejecting (require strong a
uth peer control) connect from server psyced-dwd.xmpptest.com

[12:45:51] <Dave Cridland> AH... I wonder if Matt's updated his CRL...
[12:46:09] <fippo> back to debugging x509 stuff :-)
[12:46:43] <Dave Cridland> No, it's just that Matt's not updated the CRL, so it's expired.
[12:47:11] *** Simon Josefsson shows as "online"
[12:47:12] *** MattJ shows as "online"
[12:47:14] <Dave Cridland> Hence M-Link can't tell if the CRL simply hasn't been updated, or if it's been replayed to conceal your certificate being revoked.
[12:48:26] *** sjoerd.simons shows as "online"
[12:49:19] *** Tobias has joined the room
[12:50:07] *** Zash shows as "online" and his status message is "Awake!"
[12:50:43] *** steve.kille shows as "online" and his status message is "At my Desk"
[12:59:01] *** remko shows as "online"
[12:59:45] <Zash> So, who's winning? :)
[13:01:33] *** Tobias has left the room
[13:03:02] <Florian> right ...
[13:03:10] <Florian> MattJ: can I send you my CSR?
[13:04:28] *** Dave Cridland shows as "away" and his status message is " (Away as a result of being idle more than 5 min)"
[13:05:02] *** badlop shows as "xa"
[13:05:18] *** Zash shows as "away" and his status message is "Awake!"
[13:06:04] *** MattJ shows as "away" and his status message is "Away as a result of being too idle"
[13:07:18] *** Zash shows as "online" and his status message is "Awake!"
[13:10:32] *** MattJ shows as "online"
[13:12:25] <MattJ> Sure, mwild1@gmail.com
[13:12:32] <Kev> Zash: I'll be writing some suggested tests shortly.
[13:12:48] <MattJ> Florian, ah, got your PM, thanks
[13:12:58] <Kev> So at least there's some guidance on what to test :)
[13:13:34] *** Dave Cridland shows as "online"
[13:14:24] *** MattJ changed the title to "XMPP Interop Event | 6th - 11th December 2010 | http://wiki.xmpp.org/web/Interop"
[13:14:24] <Florian> :)
[13:14:44] <Florian> is there anything I need to do? Anything broken in Tigase that I should report back?
[13:14:46] <Dave Cridland> MattJ, Can you update the CRL fiole on the website?
[13:14:55] <MattJ> Dave Cridland, yes, I realised I hadn't done that this morning
[13:15:08] <MattJ> I regenerated it, but something distracted me from uploading
[13:16:40] *** Zash shows as "online" and his status message is "Kaffe!"
[13:16:53] <MattJ> There's a reason to use https for CRLs - an attacker could serve an old CRL over HTTP with nothing more than DNS poisoning
[13:16:56] <Kev> Florian: As nothing much as been tested yet ...
[13:17:25] <Dave Cridland> MattJ, No, because CRLs expire, so a replay attack has limited value.
[13:17:36] <MattJ> Aha
[13:19:32] <steve.kille> Technically, CRLs indicate when a new one will be issued, which is advisory rather than a hard expiration date, although it is generally treated as an expiration date
[13:20:50] <MattJ> This one's in date for a year, so have fun while you can
[13:23:45] <fippo> Kev: ah, I missed that dns question earlier. I would like a srv record for no.such.xmpptest.com pointing to "."
[13:23:55] <Florian> lol
[13:24:03] <Kev> fippo: Ok. Why, though?
[13:24:39] <MattJ> I second the request
[13:24:42] <MattJ> don't ask questions :)
[13:24:48] <fippo> Kev: servers should stop attempting to connect that domain
[13:25:01] <Kev> Oh, should they?
[13:25:06] <Dave Cridland> Kev, Yes.
[13:25:09] <MattJ> They should, see the recent discussion on the list
[13:25:12] <Kev> Permanently?
[13:25:25] <MattJ> for as long as they would cache a normal SRV lookup
[13:25:33] <Kev> Oh, well, that's no time at all presumably :)
[13:25:49] <Kev> (For clients, anyway)
[13:25:56] <MattJ> it's better than pointing your records to example.com and waiting for $TCP_TIMEOUT
[13:26:16] <MattJ> this is a definitive way of saying "There is no XMPP service at this domain, give up"
[13:26:19] <Dave Cridland> Kev, Well, you *can* argue that it's the TTL, however I don't think that anything other than caching resolvers should actually cache.
[13:27:43] <Kev> no.such now has an entry of .
[13:28:02] <MattJ> Thanks
[13:28:28] <MattJ> Dave Cridland, why do you think that?
[13:28:33] <Kev> Although the results look a whole lot like they do for an entry that just doesn't exist.
[13:28:59] <fippo> mattj: old jabberd tried to cache itself - it was a bad idea
[13:29:02] <Kev> bear: I'll read your post in a moment, thanks.
[13:29:20] <MattJ> fippo, why? (you may guess by now that Prosody caches)
[13:29:25] <Dave Cridland> MattJ, Because it's just as fast to run a caching nameserver on the same machine, and that's more likely to be written by people who know about DNS.
[13:29:31] <bear> no worries kev - I need to give it a couple hours to let other TZ's a chance to respond
[13:29:35] <MattJ> Fair enough
[13:30:16] <fippo> mattj: iirc it did not expire those records properly
[13:30:56] <MattJ> :)
[13:31:02] <MattJ> We fixed that bug a long time ago :)
[13:37:31] *** bear shows as "away" and his status message is "grabbing some breakfast"
[13:38:24] *** Simon Josefsson shows as "away"
[13:40:34] *** sjoerd.simons shows as "away"
[13:47:24] *** steve.kille shows as "away" and his status message is "At my Desk"
[13:49:32] *** Zash has left the room
[13:49:55] <Dave Cridland> So presumably, if the CRL's been updated, then everyone should now be able to connect to mlinktrunk.xmppest.com (and everything else)?
[13:53:21] *** louiz’ has joined the room
[13:57:14] <MattJ> Does OpenSSL do CRL checking automatically? It's likely I could connect to you all along :)
[13:57:36] *** steve.kille shows as "online" and his status message is "At my Desk"
[14:00:15] <remko> no
[14:00:17] <Dave Cridland> MattJ, No, don't think so. We don't use it for that, anyway. (I think it can parse CRLs, etc, but I don't think it'll fetch them for you)
[14:01:15] <remko> if you look at the manual, you'll see that it has error codes for CRL, but that they are "Unused by OpenSSL"
[14:01:29] *** sjoerd.simons shows as "online"
[14:03:41] <MattJ> Lovely
[14:04:31] <Kev> Right, so, tests.
