jdev - 2022-05-30

  1. jgart has joined

  2. Maranda[x] has left

  3. Kev has left

  4. FireFly has left

  5. antranigv has left

  6. antranigv has joined

  7. jgart has left

  8. antranigv has left

  9. antranigv has joined

  10. Ingolf has left

  11. Ingolf has joined

  12. antranigv has left

  13. lovetox has left

  14. Kev has joined

  15. antranigv has joined

  16. lovetox has joined

  17. antranigv has left

  18. antranigv has joined

  19. Kev has left

  20. antranigv has left

  21. antranigv has joined

  22. Kev has joined

  23. Kev has left

  24. Kev has joined

  25. antranigv has left

  26. Kev has left

  27. Maranda[x] has joined

  28. kfv has left

  29. kfv has joined

  30. Kev has joined

  31. Kev has left

  32. antranigv has joined

  33. Kev has joined

  34. antranigv has left

  35. spiral has left

  36. spiral has joined

  37. Kev has left

  38. antranigv has joined

  39. Maranda[x] has left

  40. atomicwatch has joined

  41. antranigv has left

  42. Yagizа has joined

  43. kikuchiyo has left

  44. dezant has left

  45. thomaslewis has left

  46. Millesimus has left

  47. Schimon has joined

  48. Millesimus has joined

  49. Kev has joined

  50. dezant has joined

  51. amee2k has joined

  52. thomaslewis has joined

  53. amee2k has left

  54. SouL has joined

  55. Maranda[x] has joined

  56. Kev has left

  57. antranigv has joined

  58. kikuchiyo has joined

  59. Kev has joined

  60. antranigv has left

  61. pasdesushi has joined

  62. nik has joined

  63. Stefan has joined

  64. Stefan has left

  65. Kev has left

  66. Schimon

    How can I cache them?

