jdev - 2020-02-03

  1. raj

    hi i trying to connect my ejabberd localhost server from my xmpp client with smack lib but it will not connected other client applications (Ex : Simple xmpp client) are getting connected after enable the TLS my question is how to enable the TLS in my xmpp client app Please help to resolve the issue..

  2. pep.

    raj, it's not possible with normal CAs to get valid certificates for "localhost". You can either generate a self-signed certificate and place it in you store, or point a domain at your machine and generate a cert for that domain, or disable TLS

  3. raj

    may i want to know how to disable the TLS in my localhost ejabberd server Please help me ..

  4. raj

    thanks for your replay pep. may i want to know how to disable the TLS in my localhost ejabberd server Please help me ..

  5. pep.

    I don't use ejabberd sorry, wait a bit for someone else to see this :)

  6. Kev

    I expect the ejabberd documentation will likely have this.

  7. jonas’

    or the client configuration

  8. jonas’

    it’s probably easier to turn off TLS verification in the client than disabling TLS in the server and then convincing both the server and the client that doing PLAIN auth over non-TLS is a good idea

  9. Alex

    I am not that familiar with smack,but many other libs have callbacks for cert validation where you can accept also invalid certificates for development,or trust all untrusted certs by default

  10. Ge0rG

    raj: https://github.com/yaxim-org/yaxim/blob/master/src/org/yaxim/androidclient/service/SmackableImp.java#L260-L266

  11. Ge0rG

    Alex: just don't do *that*

  12. raj

    thanks to all this link is hole client server communication is correct?

  13. Alex

    Ge0rG: for dev purposes, of course not for production software

  14. Ge0rG

    Alex: those are the famous last words

  15. Ge0rG

    I've seen one too many app in production with the AcceptAllTrustManager

  16. flow

    I would suggest to use TLS cert pinning instead of accepting all certificates for the reasons Ge0rG mentioned. For java (and smack) there is https://github.com/Flowdalic/java-pinning

  17. flow

    raj, in case you are using java client side ^

  18. Ge0rG

    as raj mentioned smack, I'd assume so

  19. ralphm

    Kev: the problem with (my modified) mod_block_strangers is that in MUCs you send presence to your occupant JID, but the MAM messages come from the room JID. AFAIK, I can not easily check if I have directed presence to the occupant JID when a MAM message comes in :-(

  20. ralphm

    Maybe MattJ or other Prosody devs have ideas.

  21. Kev

    I think the implication is that if you uncloak to a resource, you accept stanzas from bare/full* for that JID.

  22. Kev

    Or were you saying that the internal API means you can't tell this?

  23. ralphm

    I was saying that I believe that's the case. But might be wrong.

  24. Kev

    Ah, ok.

  25. ralphm

    The initial check looks like this: ```if to_user and not has_directed_presence(stanza.attr.to, from_jid) and not is_contact_subscribed(to_user, or stanza.name == "iq" and (stanza.attr.type == "result" or stanza.attr.type == "error") then | to_host, from_jid)```

  26. ralphm


  27. ralphm

    that's two windows.

  28. ralphm

    ```if to_user and not has_directed_presence(stanza.attr.to, from_jid) and not is_contact_subscribed(to_user, to_host, from_jid) then```

  29. Zash

    ralphm: You directed presence goes to the full JID but you wanna compare on bare jid because MUC MAM comes from that? https://modules.prosody.im/mod_track_muc_joins.html can help you keep track

  30. ralphm

    Zash: I tried this instead. Haven't tested it, yet, but what do you think? http://hg.ik.nu/ralphm/prosody-modules/rev/fe1476379d0a

  31. ralphm

    I think I basically compare all the directed presence on the bare JID instead of the potential full JID for MUCs. I noticed that there's a comment in mod_presence where directed presence is recorded: `FIXME does it make more sense to add to_bare rather than to?`.

  32. Zash

    Change looks fine

  33. ralphm

    Seems to work. I used Snikket to send a message to my normal JID. Didn't pass. Then accepted the presence request, and the next message succeeded.

  34. ralphm

    Also got MAM history from the prosody channel.