[14:04:43] <Kev> I'll put stuff on the wiki, but I'm thinking that something like this is sensible:
[14:05:10] <Kev> * Check a server can receive an iq response to a ping to each server, with whatever configuration.
[14:05:41] <remko> mattj: i'm wrong i think
[14:05:44] <Kev> * Set some of the servers (all that support it) to require TLS on s2s, test iq still works.
[14:06:11] <Kev> * Set servers to require TLS with identity verification, test iq still works.
[14:06:14] <remko> MattJ: i take everything back. I should have known better than to trust on openssl documentation
[14:06:23] <Kev> That tests a base level of interop using s2s and TLS, I think.
[14:06:45] <MattJ> :)
[14:07:35] <Kev> * If any of the servers allow turning off dialback completely, doing that, and repeating.
[14:07:47] <Kev> (Dialback isn't bad, but relying on it is)
[14:08:24] *** Simon Josefsson shows as "xa"
[14:08:24] <Kev> * Setting up a vhost on one of the servers, issuing and revoking a cert, and checking it can't then connect to any servers.
[14:08:46] <MattJ> and everyone fails that except M-Link? :)
[14:08:56] <Dave Cridland> Kev, SO you want me to drop the TLS/strong-auth requirements for mlinktrunk?
[14:08:58] <Kev> I have no idea.
[14:09:08] <Kev> Dave Cridland: I think that'd be sensible for today.
[14:09:19] <Kev> First establishing that everyone will interop without TLS seems sensible.
[14:09:25] <Kev> Even though we know that'll work.
[14:09:55] <MattJ> Fine by me
[14:10:09] <Kev> What else do people want to test? I think just checking TLS+s2s this week is sensible, as a baseline and a first effort at an interop event.
[14:10:40] <Dave Cridland> That's fine by me. Do we want to check reachability to MUC domains as well?
[14:11:27] <Kev> For the clients, I think checking that they'll all connect ok to a server. Checking they'll all connect to a server with only TLS. Checking they won't connect to a server without TLS and with PLAIN. Revoking a cert and checking they warn the user (Swift will fail this). Logging in with a user cert.
[14:11:38] <Kev> Dave Cridland: Each of the listed domains would be sensible, yes.
[14:14:15] <Dave Cridland> DO we know if all the servers are configured with an Interop CA cert?
[14:15:39] <Kev> I guess we'll discover that when we try testing identity verification :)
[14:16:10] <Kev> Will someone volunteer to set up a vhost with a self-signed cert, and one with a revoked cert?
[14:16:54] <MattJ> Dave Cridland, the last outstanding CSR is Florian's, which I'm now processing (just sent badlop's)
[14:17:09] <Kev> I'm happy to set up both of those vhosts, actually.
[14:17:13] <Dave Cridland> Kev, I can do that.
[14:17:20] <Dave Cridland> Kev, Oh, or you can, great.
[14:17:30] <MattJ> Florian's has no SANs... should we allow this? :)
[14:17:35] <Kev> Dave Cridland: Disadvantage of that is that it needs to be yet another server for you - as you can't vhost either of your existing ones?
[14:17:50] <Dave Cridland> Kev, Sure I can, can't I?
[14:18:40] <Kev> Not if you want to test interop between that server and the denied domains.
[14:19:07] <Dave Cridland> Ah. Well, yes. I couldn't test between other domains on the same server, no.
[14:21:44] <Dave Cridland> Okay, I've reconfigured.
[14:22:00] <Dave Cridland> Shall I run through first?
[14:22:14] <Kev> I think there's no harm in it.
[14:22:57] *** Tobias has joined the room
[14:23:08] <Dave Cridland> So, mlinkrelease I get a pong.
[14:23:15] <Dave Cridland> (Which is just as well, frankly)
[14:23:27] <Dave Cridland> This all from mlinktrunk, BTW.
[14:23:47] <Dave Cridland> tigasetrunk, ping.
[14:24:14] <Dave Cridland> ejabberd21, ping.
[14:24:20] <Florian> SANs?
[14:24:31] <Dave Cridland> prosody8, ping.
[14:24:43] <Dave Cridland> psyced-db ping.
[14:24:56] <Kev> Florian: Subject alt names.
[14:25:02] <Tobias> i see you guys found the 'topic' feature ;)
[14:25:40] <Dave Cridland> psyced-dwd ping, psyced-sasl ping.
[14:25:50] <fippo> kev: would you put that list on the wiki please?
[14:26:00] <Kev> fippo: I'm doing so at the moment, yes.
[14:26:38] <Dave Cridland> So I think that's it from mlinktrunk. All success.
[14:27:12] <MattJ> Florian, the only domain you have listed is in the cn field, which isn't recommended
[14:27:26] <Dave Cridland> FWIW, I can even turn off checking that.
[14:27:47] <Dave Cridland> MattJ, You can add in other SANs before signing, though.
[14:27:56] <Florian> yeh
[14:27:57] <MattJ> I can? Oh yes...
[14:28:04] <MattJ> That was staring me in the face
[14:29:03] <fippo> dave: that was with optional starttls? It might be worth repeating with tls disabled
[14:29:13] <Dave Cridland> RIght, just setting up a test account for mlinkrelease.
[14:29:24] <Dave Cridland> fippo, What, disabling TLS at my end?
[14:29:51] <fippo> yes. so we see that it fails with servers that <require/> tls
[14:30:05] <Dave Cridland> I think that's one to do later.
[14:30:11] <Kev> fippo: My intention is to do TLS requirements later.
[14:30:15] <fippo> wfm
[14:30:37] <MattJ> Florian, do you have a MUC domain?
[14:30:38] <Kev> fippo: I'll set up vhosts with invalid certs (self-signed, mismatch, and revoked) and test that s2s doesn't work.
[14:30:46] *** Florob has joined the room
[14:31:19] <fippo> kev: add an expired one
[14:31:21] <Florian> muc.*
[14:31:33] <Kev> fippo: Do you hate my time that much? :)
[14:31:35] <Dave Cridland> Okay, so from mlinkrelease, this time.
[14:31:37] <fippo> kev: and one that does not contain the vhostname
[14:31:40] <fippo> kev: :-)
[14:31:40] <Kev> Or my DSA setup, for that matter.
[14:31:48] <Kev> Yes, I said I'd add one with a host mismatch.
[14:31:57] <fippo> ah
[14:32:00] <Dave Cridland> mlinktrunk, ping
[14:32:46] <Dave Cridland> ejabberd21 ping
[14:32:56] <Dave Cridland> prosody8 ping
[14:34:00] <Dave Cridland> psyced-db ping
[14:34:04] <Dave Cridland> psyced-dwd ping
[14:34:08] <Dave Cridland> psyced-sasl ping.
