On Wed Oct 15 11:01:28 2008, Norman Rasmussen wrote:
On Wed, Oct 15, 2008 at 11:25 AM, Dave Cridland <[EMAIL PROTECTED]>
wrote:
> Does your server always do dialback, or does it sometimes do
TLS-based
> authentication? Does it do it with jabber.org? Does anyone? Ever?
>
I think so, there a bug with the version of jabberd2 that I'm
running, that
it never offers a client cert, so currently it _has_ to dialback.
Are you sure?
You're offering *me* a client cert, certainly, and I'm signalling
it's good.
From my telemetry logging:
(9:33:36) Recv (51)
<starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'/>
(9:33:36) Send (50)
<proceed xmlns='urn:ietf:params:xml:ns:xmpp-tls'/>
(9:33:39) Recv (201)
<?xml version='1.0'?><stream:stream
xmlns:stream='http://etherx.jabber.org/streams' xmlns='jabber:server'
to='dave.cridland.net' from='darkskies.za.net' version='1.0'
xmlns:db='jabber:server:dialback'>
(9:33:39) Send (493)
<?xml version='1.0'?><stream:stream xmlns='jabber:server'
xmlns:db='jabber:server:dialback'
xmlns:stream='http://etherx.jabber.org/streams' to='darkskies.za.net'
from='dave.cridland.net' id='af4be607150d2781'
version='1.0'><stream:features><mechanisms
xmlns='urn:ietf:params:xml:ns:xmpp-sasl'><mechanism>EXTERNAL</mechanism></mechanisms><dialback
xmlns='urn:xmpp:features:dialback'/><compression
xmlns='http://jabber.org/features/compress'><method>zlib</method></compression></stream:features>
Note that I'm offering EXTERNAL. You then give me a <db:result/>, so
it looks like jabberd2 is simply being weird. Presumably it can't
verify my certificate, although why it then chooses to authenticate
itself in a different way I've no idea, since that makes no sense to
me. :-)
In the logging, I see an xmpp.net certificate, supplied on your
initial connection, from which I select darkskies.za.net as a
candidate default.
Dave.
--
Dave Cridland - mailto:[EMAIL PROTECTED] - xmpp:[EMAIL PROTECTED]
- acap://acap.dave.cridland.net/byowner/user/dwd/bookmarks/
- http://dave.cridland.net/
Infotrope Polymer - ACAP, IMAP, ESMTP, and Lemonade
