hi i trying to connect my ejabberd localhost server from my xmpp client with smack lib but it will not connected other client applications (Ex : Simple xmpp client) are getting connected after enable the TLS my question is how to enable the TLS in my xmpp client app Please help to resolve the issue..
asterixhas left
bhaveshsguptahas left
asterixhas joined
bhaveshsguptahas joined
asterixhas left
asterixhas joined
bhaveshsguptahas left
asterixhas left
asterixhas joined
bhaveshsguptahas joined
bhaveshsguptahas left
bhaveshsguptahas joined
asterixhas left
asterixhas joined
Marchas left
bhaveshsguptahas left
bhaveshsguptahas joined
Marchas joined
asterixhas left
asterixhas joined
bhaveshsguptahas left
bhaveshsguptahas joined
Extarvhas left
Extarvhas joined
pep.
raj, it's not possible with normal CAs to get valid certificates for "localhost". You can either generate a self-signed certificate and place it in you store, or point a domain at your machine and generate a cert for that domain, or disable TLS
raj
may i want to know how to disable the TLS in my localhost ejabberd server Please help me ..✎
raj
thanks for your replay pep. may i want to know how to disable the TLS in my localhost ejabberd server Please help me .. ✏
bhaveshsguptahas left
bhaveshsguptahas joined
pep.
I don't use ejabberd sorry, wait a bit for someone else to see this :)
Kev
I expect the ejabberd documentation will likely have this.
jonas’
or the client configuration
bhaveshsguptahas left
jonas’
it’s probably easier to turn off TLS verification in the client than disabling TLS in the server and then convincing both the server and the client that doing PLAIN auth over non-TLS is a good idea
Alex
I am not that familiar with smack,but many other libs have callbacks for cert validation where you can accept also invalid certificates for development,or trust all untrusted certs by default
thanks to all this link is hole client server communication is correct?
Alex
Ge0rG: for dev purposes, of course not for production software
bhaveshsguptahas left
Ge0rG
Alex: those are the famous last words
Ge0rG
I've seen one too many app in production with the AcceptAllTrustManager
bhaveshsguptahas joined
flow
I would suggest to use TLS cert pinning instead of accepting all certificates for the reasons Ge0rG mentioned. For java (and smack) there is https://github.com/Flowdalic/java-pinning
flow
raj, in case you are using java client side ^
Ge0rG
as raj mentioned smack, I'd assume so
bhaveshsguptahas left
bhaveshsguptahas joined
bhaveshsguptahas left
pulkomandyhas left
pulkomandyhas joined
bhaveshsguptahas joined
bhaveshsguptahas left
pulkomandyhas left
bhaveshsguptahas joined
pulkomandyhas joined
larmahas left
bhaveshsguptahas left
bhaveshsguptahas joined
bhaveshsguptahas left
pulkomandyhas left
pulkomandyhas joined
bhaveshsguptahas joined
ralphm
Kev: the problem with (my modified) mod_block_strangers is that in MUCs you send presence to your occupant JID, but the MAM messages come from the room JID. AFAIK, I can not easily check if I have directed presence to the occupant JID when a MAM message comes in :-(
ralphm
Maybe MattJ or other Prosody devs have ideas.
debaclehas joined
bhaveshsguptahas left
bhaveshsguptahas joined
Kev
I think the implication is that if you uncloak to a resource, you accept stanzas from bare/full* for that JID.
Kev
Or were you saying that the internal API means you can't tell this?
ralphm
I was saying that I believe that's the case. But might be wrong.
Kev
Ah, ok.
ralphm
The initial check looks like this:
```if to_user and not has_directed_presence(stanza.attr.to, from_jid) and not is_contact_subscribed(to_user,
or stanza.name == "iq" and (stanza.attr.type == "result" or stanza.attr.type == "error") then | to_host, from_jid)```
ralphm
oops
ralphm
that's two windows.
ralphm
```if to_user and not has_directed_presence(stanza.attr.to, from_jid) and not is_contact_subscribed(to_user, to_host, from_jid) then```
bhaveshsguptahas left
bhaveshsguptahas joined
pulkomandyhas left
kikuchiyohas left
kikuchiyohas joined
pulkomandyhas joined
bhaveshsguptahas left
goffihas joined
goffihas left
goffihas joined
Zash
ralphm: You directed presence goes to the full JID but you wanna compare on bare jid because MUC MAM comes from that? https://modules.prosody.im/mod_track_muc_joins.html can help you keep track
bhaveshsguptahas joined
pulkomandyhas left
pulkomandyhas joined
bhaveshsguptahas left
bhaveshsguptahas joined
Marchas left
Syndacehas left
Marchas joined
Kevhas left
Syndacehas joined
bhaveshsguptahas left
Marchas left
Syndacehas left
Marchas joined
Syndacehas joined
bhaveshsguptahas joined
Marchas left
Marchas joined
bhaveshsguptahas left
bhaveshsguptahas joined
ralphm
Zash: I tried this instead. Haven't tested it, yet, but what do you think? http://hg.ik.nu/ralphm/prosody-modules/rev/fe1476379d0a
ralphm
I think I basically compare all the directed presence on the bare JID instead of the potential full JID for MUCs. I noticed that there's a comment in mod_presence where directed presence is recorded: `FIXME does it make more sense to add to_bare rather than to?`.
bhaveshsguptahas left
Zash
Change looks fine
bhaveshsguptahas joined
ralphmhas left
ralphmhas joined
bhaveshsguptahas left
ralphm
Seems to work. I used Snikket to send a message to my normal JID. Didn't pass. Then accepted the presence request, and the next message succeeded.