[14:34:26] <MattJ> since XMPP implementations should recognise both xmppAddr and SRVName, only one of them should be necessary in a cert, right?
[14:34:38] *** sjoerd.simons shows as "away"
[14:34:46] <Dave Cridland> In principle... But in principle they'll recognise a URI one as well.
[14:34:55] <MattJ> .
[14:35:00] <Dave Cridland> In practise, most will rely on xmppAddr, and maybe sRVName.
[14:35:10] <Dave Cridland> tigasetrunk ping.
[14:35:19] <Dave Cridland> So full house from both.
[14:35:41] <Dave Cridland> As a general note to folk, you will need to bounce your servers, or force them to disconnect S2S some other way prior to running these tests.
[14:36:04] <Dave Cridland> Otherwise you may just be reusing connections.
[14:36:26] <Dave Cridland> (I say this because I only just remembered to do it)
[14:36:59] <Dave Cridland> So, who wants to go next?
[14:37:53] *** sjoerd.simons shows as "online"
[14:37:57] <Dave Cridland> Anyone?
[14:38:00] <fippo> just doing...
[14:40:06] *** remko shows as "away"
[14:41:01] <Dave Cridland> 12/ 8 14:38:03 xmppd 32680 (root ) I-MBOX-Info certificate (subject emailAddress=fippo@mail.symlynx.com,OU=hangtime department,O=hangtime,L=The Internet,C=DE,CN=psyced-db.xmpptest.com), detail (email=fippo\\40mail.symlynx.com,ou=hangtime department,o=hangtime,l=The Internet,c=DE,cn=psyced-db.xmpptest.com) error revocation status unknown for this certificate
I shouldn't be seeing that, I don't think.
[14:41:33] *Dave Cridland wonders if he's caching the CRL for some reason.
[14:42:03] <Kev> http://wiki.xmpp.org/web/Interop#Testing
[14:42:03] *** remko shows as "online"
[14:42:22] <fippo> full house from psyced-db to anyone with tls, two failures without tls (psyced-dwd and psyced-external, but they enforce tls so that is expected)
[14:42:56] <Kev> fippo: It'd be great if you cut put that in terms of my test numbers for me, please.
[14:43:13] <Dave Cridland> psyced-sasl, surely?
[14:43:18] <fippo> kev: will do on the wiki
[14:43:20] <fippo> dave: yes
[14:43:29] *** Florian has left the room
[14:43:37] <Kev> fippo: Or that, thanks. I'm happy to put it in the wiki, if you paste something here, equally.
[14:46:30] <Dave Cridland> BTW, as far as I remember, all servers supported XEP-0199, and gave a positive result (ie, not an error).
[14:46:56] <fippo> and all servers support the good old jabber:iq:version (I prefer that to ping somehow)
[14:48:21] <fippo> Kev: arr, your test structure conflicts with my host setup
[14:48:36] <Kev> fippo: I think it just means that some of your hosts don't participate in some tests.
[14:48:45] <fippo> yeah
[14:48:55] <Kev> e.g. ones that require TLS don't do test 1, they wait until test 2.
[14:49:34] <Dave Cridland> Well, we've not disabled TLS, so those ones should also work, still, surely?
[14:49:46] <Kev> Well, true.
[14:50:53] <fippo> yeah
[14:51:03] <fippo> they will fail with tigase, but that is expected
[14:51:14] <MattJ> Kev, it says notls is not yet set up - feel free to point that at me
[14:51:23] <MattJ> I can set up a vhost with no c2s/s2s TLS
[14:51:35] <Kev> MattJ: On the same host, or a different one?
[14:51:50] <Kev> The problem with you using a vhost on one of the test systems is that you then can't test those.
[14:51:53] <Dave Cridland> MattJ, On a different server to prosody8, so you can test?
[14:52:22] <MattJ> Good point
[14:52:35] <MattJ> Kev, point it to matthewwild.co.uk
[14:52:45] <Kev> Ta.
[14:53:02] <MattJ> brb
[14:53:15] <MattJ> btw, I think everyone has certs now - shout if I missed a request
[14:53:28] <Dave Cridland> ANyone editing the Wiki now? If not, I'll stick my other results in.
[14:53:30] <Kev> I'll be requesting more certs shortly, and then asking you to revoke one of them :)
[14:53:36] <Kev> Dave Cridland: I am not.
[14:54:57] <fippo> dave: I just edited
[14:55:22] <Dave Cridland> Right, as did I, but quickly enough apparently.
[14:56:52] <Kev> "they will fail with tigase, but that is expected"
[14:56:55] <Kev> Expected because...?
[14:58:27] <fippo> Kev: because tigase does not do tls, so if it meets a server that enforces tls it should fail
[14:58:46] <Kev> So, server people, are there any basic s2s interop tests that we should be adding that I haven't yet done?
[14:58:55] <Kev> fippo: It will never do TLS over s2s?
[14:59:00] <fippo> kev: afaik no
[15:02:24] *** stpeter has joined the room
[15:02:31] *Dave Cridland asks Florian.
[15:04:01] <Dave Cridland> Anyway - who's next on doing the tests?
[15:04:03] <fippo> I am not seing a version attribute on the stream headers either
[15:04:04] <Dave Cridland> MattJ, ?
[15:04:12] <MattJ> back
[15:04:17] <MattJ> I'm next I think
[15:04:42] <Dave Cridland> OK.
[15:05:18] *** sjoerd.simons shows as "away"
[15:06:09] <Dave Cridland> stpeter, Are there any other server implementors we could bring in, do you think?
[15:06:35] *** Florian has joined the room
[15:06:36] <stpeter> have we pinged Openfire and jabberd2?
[15:06:48] <Florian> as a response to Dave's question: [15:04:05] <Artur> no, this is what I am working on right now :-)

[15:07:04] <Florian> (TLS on S2S)
[15:07:05] <Kev> stpeter: In as much as we pinged the relevant XSF lists, and I assume they listen to them.
[15:07:13] <stpeter> rightio
[15:07:29] <Kev> Pinging them directly would not be a horrible idea.
[15:07:45] <Dave Cridland> stpeter, Who would we ping for those?
[15:08:05] <stpeter> I haven't seen a reply to the last message I sent to some Openfire folks
[15:08:58] <MattJ> Coversant?
[15:09:16] <Dave Cridland> MattJ, Good point.
