-
jonas’
Daniel, hey, how about integrating `curl -XPOST -H 'Content-Type: application/json' -d'{"target": "$domain"}' https://observe.jabber.network/api/v1/check/xmpps-client` in the XEP-0368 tester of compliance.c.im to avoid false-positives? AFAICT it currently only tests the existence of SRV records, not whether they actually work correctly.
-
jonas’
if you don’t want to third-party this, I can also provide you with a configsnippet for https://github.com/horazont/xmpp-blackbox-exporter to have it more local to the compliance tester.
-
Daniel
It half assed tries to open a stream
-
Daniel
But I'll keep that in mind / take a look when I have more time at my hands
-
Daniel
People messed up their sslh Configs. So we do enough connecting to make sure we don't Connect to http or ssh
-
jonas’
I’ve seen a few who claimed to got a green tickmark, but in fact pointed the xmpps records at the normal starttls port
-
jonas’
without any multiplexing
-
jonas’
(at least openssl s_client failed with "wrong version number", which usually indicates plaintext)
-
Daniel
Mhh dunno. I've seen the opposite as well. Where people complained that the evil compliance tester doesn't give them green even though they set up records (and pointed them to 5222)
-
Daniel
But I'm not ruling out bugs. Like I said the stream start check is very rudimentary
-
Daniel
Maybe PM me credentials to a server in question and I can check
-
jonas’
I don’t have credentials for any, but you shouldn’t need credentials for that type of test?
-
Daniel
Yes. But I can't run tests individually
-
jonas’
hm, I’ll ask them to ask you then
-
jonas’
because I can’t pass on that info, it’s an o.j.n request
-
Daniel
At least not w/o touching code for which I don't have time currently
-
jonas’
can you send me a JID to pass on to them?
-
jonas’
Daniel, sorry for the noise, I confused two domains.
-
Daniel
The client connection looks fine. The server connection might not be
-
jonas’
yeah, that one is good
-
jonas’
the other one is not, but the other one also didn’t claim 100% green on the c.c.im tool yet