Nathan of Guardian <[email protected]> writes: > We can look at the Smack source code here: > https://github.com/rtreffer/smack/blob/master/source/org/jivesoftware/smack/SASLAuthentication.java#L480 > > Somehow that seems tied to this "session supported" capability: > > /** > * Notification message saying that the server supports sessions. > When a server supports > * sessions the client needs to send a Session packet after > successfully binding a resource > * for the session. > */ > void sessionsSupported() { > sessionSupported = true; > }
It turns out that jabberd2 does not send the session supported capability. This is wrong according to RFC3921, as I understand it. However, it also seems that libpurple does not check that this capability is enabled, and just assumes it is. So it seems like it would be good to do two things in parallel: 1) file a bug with jabberd2 so the capability is advertised 2) adjust the Smack code used with ChatSecure to just log a warning instead of throwing a fatal exception. If we don't do 2, then we should 2a) ensure that the error message displayed is "server did not advertise 'session supported' capability" rather than auth failure. I will look into filing a bug with jabberd2.
pgpSjOkj57FhP.pgp
Description: PGP signature
_______________________________________________ List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev To unsubscribe, email: [email protected]