[15:09:42] <stpeter> Tomasz Serna is the jabberd2 contact -- mailto:tomek@xiaoka.com
[15:09:47] <fippo> Dave: if time permits (and that is a large if) I'll try to setup jabberd14
[15:09:56] <MattJ> stpeter, poked in jdev
[15:10:01] <stpeter> heh ok
[15:10:07] <stpeter> MattJ: Tomasz is there?
[15:10:09] <MattJ> smoku
[15:10:12] <stpeter> right
[15:10:14] <stpeter> that's the one :)
[15:10:39] *** remko shows as "away"
[15:10:49] <stpeter> I'll ping Jason Frankel at Coversant
[15:11:39] <Dave Cridland> I was just writing a mail to Dave Richards.
[15:11:44] <Dave Cridland> But two won't hurt.
[15:12:20] <stpeter> yep
[15:12:25] <stpeter> email sent to Jason
[15:12:26] <MattJ> Dave Cridland, did you ping manually?
[15:12:40] <Dave Cridland> MattJ, Once a year, yes.
[15:12:43] *** bear shows as "online"
[15:12:48] <MattJ> .
[15:13:06] *MattJ writes a script
[15:13:12] <Dave Cridland> MattJ, No, I used Gajim.
[15:13:18] <MattJ> s/writes/adopts/
[15:13:21] <Dave Cridland> MattJ, Started a chat to each server and typed /ping
[15:13:28] <MattJ> Now there's an idea
[15:13:36] <Dave Cridland> MattJ, I'm full of 'em.
[15:13:45] <MattJ> I didn't say it was a good one
[15:14:12] <stpeter> I wonder if we need to cull the list of XMPP servers at http://xmpp.org/xmpp-software/servers/
[15:14:15] <MattJ> Works, amazing
[15:14:51] <MattJ> stpeter, email them all, if they don't respond - remove them? :)
[15:15:11] <bear> stpeter - I was thinking of suggesting that after N rounds of interops we could start making active/inactive categories
[15:15:14] <Dave Cridland> stpeter, It might be interesting, if we can get these interop sessions to happen reasonably frequently, so say that in order to be listed to need to at least particpate in interop.
[15:15:17] <stpeter> MattJ: even better, ask them to participate in interop, if they don't participate then remove 'em
[15:15:20] <MattJ> Heh
[15:15:26] <stpeter> heh
[15:15:27] <stpeter> GMTA
[15:15:32] <MattJ> and I thought I was being harsh
[15:15:38] <Dave Cridland> steve.kille, Fools seldom differ.
[15:15:38] <stpeter> quarterly interop week
[15:15:46] <Dave Cridland> stpeter, rather.
[15:15:53] *** Florian has left the room
[15:16:00] <Dave Cridland> Didn't look at what "st<TAB>" gave me.
[15:16:05] <stpeter> brb
[15:16:50] <MattJ> or we make it a requirement to run a server at *.interop.xmpp.org :)
[15:17:10] <bear> xmpptest.com also
[15:17:23] <MattJ> In the Prosody early days we had a test script that pinged each server there daily
[15:17:52] <Dave Cridland> MattJ, I'm not mad keen on constantly running an interop test server, to be honest. Unused/unwatched servers tend to develop embarrassing failures at the worst moment.
[15:18:32] <MattJ> bear, just point xmpptest.com at prosody.im, thanks ;)
[15:19:01] <Kev> I'm inclined to leave the DNS in place ready for next event, and to have the CA kept around ready to run up, but I don't think it's very valuable to have them up between events.
[15:19:07] <MattJ> Anyway, the server would be watched by me
[15:19:09] <Kev> Plus it increases the value of the interop events :)
[15:19:29] <bear> kev +1
[15:19:42] <MattJ> Interop events are inconvenient, there's little reason I need all of you here to do what I'm doing right now
[15:19:44] *** remko shows as "online"
[15:20:04] <Dave Cridland> MattJ, It's a social thing. We're all going out to drink beer afterward, right?
[15:20:18] <MattJ> Orange juice for me please
[15:20:37] *** badlop shows as "online"
[15:20:38] <Dave Cridland> MattJ, Sure. Pay no attention to this bottle of vodka.
[15:21:43] <MattJ> I wish Gajim would let you inspect the server cert
[15:21:48] <MattJ> as a client
[15:22:20] *** Florian has joined the room
[15:22:24] <MattJ> Bouncing prosody8
[15:23:49] <MattJ> mlinktrunk: OK
[15:24:10] <MattJ> mlinkrelease: OK
[15:24:34] <MattJ> ejabberd21: OK
[15:24:43] *** sjoerd.simons shows as "online"
[15:25:04] <MattJ> pscyed-db: OK
[15:25:30] <MattJ> pscyed-sasl: FAIL
[15:25:43] <Dave Cridland> Fail?
[15:26:00] <MattJ> psyced-dwd: FAIL
[15:26:01] <Dave Cridland> Did you disable your cert (or TLS)?
[15:26:07] <MattJ> Going to check
[15:26:46] <fippo> verify result 34
[15:27:03] <fippo> ah... that critical extension thing
[15:27:10] <MattJ> Looks like they hung up on me
[15:27:14] <Dave Cridland> Ah - MattJ, you'll need to make yourself a new cert.
[15:27:16] <MattJ> Aha
[15:27:16] <Kev> How could they?
[15:27:28] <fippo> they're evil
[15:27:36] <Kev> Natch.
[15:27:41] *** Florian has left the room
[15:28:17] <Kev> Can someone confirm whether I've screwed up DNS for notls.xmpptest.com, please?
[15:28:27] <Kev> It looks to me like I have.
[15:28:47] <Kev> Oh.
[15:28:49] <Kev> ;; AUTHORITY SECTION:
xmpptest.com. 3600 IN SOA xmpp.org. hostmaster.xmpp.org. 2010120803 14400 3600 604800 43200

[15:28:59] <Dave Cridland> notls.xmpptest.com. 0 IN A 67.215.65.132

[15:29:00] <Kev> That means it's using the serial that's two older than the current (05)
[15:29:04] <Dave Cridland> zero-TTL?
[15:29:53] <Kev> The intention was 1hour
[15:30:07] *** sjoerd.simons shows as "away"
[15:30:10] <Dave Cridland> Oh, no, that's opendns being crap.
[15:30:15] *** Florian has joined the room
[15:30:47] <Dave Cridland> SOA serial : 2010120803
[15:30:53] <MattJ> Bouncing prosody8
[15:31:13] <MattJ> Dave Cridland, why did M-Link not fail?
[15:31:17] <Dave Cridland> Also direct to Athena.
[15:31:35] <Dave Cridland> MattJ, Not configured to mandate TLS or strong-auth, so it'll have done dialback.
