XSF Discussion - 2020-09-21

Daniel, hey, how about integrating `curl -XPOST -H 'Content-Type: application/json' -d'{"target": "$domain"}' https://observe.jabber.network/api/v1/check/xmpps-client` in the XEP-0368 tester of compliance.c.im to avoid false-positives? AFAICT it currently only tests the existence of SRV records, not whether they actually work correctly.

if you don’t want to third-party this, I can also provide you with a configsnippet for https://github.com/horazont/xmpp-blackbox-exporter to have it more local to the compliance tester.

It half assed tries to open a stream

But I'll keep that in mind / take a look when I have more time at my hands

People messed up their sslh Configs. So we do enough connecting to make sure we don't Connect to http or ssh

I’ve seen a few who claimed to got a green tickmark, but in fact pointed the xmpps records at the normal starttls port

without any multiplexing

(at least openssl s_client failed with "wrong version number", which usually indicates plaintext)

Mhh dunno. I've seen the opposite as well. Where people complained that the evil compliance tester doesn't give them green even though they set up records (and pointed them to 5222)

But I'm not ruling out bugs. Like I said the stream start check is very rudimentary

Maybe PM me credentials to a server in question and I can check

I don’t have credentials for any, but you shouldn’t need credentials for that type of test?

Yes. But I can't run tests individually

hm, I’ll ask them to ask you then

because I can’t pass on that info, it’s an o.j.n request

At least not w/o touching code for which I don't have time currently

can you send me a JID to pass on to them?

Daniel, sorry for the noise, I confused two domains.

The client connection looks fine. The server connection might not be

yeah, that one is good

the other one is not, but the other one also didn’t claim 100% green on the c.c.im tool yet