  67. Ingolf has left

  68. lovetox has left

  69. jubalh has left

  70. Kev has joined

  71. rubi has left

  72. rubi has joined

  73. antranigv has joined

  74. nik has left

  75. nik has joined

  76. lovetox has joined

  77. nik has left

  78. nik has joined

  79. SouL has left

  80. antranigv has left

  81. Kev has left

  82. adx has joined

  83. wurstsalat has joined

  84. Stefan has joined

  85. mh has left

  86. rubi has left

  87. rubi has joined

  88. Kev has joined

  89. xecks has left

  90. xecks has joined

  91. al has joined

  92. antranigv has joined

  93. mh has joined

  94. msavoritias has joined

  95. Kev has left

  96. antranigv has left

  97. antranigv has joined

  98. antranigv has left

  99. antranigv has joined

  100. antranigv has left

  101. antranigv has joined

  102. Ingolf has joined

  103. Kev has joined

  104. lovetox has left

  105. lovetox has joined

  106. Alex has joined

  107. mh has left

  108. antranigv has left

  109. antranigv has joined

  110. Kev has left

  111. al has left

  112. rom1dep has left

  113. Kev has joined

  114. rom1dep has joined

  115. mh has joined

  116. adx has left

  117. pulkomandy has left

  118. Kev has left

  119. xnamed has joined

  120. FireFly has joined

  121. antranigv has left

  122. Laura has left

  123. emus has joined

  124. Laura has joined

  125. larma has joined

  126. larma has left

  127. Kev has joined

  128. Laura has left

  129. Laura has joined

  130. SouL has joined

  131. Kev has left

  132. jubalh has joined

  133. Kev has joined

  134. pulkomandy has joined

  135. msavoritias has left

  136. pasdesushi has left

  137. pulkomandy has left

  138. Laura has left

  139. atomicwatch has left

  140. pasdesushi has joined

  141. Laura has joined

  142. pulkomandy has joined

  143. Laura has left

  144. Laura has joined

  145. goffi has joined

  146. abdullahi has left

  147. abdullahi has joined

  148. atomicwatch has joined

  149. debacle has joined

  150. antranigv has joined

  151. pulkomandy has left

  152. Laura has left

  153. Wojtek has joined

  154. larma has joined

  155. Laura has joined

  156. thomaslewis has left

  157. Millesimus has left

  158. Millesimus has joined

  159. antranigv has left

  160. adx has joined

  161. Wojtek has left

  162. Wojtek has joined

  163. Yagizа has left

  164. antranigv has joined

  165. Yagizа has joined

  166. antranigv has left

  167. antranigv has joined

  168. antranigv has left

  169. antranigv has joined

  170. antranigv has left

  171. adx has left

  172. msavoritias has joined

  173. msavoritias has left

  174. marmistrz has left

  175. marmistrz has joined

  176. adx has joined

  177. marmistrz has left

  178. marmistrz has joined

  179. kikuchiyo has left

  180. adx has left

  181. Matrix Traveler (bot) has left

  182. homebeach has left

  183. homebeach has joined

  184. Matrix Traveler (bot) has joined

  185. Laura has left

  186. antranigv has joined

  187. antranigv has left

  188. antranigv has joined

  189. antranigv has left

  190. kikuchiyo has joined

  191. Laura has joined

  192. atomicwatch has left

  193. antranigv has joined

  194. msavoritias has joined

  195. kikuchiyo has left

  196. antranigv has left

  197. selurvedu has left

  198. stuart.j.mackintosh has left

  199. stuart.j.mackintosh has joined

  200. atomicwatch has joined

  201. grishka@5222.de has joined

  202. antranigv has joined

  203. grishka@5222.de

    Hi. Are there any articles or other places where I can see example(s) of s2s streams? I'm trying to build a minimal XMPP server to understand the protocol, but so far the behavior I'm seeing in the real world from different servers doesn't always align with the specs.

  204. jonas’

    report any divergence from the specifications to the relevant software projects to get them fixed :)

  205. kikuchiyo has joined

  206. Laura has left

  207. Zash


  208. grishka@5222.de

    Take starttls for example: - jabber.ru doesn't *require* TLS, but messages I send don't get through to my client either - 5222.de (the one I'm writing this from) does go through starttls fine, but then sends me a dialback request that has my server domain in "from", on my outbound connection, wtf? - matrix.org requires TLS, but after TLS negotiation is done, closes the stream saying "Your server's certificate is invalid, expired, or not trusted by matrix.org" — what does this mean even? I don't receive an inbound connection from it. Am I supposed to provide a client certificate? Am I supposed to use my TLS server certificate for that?

  209. Laura has joined

  210. jonas’

    you seem to be mostly confused about the abomination which is dialback

  211. Zash

    Yeah, dialback causes instant confusion. All the terms are backwards.

  212. pasdesushi has left

  213. grishka@5222.de

    hm, okay, so does this actually mean that 5222.de wants me to verify its dialback key?

  214. Zash

    grishka@5222.de, in summary, your servers cert is probably wrong

  215. Zash

    Dialback is generally only used today when the cert is wrong somehow, e.g. expired or so

  216. grishka@5222.de

    and for my toy server it would be fine to swap to and from around and add result="valid" and send that back?

  217. Zash

    That's also what the message from matrix.org points at

  218. grishka@5222.de

    yeah well how *does* the other server get my server certificate?

  219. jonas’

    grishka@5222.de, you need to send it as client certificate

  220. grishka@5222.de

    the kind of TLS I'm used to only involves a single certificate, the one the server sends to the client

  221. jonas’


  222. grishka@5222.de

    ah okay

  223. jonas’

    xmpp s2s may use mutual TLS, so you'll have to send the cert along

  224. jonas’

    and then you may have to do SASL EXTERNAL to lock that in as authentication method

  225. msavoritias has left

  226. grishka@5222.de

    thanks, I'll try that (I'll have to go through the misery of dealing with Java's cryptography APIs either way, this just means I'll have to do it sooner than planned, lol)