[15:32:09] <MattJ> Now my client can't log in - "no shared cipher" :(
[15:32:47] <MattJ> Hmm
[15:34:06] <MattJ> Key/cert mismatch I think
[15:35:11] <MattJ> Dec 08 15:32:12 s2smanager debug pscyed-dwd.xmpptest.com has no SRV records, falling back to A
[15:35:12] <MattJ> Grr
[15:35:23] <Kev> o_O
[15:35:32] *** Florian has left the room
[15:35:45] <Dave Cridland> MattJ, It seems to...
[15:35:59] *** Florian has joined the room
[15:36:06] <MattJ> $ host -t srv _xmpp-server.psyced-dwd.xmpptest.com
Host _xmpp-server.psyced-dwd.xmpptest.com not found: 3(NXDOMAIN)
[15:36:18] <Dave Cridland> _tcp
[15:36:35] <MattJ> oops
[15:36:42] *** Florian has left the room
[15:36:42] <MattJ> Ok
[15:36:55] <fippo> and you pinged pscyed, not psyced
[15:36:59] *** sjoerd.simons shows as "online"
[15:37:08] <Dave Cridland> Ah, yes...
[15:37:11] <MattJ> Grr
[15:38:35] <MattJ> All work
[15:39:57] <Kev> Ok, DNS is confusing me.
[15:40:23] <Dave Cridland> Why?
[15:40:46] <Kev> We're up to 2010120806, but I'm still getting 2010120803 from athena.
[15:41:03] <Florob> Isn't it reassuring if your software works better then you do :)
[15:41:10] <Dave Cridland> Have your reloaded bind, and, if so, is there anything in its logs about why it's refusing to load the zone?
[15:41:13] <MattJ> Florob, :)
[15:41:43] <Kev> I'm not even sure where bind logs.
[15:42:28] *** steve.kille shows as "away" and his status message is "At my Desk"
[15:42:37] <MattJ> daemon.log for me, as named
[15:42:38] <bear> IIRC it's the default syslog output - /var/log/messages or somesuch
[15:43:45] <Kev> Ta.
[15:45:07] <Kev> Ah.
[15:45:16] <Kev> no.such IN A .
Isn't a valid line.
[15:45:20] <MattJ> wiki updated
[15:45:29] <MattJ> but the other servers accept it?
[15:45:51] <MattJ> Wait - shouldn't that be SRV?
[15:46:12] *** Dave Cridland shows as "away" and his status message is " (Away as a result of being idle more than 5 min)"
[15:46:26] <Kev> I was just asked to put a line with '.' in for 'no.such.xmpptest.com', so I assumed it was A that was wanter.
[15:46:30] <Kev> s/wanter/wanted/
[15:46:44] <MattJ> No, SRV, sorry
[15:46:44] <Tobias> Kev: the one that fippo mentioned was a SRV record IIRC
[15:46:53] <MattJ> the target is just .
[15:47:37] <Kev> Ok, working fine now, ta.
[15:48:13] <MattJ> Council in 15?
[15:48:23] *** steve.kille shows as "online" and his status message is "At my Desk"
[15:48:24] <Kev> So I can get onto setting up the invalid TLS domains now :)
[15:48:25] <Kev> Yep.
[15:48:25] <Tobias> jup
[15:48:42] *** Florob shows as "online"
[15:48:56] *** Dave Cridland shows as "online"
[15:53:37] *** sjoerd.simons shows as "away"
[15:54:15] *** prefiks has joined the room
[15:54:15] *** prefiks has left the room
[15:54:16] *** prefiks has joined the room
[15:54:16] *** prefiks shows as "online"
[15:55:18] *** prefiks shows as "online"
[15:55:40] *** prefiks has left the room
[15:57:58] *** stpeter shows as "away" and his status message is "wandered off..."
[15:59:13] *** stpeter shows as "online"
[15:59:31] <Kev> expiredcert, mismatchcert and revokedcert are all up - albeit without the certs they claim to have.
[16:02:25] *** sjoerd.simons shows as "online"
[16:09:19] *** stpeter shows as "dnd" and his status message is "on the phone"
[16:10:01] *** Florob has left the room
[16:16:47] *** tuomas shows as "away"
[16:16:54] *** tuomas shows as "online"
[16:22:59] *** Florian has joined the room
[16:23:09] *** sjoerd.simons shows as "away"
[16:25:30] *** Florian has left the room
[16:27:09] <badlop> i've installed the cert in ejabberd21, enabled TLS in c2s and s2s, it connected with TLS to all the other 7 Interop servers except mlinkrelease.xmpptest.com, which apparently couldn't setup TLS
[16:27:30] *** sjoerd.simons shows as "online"
[16:28:52] <Kev> badlop: Is that with TLS required, or simply allowed?
[16:29:59] <Dave Cridland> badlop, Oh. Curious. One sec.
[16:30:02] *** sjoerd.simons shows as "away"
[16:32:03] <badlop> allowed, becayse ejabberd first attempts TLS, if anything fails it attempts non-TLS
[16:32:08] <Dave Cridland> I see it working, which is confusing. One sec, let me bounce my server and we'll have another go - it's mlink release, not trunk, right?
[16:32:44] <Dave Cridland> 12/ 8 19:20:37 xmppd 07463 (root ) N-MBOX-Notice Peer ejabberd21.xmpptest.com authenticates via TLS.
12/ 8 19:20:37 xmppd 07463 (root ) I-MBOX-Info successful setup originating db connection from mlinkrelease.xmpptest.com to ejabberd21.xmpptest.com

[16:33:00] <Dave Cridland> And I'm getting all that kind of stuff on mlinkrelease, which looks like it should be working.
[16:34:07] <Dave Cridland> And I can indeed ping ejabberd21 after a restart, too, from mlinkrelease.
[16:34:22] <badlop> and do you get the exact same report with mlinktrunk?
[16:35:02] <Dave Cridland> Ah. No. CRL failure. But, it still sets up a session.
[16:35:05] *** Tobias shows as "away" and his status message is "Auto Status (idle)"
[16:35:17] <Dave Cridland> Yup, pings there too.
[16:38:18] *** Florian has joined the room
[16:38:25] <Dave Cridland> badlop, When you say "connected with TLS", and "couldn't setup TLS", do you mean TLS itself, or EXTERNAL?
