jdev - 2020-02-03

hi i trying to connect my ejabberd localhost server from my xmpp client with smack lib but it will not connected other client applications (Ex : Simple xmpp client) are getting connected after enable the TLS my question is how to enable the TLS in my xmpp client app Please help to resolve the issue..

raj, it's not possible with normal CAs to get valid certificates for "localhost". You can either generate a self-signed certificate and place it in you store, or point a domain at your machine and generate a cert for that domain, or disable TLS

thanks for your replay pep. may i want to know how to disable the TLS in my localhost ejabberd server Please help me .. ✏

I don't use ejabberd sorry, wait a bit for someone else to see this :)

I expect the ejabberd documentation will likely have this.

or the client configuration

it’s probably easier to turn off TLS verification in the client than disabling TLS in the server and then convincing both the server and the client that doing PLAIN auth over non-TLS is a good idea

I am not that familiar with smack,but many other libs have callbacks for cert validation where you can accept also invalid certificates for development,or trust all untrusted certs by default

raj: https://github.com/yaxim-org/yaxim/blob/master/src/org/yaxim/androidclient/service/SmackableImp.java#L260-L266

Alex: just don't do *that*

thanks to all this link is hole client server communication is correct?

Ge0rG: for dev purposes, of course not for production software

Alex: those are the famous last words

I've seen one too many app in production with the AcceptAllTrustManager

I would suggest to use TLS cert pinning instead of accepting all certificates for the reasons Ge0rG mentioned. For java (and smack) there is https://github.com/Flowdalic/java-pinning

raj, in case you are using java client side ^

as raj mentioned smack, I'd assume so

Kev: the problem with (my modified) mod_block_strangers is that in MUCs you send presence to your occupant JID, but the MAM messages come from the room JID. AFAIK, I can not easily check if I have directed presence to the occupant JID when a MAM message comes in :-(

Maybe MattJ or other Prosody devs have ideas.

I think the implication is that if you uncloak to a resource, you accept stanzas from bare/full* for that JID.

Or were you saying that the internal API means you can't tell this?

I was saying that I believe that's the case. But might be wrong.

Ah, ok.

The initial check looks like this: ```if to_user and not has_directed_presence(stanza.attr.to, from_jid) and not is_contact_subscribed(to_user, or stanza.name == "iq" and (stanza.attr.type == "result" or stanza.attr.type == "error") then | to_host, from_jid)```

oops

that's two windows.

```if to_user and not has_directed_presence(stanza.attr.to, from_jid) and not is_contact_subscribed(to_user, to_host, from_jid) then```

ralphm: You directed presence goes to the full JID but you wanna compare on bare jid because MUC MAM comes from that? https://modules.prosody.im/mod_track_muc_joins.html can help you keep track

Zash: I tried this instead. Haven't tested it, yet, but what do you think? http://hg.ik.nu/ralphm/prosody-modules/rev/fe1476379d0a

I think I basically compare all the directed presence on the bare JID instead of the potential full JID for MUCs. I noticed that there's a comment in mod_presence where directed presence is recorded: `FIXME does it make more sense to add to_bare rather than to?`.

Change looks fine

Seems to work. I used Snikket to send a message to my normal JID. Didn't pass. Then accepted the presence request, and the next message succeeded.

Also got MAM history from the prosody channel.