  227. Zash

    https://xmpp.org/extensions/xep-0178.html#s2s might be handy

  228. Zash

    https://xmpp.org/extensions/xep-0288.html makes things even nicer and faster

  229. msavoritias has joined

  230. Laura has left

  231. pasdesushi has joined

  232. antranigv has left

  233. dezant has left

  234. Laura has joined

  235. adx has joined

  236. Martin has left

  237. dezant has joined

  238. Martin has joined

  239. msavoritias has left

  240. paul has left

  241. msavoritias has joined

  242. adx has left

  243. norayr has left

  244. Wojtek has left

  245. norayr has joined

  246. PapaTutuWawa has joined

  247. Laura has left

  248. antranigv has joined

  249. Wojtek has joined

  250. Laura has joined

  251. antranigv has left

  252. nik has left

  253. dezant has left

  254. larma has left

  255. Mx2 has left

  256. Laura has left

  257. pasdesushi has left

  258. Laura has joined

  259. rom1dep has left

  260. pasdesushi has joined

  261. Laura has left

  262. Laura has joined

  263. Mx2 has joined

  264. adx has joined

  265. Laura has left

  266. dezant has joined

  267. nik has joined

  268. xnamed has left

  269. kikuchiyo has left

  270. PapaTutuWawa has left

  271. PapaTutuWawa has joined

  272. nik has left

  273. nik has joined

  274. Laura has joined

  275. msavoritias has left

  276. Laura has left

  277. rom1dep has joined

  278. Laura has joined

  279. jubalh has left

  280. Mx2 has left

  281. Laura has left

  282. Laura has joined

  283. xnamed has joined

  284. dezant has left

  285. Laura has left

  286. dezant has joined

  287. marmistrz has left

  288. marmistrz has joined

  289. Laura has joined

  290. Mx2 has joined

  291. marmistrz has left

  292. marmistrz has joined

  293. Laura has left

  294. pulkomandy has joined

  295. antranigv has joined

  296. Laura has joined

  297. raghavgururajan has joined

  298. Laura has left

  299. Laura has joined

  300. pasdesushi has left

  301. edhelas has left

  302. pasdesushi has joined

  303. antranigv has left

  304. PapaTutuWawa has left

  305. antranigv has joined

  306. xnamed has left

  307. Wojtek has left

  308. Laura has left

  309. grishka@5222.de

    After setting up a client certificate + private key (and cursing at Java cryptography APIs) I'm now getting a different error: <unsupported-feature xmlns="urn:ietf:params:xml:ns:xmpp-streams"/><text xmlns="urn:ietf:params:xml:ns:xmpp-streams">No viable authentication method offered</text> So the client certificate replaces dialback, right?

  310. xnamed has joined

  311. Zash


  312. grishka@5222.de

    or probably I'm not doing the stream restart correctly, it's as if the receiving side doesn't expect me to send <stream:features> after restart

  313. grishka@5222.de

    gotta read the RFC again

  314. Maranda has left

  315. Mjolnir Archon has left

  316. Zash

    Unless you found a server other than Prosody producing that <text> message, it likely means _you_ did not offer TLS or SASL

  317. Zash

    Prosody says that for outgoing connections

  318. Laura has joined

  319. Zash

    Prosody → you. You're supposed to offer TLS or SASL

  320. Zash

    So, not about client certificates anymore

  321. antranigv has left

  322. grishka@5222.de

    I did offer TLS, I did negotiate TLS, and then I received that error over the encrypted connection after only offering dialback 🤔

  323. grishka@5222.de

    I'll try sending empty <stream:features/>

  324. Zash

    If the connection is secured it's expecting to be offered SASL probably

  325. Zash

    It's saying that if it gets a `<stream:features/>` without anything it knows how to handle, and the connection is not completed

  326. Zash

    I.e. it didn't do starttls, nor sasl, nor dialback

  327. Zash

    Due to the modular architecture, it has no idea why

  328. grishka@5222.de

    still I receive: <stream:features><mechanisms xmlns="urn:ietf:params:xml:ns:xmpp-sasl"><mechanism>EXTERNAL</mechanism></mechanisms><dialback xmlns="urn:xmpp:features:dialback"/></stream:features> I send: <stream:features><dialback xmlns="urn:xmpp:features:dialback"/></stream:features> then I receive the aforementioned error

  329. grishka@5222.de

    dialback _is_ a matching feature, so why is it not happy with that?

  330. xnamed has left

  331. Laura has left

  332. FireFly has left

  333. Zash

    Dialback is not advertised in `<stream:features>` for historical reasons

  334. Zash

    So if no SASL is offered, it's probably assumed to be there and attempted. Unless the module is not loaded, or some reason.