[16:38:34] *** Tobias shows as "online"
[16:40:01] <badlop> the logs don't explicit, so i imagine it's TLS
[16:40:10] <badlop> i'll check the source now
[16:40:26] <badlop> so, don't worry yet about what ejabberd reports
[16:40:27] *** badlop shows as "xa"
[16:43:22] *** bear has left the room
[16:44:01] *** bear has joined the room
[16:44:14] *** Tobias has left the room
[16:45:40] *** steve.kille shows as "online" and his status message is "At my Desk"
[16:45:41] *** steve.kille shows as "online" and his status message is "At my Desk"
[16:45:46] *** Dave Cridland shows as "online"
[16:45:50] *** steve.kille shows as "away" and his status message is "At my Desk"
[16:47:17] *** Florob has left the room
[16:53:05] *** Florian has left the room
[16:53:17] *** sjoerd.simons shows as "online"
[16:54:21] *** Dave Cridland has left the room
[16:54:27] *** Dave Cridland has joined the room
[16:54:40] <Dave Cridland> badlop, Well, we're seeing TLS setup but the CRL fail.
[16:55:26] <Dave Cridland> Looking into that, it seems the CRL DP has a PEM-encoded CRL, whereas the standard mandates a DER-encoded one. Our software is being picky. I'll figure out some instructions for MattJ
[16:56:39] *** stpeter shows as "online"
[16:57:48] <Dave Cridland> No, indeed, the PEM one does crl.pem in PEM, and the DER one does crl.crl in DER.
[16:57:55] <Dave Cridland> Ooops. Wrong window.
[16:58:08] <Dave Cridland> Although right conversation, bewilderingly.
[16:58:14] <bear> :)
[16:58:29] <bear> I figured you were just continuing your outloud debugging
[16:58:31] <Dave Cridland> MattJ, Can you export the CRL in DER format - that'll generate a crl.crl for you to put on that website.
[16:58:48] <MattJ> Overwrite the PEM one?
[16:59:07] <Dave Cridland> Yes. Standards says DER.
[17:00:48] <MattJ> Try now
[17:02:04] *** Florian has joined the room
[17:03:47] *** steve.kille shows as "online" and his status message is "At my Desk"
[17:17:42] *** Tobias has joined the room
[17:17:50] *** sjoerd.simons shows as "away"
[17:19:25] *** badlop shows as "online"
[17:20:37] <badlop> Dave Cridland: right now, ejabberd -- mlinkrelease: s2s with TLS works
[17:21:32] *** Florian/Der Graf has joined the room
[17:21:37] *** tuomas shows as "away"
[17:21:41] *** tuomas shows as "online"
[17:21:51] *** tuomas has left the room
[17:22:40] *** Tobias has left the room
[17:25:00] *** Zash has joined the room
[17:26:12] *** Kanchil/Der Graf has joined the room
[17:28:34] *** Kanchil/Der Graf/Der Graf has joined the room
[17:28:43] *** Kanchil/Der Graf/Der Graf has left the room
[17:29:05] *** MattJ/Der Graf has joined the room
[17:30:24] *** MattJ/Der Graf has left the room
[17:39:43] *** remko has left the room
[17:39:52] *** remko has joined the room
[17:39:56] *** remko shows as "online"
[17:40:21] *** sjoerd.simons shows as "online"
[17:42:45] *** Asterix has joined the room
[17:42:47] *** Florian/Der Graf has joined the room
[17:43:51] *** remko has left the room
[17:45:11] *** Simon Josefsson shows as "online"
[17:47:07] *** Florian has left the room
[17:50:40] *** Simon Josefsson shows as "away"
[17:51:14] *** Simon Josefsson shows as "online"
[17:52:46] *** Asterix shows as "away" and his status message is "Away from keyboard"
[17:56:18] *** Asterix shows as "online"
[17:57:06] <badlop> umm, ejabberd -> tigase doesn't work with TLS, because tigase response doesn't include stream:features:

192.168.001.011.36481-094.023.164.209.05269:
<?xml version='1.0'?>
<stream:stream xmlns:stream='http://etherx.jabber.org/streams'
xmlns='jabber:server'
xmlns:db='jabber:server:dialback'
to='tigase.me'
version='1.0'>
</stream:stream>

094.023.164.209.05269-192.168.001.011.36481:
<stream:stream xmlns:stream='http://etherx.jabber.org/streams'
xmlns='jabber:server'
xmlns:db='jabber:server:dialback'
id='f1cf3e1a-8405-4146-82d7-454d3cfb2105'>
</stream:stream>
[17:58:16] <Dave Cridland> badlop, Right, Tigase doesn't do TLS over S2S.
[17:58:32] <Kev> That's not just not doing TLS, though - that's not doing XMPP 1.0, is it?
[17:58:45] *** Florian/Der Graf shows as "online"
[17:58:58] <Kev> (Yes, I realise TLS is a requirement for XMPP 1.0 as well)
[17:59:26] <badlop> well, tigase doesn't advertise supporting xmpp 1.0, so tigase doesn't lie
[17:59:36] <Kev> Heh, true enough.
[18:01:32] *** Asterix shows as "away" and his status message is "Away from keyboard"
[18:06:33] *** Asterix shows as "xa" and his status message is "idle"
[18:07:13] *** Asterix shows as "online"
[18:08:48] *** Florian has joined the room
[18:10:21] *** remko has joined the room
[18:10:24] *** remko shows as "online"
[18:10:51] *** remko has left the room
[18:11:12] *** MattJ shows as "away" and his status message is "Away as a result of being too idle"
[18:12:03] *** remko has joined the room
[18:12:07] *** remko shows as "online"
[18:12:48] *** steve.kille has left the room
[18:15:04] *** remko has left the room
[18:16:11] *** MattJ shows as "online"
[18:16:47] *** remko has joined the room
[18:16:51] *** remko shows as "online"
[18:19:49] <Dave Cridland> RIght, so something's up with the CRL checking code at the moment, so I've disabled that in mlinktrunk. :-(
[18:24:52] *** Dave Cridland shows as "away" and his status message is " (Away as a result of being idle more than 5 min)"
[18:27:18] *** remko has left the room
[18:27:54] *** remko has joined the room
[18:27:58] *** remko shows as "online"
[18:30:20] *** Zash has left the room
[18:31:39] *** zash has joined the room
[18:31:39] *** zash shows as "online" and his status message is "I heard you like mudkips."
