-
moparisthebest
POSH, does the certificate have to have a matching name or be non-expired?
-
moparisthebest
the only indication that it may have to be non-expired is a note, not in the certification section: > The fingerprint hash for a given hash algorithm is generated by performing the named hash function over the DER encoding of the PKIX X.509 certificate. (This implies that if the certificate expires or is revoked, the fingerprint value will be out of date.)
-
moparisthebest
I don't know why hashing some bytes would imply anything like that, and no normative language
-
moparisthebest
at a quick glance neither prosody nor conversations check expiration: https://hg.prosody.im/prosody-modules/file/58a112bd9792/mod_s2s_auth_posh/mod_s2s_auth_posh.lua#l112 https://github.com/iNPUTmice/Conversations/blob/0717f9ba1865063277daf8fb04f2b96b1590a4e4/src/main/java/eu/siacs/conversations/services/MemorizingTrustManager.java#L390 fwiw I don't think expiration should be checked, but wanted to get opinions, cc Zash MattJ Daniel
-
MattJ
If the owner keeps the file around saying to trust that cert, I don't see that checking expiry is desirable or useful
-
moparisthebest
yes, and the https cert has to be not expired, I agree
-
andrew
Hi people. I'm pretty new to XMPP, and I would like to i.e. have two different accounts in the same room. It causes a nickname conflict, if i.e. I use andrew@andrewyu.orog and andrew@some-other-server.org. How do I deal with that?
-
andrew
Apparantly in this client I do /join xsf@muc.xmpp.org/nickname
-
andrew
thanks :)
-
MattJ
You're welcome :)