  335. moparisthebest

    grishka@5222.de, honestly if you implement TLS client auth (SASL EXTERNAL) you won't need to implement dialback today in 2022, but you need a trusted certificate from a CA

  336. nik has left

  337. grishka@5222.de

    I tried not sending <stream:features> and sending <db:request> instead, now it feels like I'm getting further — I'm receiving an incoming connection from 5222.de that gets stuck at starttls because I don't implement the receiving end of that yet, so that's the next thing to be taken care of I guess

  338. grishka@5222.de

    moparisthebest, it is a trusted certificate from a CA, it's a let's encrypt one I pulled out of my server

  339. moparisthebest

    and you are sending it as your client cert on outgoing connections ?

  340. grishka@5222.de


  341. moparisthebest

    then dialback shouldn't even come up

  342. Kev

    And you're constructing the chain correctly?

  343. edhelas has joined

  344. FireFly has joined

  345. Zash

    Also, you may be interested in https://badxmpp.eu/

  346. msavoritias has joined

  347. moparisthebest

    I guess what I'm saying is you should chase the bug in your TLS cert auth and forget about dialback, seeing a dialback attempt is just telling you your cert auth failed

  348. Zash

    Hm, wait

  349. Zash

    > I receive: <stream:features> > I send: <stream:features> on the same connection?

  350. Zash

    The party answering the connection sends stream features, not both

  351. Zash

    This all of course gets confusing when there are two connections involved

  352. Zash

    So it's a good idea to clarify which connections are involved

  353. antranigv has joined

  354. Laura has joined

  355. jubalh has joined

  356. Mx2 has left

  357. Mx2 has joined

  358. msavoritias has left

  359. antranigv has left

  360. antranigv has joined

  361. debacle has left

  362. grishka@5222.de

    Zash oh thanks for badxmpp.eu

  363. raghavgururajan has left

  364. Laura has left

  365. Laura has joined

  366. PapaTutuWawa has joined

  367. jubalh has left

  368. jubalh has joined

  369. Mjolnir Archon has joined

  370. Mjolnir Archon has left

  371. Maranda has joined

  372. Mjolnir Archon has joined

  373. Kev has left

  374. Beherit has joined

  375. atomicwatch has left

  376. atomicwatch has joined

  377. debacle has joined

  378. Laura has left

  379. Laura has joined

  380. atomicwatch has left

  381. Laura has left

  382. atomicwatch has joined

  383. abdullahi has left

  384. abdullahi has joined

  385. Stefan has left

  386. xnamed has joined

  387. larma has joined

  388. Maranda has left

  389. Mjolnir Archon has left

  390. Laura has joined

  391. Millesimus has left

  392. Schimon has left

  393. jgart has joined

  394. Millesimus has joined

  395. Mjolnir Archon has joined

  396. Maranda has joined

  397. FireFly has left

  398. antranigv has left

  399. msavoritias has joined

  400. antranigv has joined

  401. SouL has left

  402. Millesimus has left

  403. SouL has joined

  404. antranigv has left

  405. Kev has joined

  406. Kev has left

  407. Kev has joined

  408. Kev has left

  409. Beherit has left

  410. Millesimus has joined

  411. debacle has left

  412. Maranda has left

  413. Mjolnir Archon has left

  414. Matrix Traveler (bot) has left

  415. homebeach has left

  416. homebeach has joined

  417. Matrix Traveler (bot) has joined

  418. Mjolnir Archon has joined

  419. Maranda has joined

  420. Yagizа has left

  421. FireFly has joined

  422. FireFly has left

  423. FireFly has joined

  424. emus has left

  425. debacle has joined

  426. emus has joined

  427. Ingolf has left

  428. Ingolf has joined

  429. grishka@5222.de has left

  430. pasdesushi has left

  431. marc0s has left

  432. marc0s has joined

  433. thomaslewis has joined

  434. msavoritias has left

  435. adx has left

  436. adx has joined

  437. Maranda has left

  438. Mjolnir Archon has left

  439. Mjolnir Archon has joined

  440. Maranda has joined

  441. wurstsalat has left

  442. xnamed has left

  443. SouL has left

  444. marc0s has left

  445. marc0s has joined

  446. Ingolf has left

  447. goffi has left

  448. antranigv has joined

  449. amee2k has joined

  450. PapaTutuWawa has left

  451. larma has left

  452. emus has left

  453. amee2k has left

  454. adx has left

  455. amee2k has joined