[18:32:45] *** Florian/Der Graf has left the room
[18:33:43] *** MattJ shows as "away" and his status message is "Away as a result of being too idle"
[18:34:52] *** Dave Cridland shows as "xa" and his status message is " (Not available as a result of being idle more than 15 min)"
[18:35:55] *** sjoerd.simons shows as "away"
[18:37:08] *** Tobias has joined the room
[18:38:16] *** Asterix shows as "away" and his status message is "Away from keyboard"
[18:38:18] *** sjoerd.simons shows as "online"
[18:39:25] *** Tobias has left the room
[18:40:04] *** Simon Josefsson shows as "away"
[18:42:14] *** Simon Josefsson shows as "online"
[18:43:14] *** Asterix shows as "xa" and his status message is "idle"
[18:48:04] *** Asterix shows as "online"
[18:55:24] *** steve.kille has joined the room
[18:55:25] *** steve.kille shows as "online" and his status message is "At my Desk"
[18:59:52] *** remko has left the room
[19:02:29] *** Asterix shows as "away" and his status message is "Away from keyboard"
[19:03:43] *** MattJ shows as "xa" and his status message is "Not available as a result of not being here"
[19:06:22] *** zash shows as "away" and his status message is "I heard you like mudkips."
[19:07:28] *** Asterix shows as "xa" and his status message is "idle"
[19:07:42] *** Asterix shows as "online"
[19:08:37] *** stpeter shows as "away" and his status message is "wandered off..."
[19:11:35] *** Tobias has joined the room
[19:11:41] *** Kev shows as "away"
[19:11:41] *** Kev shows as "online"
[19:11:47] *** Tobias has left the room
[19:11:53] *** steve.kille has left the room
[19:14:39] *** stpeter shows as "online"
[19:16:15] *** zash shows as "online" and his status message is "I heard you like mudkips."
[19:17:16] *** Asterix shows as "away" and his status message is "Away from keyboard"
[19:17:41] *** steve.kille has joined the room
[19:17:42] *** steve.kille shows as "away" and his status message is "At my Desk"
[19:19:10] *** Asterix shows as "online"
[19:20:51] *** steve.kille shows as "online" and his status message is "At my Desk"
[19:20:58] *** steve.kille shows as "online" and his status message is "Teddington"
[19:24:54] *** Simon Josefsson shows as "away"
[19:31:10] *** Asterix shows as "away" and his status message is "Away from keyboard"
[19:33:24] *** Dave Cridland shows as "online"
[19:34:39] *** sjoerd.simons has left the room
[19:34:42] *** sjoerd.simons has joined the room
[19:34:43] *** sjoerd.simons has left the room
[19:34:52] *** Sjoerd has joined the room
[19:34:53] *** Sjoerd shows as "online"
[19:34:56] *** Sjoerd shows as "online"
[19:34:58] *** Sjoerd shows as "online"
[19:35:04] *** Asterix shows as "online"
[19:35:09] *** Sjoerd shows as "online"
[19:35:41] *** steve.kille shows as "away" and his status message is "Teddington"
[19:39:47] *** Sjoerd has left the room
[19:39:52] *** sjoerd.simons has joined the room
[19:39:52] *** sjoerd.simons shows as "online"
[19:40:17] *** remko has joined the room
[19:40:20] *** remko shows as "online"
[19:42:11] *** Tobias has joined the room
[19:44:40] *** remko has left the room
[19:47:34] <stpeter> Dave Cridland: I did hear back from some folks at Coversant
[19:48:12] <Kev> Excellent.
[19:48:16] <Kev> Whatsaythey?
[19:48:29] <stpeter> they said they'll check into it :)
[19:49:09] <stpeter> BTW, as to the 6-month schedule, perhaps it would be good to schedule the interop weeks something like mid-way between Summits
[19:49:34] <stpeter> e.g., April/May and then October/November
[19:49:39] <stpeter> just a thought
[19:52:48] *** remko has joined the room
[19:52:52] *** remko shows as "online"
[19:53:48] *** sjoerd.simons has left the room
[19:54:01] *** sjoerd.simons has joined the room
[19:54:01] *** sjoerd.simons shows as "online"
[19:54:04] *** sjoerd.simons has left the room
[19:54:48] *** Dave Cridland shows as "away" and his status message is " (Away as a result of being idle more than 5 min)"
[19:54:55] *** Simon Josefsson shows as "xa"
[20:03:44] <Kev> Yes, we could do. Or could do it in the lead up to summits, both have merit.
[20:04:44] <stpeter> true
[20:04:48] *** Dave Cridland shows as "xa" and his status message is " (Not available as a result of being idle more than 15 min)"
[20:04:51] <stpeter> well, one interop week at a time :)
[20:05:10] <stpeter> the lead-up makes quite a bit of sense -- raise issues that need to be hammered out
[20:06:22] <Kev> This is our first interop week, and it's showing things that need doing next time around, etc, so I think these will be iterative.
[20:06:35] <stpeter> that's good
[20:06:38] *** Tobias shows as "away" and his status message is "Auto Status (idle)"
[20:06:59] <Kev> Some responsibilities were clear in advance, some not so.
[20:07:11] <Kev> That the iteam should sort out certs and dns was decided, and obvious.
[20:07:38] <Kev> Who should be responsible for cajoling vendors into participating was left somewhat in the air, as was who should be deciding on what gets tested.
[20:07:47] <Kev> I've appointed myself the latter, as Council Chair makes some sense.
[20:07:48] *** Tobias shows as "online"
[20:07:59] <Kev> In the absense of any group decision.
[20:08:49] <Kev> Next time around it'd be good to have DNS/Certs/Test plans in advance :)
[20:09:34] *** Florian shows as "away" and his status message is "Auto Status (idle)"
[20:11:47] *** steve.kille shows as "online" and his status message is "Teddington"
[20:15:42] *** sjoerd.simons has joined the room
[20:15:42] *** sjoerd.simons shows as "online"
[20:15:45] *** sjoerd.simons shows as "online"
[20:17:59] *** Tobias shows as "away" and his status message is "Auto Status (idle)"
[20:18:42] *** Tobias shows as "online"
[20:29:34] *** Florian shows as "xa" and his status message is "Auto Status (idle)"
[20:30:25] *** sjoerd.simons shows as "away"
[20:31:07] *** Florian shows as "online"
[20:32:50] *** badlop shows as "xa"
[20:33:35] *** Tobias shows as "away" and his status message is "Auto Status (idle)"
[20:36:06] *** stpeter shows as "away" and his status message is "wandered off..."
