rajhi i trying to connect my ejabberd localhost server from my xmpp client with smack lib but it will not connected other client applications (Ex : Simple xmpp client) are getting connected after enable the TLS my question is how to enable the TLS in my xmpp client app Please help to resolve the issue..
asterixhas left
bhaveshsguptahas left
asterixhas joined
bhaveshsguptahas joined
asterixhas left
asterixhas joined
bhaveshsguptahas left
asterixhas left
asterixhas joined
bhaveshsguptahas joined
bhaveshsguptahas left
bhaveshsguptahas joined
asterixhas left
asterixhas joined
Marchas left
bhaveshsguptahas left
bhaveshsguptahas joined
Marchas joined
asterixhas left
asterixhas joined
bhaveshsguptahas left
bhaveshsguptahas joined
Extarvhas left
Extarvhas joined
pep.raj, it's not possible with normal CAs to get valid certificates for "localhost". You can either generate a self-signed certificate and place it in you store, or point a domain at your machine and generate a cert for that domain, or disable TLS
rajmay i want to know how to disable the TLS in my localhost ejabberd server Please help me ..✎
rajthanks for your replay pep. may i want to know how to disable the TLS in my localhost ejabberd server Please help me .. ✏
bhaveshsguptahas left
bhaveshsguptahas joined
pep.I don't use ejabberd sorry, wait a bit for someone else to see this :)
KevI expect the ejabberd documentation will likely have this.
jonas’or the client configuration
bhaveshsguptahas left
jonas’it’s probably easier to turn off TLS verification in the client than disabling TLS in the server and then convincing both the server and the client that doing PLAIN auth over non-TLS is a good idea
AlexI am not that familiar with smack,but many other libs have callbacks for cert validation where you can accept also invalid certificates for development,or trust all untrusted certs by default
rajthanks to all this link is hole client server communication is correct?
AlexGe0rG: for dev purposes, of course not for production software
bhaveshsguptahas left
Ge0rGAlex: those are the famous last words
Ge0rGI've seen one too many app in production with the AcceptAllTrustManager
bhaveshsguptahas joined
flowI would suggest to use TLS cert pinning instead of accepting all certificates for the reasons Ge0rG mentioned. For java (and smack) there is https://github.com/Flowdalic/java-pinning
flowraj, in case you are using java client side ^
Ge0rGas raj mentioned smack, I'd assume so
bhaveshsguptahas left
bhaveshsguptahas joined
bhaveshsguptahas left
pulkomandyhas left
pulkomandyhas joined
bhaveshsguptahas joined
bhaveshsguptahas left
pulkomandyhas left
bhaveshsguptahas joined
pulkomandyhas joined
larmahas left
bhaveshsguptahas left
bhaveshsguptahas joined
bhaveshsguptahas left
pulkomandyhas left
pulkomandyhas joined
bhaveshsguptahas joined
ralphmKev: the problem with (my modified) mod_block_strangers is that in MUCs you send presence to your occupant JID, but the MAM messages come from the room JID. AFAIK, I can not easily check if I have directed presence to the occupant JID when a MAM message comes in :-(
ralphmMaybe MattJ or other Prosody devs have ideas.
debaclehas joined
bhaveshsguptahas left
bhaveshsguptahas joined
KevI think the implication is that if you uncloak to a resource, you accept stanzas from bare/full* for that JID.
KevOr were you saying that the internal API means you can't tell this?
ralphmI was saying that I believe that's the case. But might be wrong.
KevAh, ok.
ralphmThe initial check looks like this:
```if to_user and not has_directed_presence(stanza.attr.to, from_jid) and not is_contact_subscribed(to_user,
or stanza.name == "iq" and (stanza.attr.type == "result" or stanza.attr.type == "error") then | to_host, from_jid)```
ralphmoops
ralphmthat's two windows.
ralphm```if to_user and not has_directed_presence(stanza.attr.to, from_jid) and not is_contact_subscribed(to_user, to_host, from_jid) then```
bhaveshsguptahas left
bhaveshsguptahas joined
pulkomandyhas left
kikuchiyohas left
kikuchiyohas joined
pulkomandyhas joined
bhaveshsguptahas left
goffihas joined
goffihas left
goffihas joined
Zashralphm: You directed presence goes to the full JID but you wanna compare on bare jid because MUC MAM comes from that? https://modules.prosody.im/mod_track_muc_joins.html can help you keep track
bhaveshsguptahas joined
pulkomandyhas left
pulkomandyhas joined
bhaveshsguptahas left
bhaveshsguptahas joined
Marchas left
Syndacehas left
Marchas joined
Kevhas left
Syndacehas joined
bhaveshsguptahas left
Marchas left
Syndacehas left
Marchas joined
Syndacehas joined
bhaveshsguptahas joined
Marchas left
Marchas joined
bhaveshsguptahas left
bhaveshsguptahas joined
ralphmZash: I tried this instead. Haven't tested it, yet, but what do you think? http://hg.ik.nu/ralphm/prosody-modules/rev/fe1476379d0a
ralphmI think I basically compare all the directed presence on the bare JID instead of the potential full JID for MUCs. I noticed that there's a comment in mod_presence where directed presence is recorded: `FIXME does it make more sense to add to_bare rather than to?`.
bhaveshsguptahas left
ZashChange looks fine
bhaveshsguptahas joined
ralphmhas left
ralphmhas joined
bhaveshsguptahas left
ralphmSeems to work. I used Snikket to send a message to my normal JID. Didn't pass. Then accepted the presence request, and the next message succeeded.
ralphmAlso got MAM history from the prosody channel.