[20:37:17] *** Asterix shows as "away" and his status message is "Away from keyboard"
[20:37:25] *** Tobias shows as "online"
[20:38:12] *** stpeter shows as "online"
[20:38:34] *** Simon Josefsson shows as "online"
[20:38:43] <stpeter> nice: https://support.process-one.net/browse/EJAB-495
[20:39:00] <stpeter> yes, agreed
[20:42:17] *** Asterix shows as "xa" and his status message is "idle"
[20:42:44] *** Florian shows as "away" and his status message is "Auto Status (idle)"
[20:43:26] *** Dave Cridland shows as "online"
[20:45:41] *** Florian shows as "online"
[20:45:43] *** Asterix shows as "online"
[20:47:41] *** Simon Josefsson shows as "away"
[20:50:10] *** Dave Cridland shows as "away" and his status message is " (Away as a result of being idle more than 5 min)"
[20:52:02] *** Dave Cridland shows as "online"
[20:55:38] *** Kev shows as "away"
[20:56:35] *** Simon Josefsson shows as "online"
[20:58:39] *** Kev shows as "online"
[21:00:26] *** sjoerd.simons shows as "xa"
[21:01:08] *** steve.kille shows as "away" and his status message is "Teddington"
[21:01:40] *** sjoerd.simons shows as "online"
[21:01:44] *** Simon Josefsson shows as "away"
[21:01:52] <Dave Cridland> MattJ, You about?
[21:02:22] <Dave Cridland> Or alternately, can anyone get me the certificate off ejabberd21.xmpptest.com? openssl's s_client isn't quite clever enough to grab it.
[21:02:37] <fippo> dave: I told you to get my patched version :-)
[21:03:00] <Dave Cridland> fippo, We have starttls xmpp, but it sends the hostname not the domain.
[21:04:10] <fippo> dave: so your patch is similar to the crippled one the openssl people accepted for c2s :-p (shall I start a rant about openssl and how to get a feature patch accepted?)
[21:04:16] *** Simon Josefsson shows as "online"
[21:04:29] <remko> there's xmpp starttls support in openssl?
[21:04:39] <zash> There is
[21:04:54] <fippo> there is - c2s, without support for servers that actually use srv records
[21:04:55] <remko> handy
[21:05:00] <Dave Cridland> fippo, Your patch is better?
[21:05:01] <zash> In, 0.9.8g and above IIRC
[21:05:17] <fippo> dave: you can specify starttls to+from indepently on the commandline
[21:05:23] <zash> no, later
[21:05:27] <Dave Cridland> fippo, Oh, cool. Where is it again?
[21:05:38] <remko> oh, *without* srv
[21:05:39] <Dave Cridland> zash, Not later. Now!
[21:06:00] <zash> Dave Cridland: Later version of openssl :/
[21:06:29] <Dave Cridland> zash, Oh... Right.
[21:06:38] *** steve.kille shows as "online" and his status message is "Teddington"
[21:10:08] *** sjoerd.simons shows as "away"
[21:11:21] *** remko has left the room
[21:11:56] *** Simon Josefsson shows as "away"
[21:19:30] *** sjoerd.simons shows as "online"
[21:21:02] *** Kev has left the room
[21:21:58] *** steve.kille shows as "away" and his status message is "Teddington"
[21:27:06] *** stpeter shows as "away" and his status message is "wandered off..."
[21:27:20] *** Asterix shows as "away" and his status message is "Away from keyboard"
[21:27:25] *** Asterix shows as "online"
[21:27:42] *** badlop shows as "online"
[21:27:59] *** stpeter shows as "online"
[21:32:38] <fippo> badlop: do you see any hints why a host named 'fippo.testing.openssl' is not offered tls (or version 1.0) from ejabberd21.xmpptest.com?
[21:32:49] <fippo> typically, that tool works with ejabberd
[21:35:44] *** sjoerd.simons shows as "away"
[21:38:35] <Dave Cridland> fippo, Ah, yes, same for me. (With that tool, nice).
[21:40:47] <fippo> dave: it works with -connect jabberd.jabber.ccc.de -starttls_to jabber.ccc.de
[21:41:02] <Dave Cridland> fippo, WOrks against mlinktrunk, too.
[21:41:56] *** Simon Josefsson shows as "xa"
[21:42:31] <badlop> fippo: how can i reproduce that problem myself?
[21:42:42] *** Tobias has left the room
[21:54:11] <Dave Cridland> badlop, Can you send me the certificate?
[21:54:25] <fippo> dave: already gave you a link
[21:56:30] *** Flo has left the room
[21:57:45] *** Asterix shows as "away" and his status message is "Away from keyboard"
[21:58:38] <badlop> Dave Cridland: if that link doesn't help, ask me again the cert
[21:58:55] <Dave Cridland> badlop, No, I missed the link.
[21:59:00] <Dave Cridland> badlop, All sorted now.
[22:02:45] *** Asterix shows as "xa" and his status message is "idle"
[22:05:43] *** sjoerd.simons shows as "xa"
[22:06:03] *** Dave Cridland shows as "away" and his status message is " (Away as a result of being idle more than 5 min)"
[22:07:41] *** Asterix shows as "online"
[22:07:54] *** Asterix has left the room
[22:11:38] *** Dave Cridland shows as "online"
[22:14:56] *** Tobias has joined the room
[22:16:41] *** Dave Cridland shows as "away" and his status message is " (Away as a result of being idle more than 5 min)"
[22:25:05] *** stpeter shows as "away" and his status message is "wandered off..."
[22:26:40] *** Dave Cridland shows as "xa" and his status message is " (Not available as a result of being idle more than 15 min)"
[22:30:34] *** stpeter shows as "online"
[22:34:44] *** Dave Cridland shows as "online"
[22:37:56] *** Tobias shows as "away" and his status message is "Auto Status (idle)"
[22:41:26] *** stpeter shows as "away" and his status message is "wandered off..."
[22:42:14] *** steve.kille shows as "online" and his status message is "Teddington"
[22:43:28] *** Dave Cridland shows as "away" and his status message is " (Away as a result of being idle more than 5 min)"
[22:44:05] *** stpeter shows as "online"
[22:46:33] *** sjoerd.simons shows as "online"
[22:48:05] *** Tobias shows as "online"
[22:52:14] *** steve.kille shows as "away" and his status message is "Teddington"
[22:53:28] *** Dave Cridland shows as "xa" and his status message is " (Not available as a result of being idle more than 15 min)"
[22:57:25] *** Tobias has left the room
[22:59:39] *** steve.kille shows as "online" and his status message is "Teddington"
[23:04:02] *** stpeter shows as "away" and his status message is "wandered off..."
[23:04:43] *** stpeter shows as "online"
[23:19:25] *** steve.kille shows as "away" and his status message is "Teddington"
[23:22:43] *** steve.kille shows as "online" and his status message is "Teddington"
[23:23:37] *** zash has left the room
[23:29:53] *** Florian shows as "away" and his status message is "Auto Status (idle)"
[23:48:37] *** steve.kille shows as "away" and his status message is "Teddington"
[23:49:48] *** Florian shows as "xa" and his status message is "Auto Status (idle)"
[23:50:31] *** Florob has joined the room
[23:50:46] *** waqas has left the room