-
Notifications
You must be signed in to change notification settings - Fork 8
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Initial rough dialback support #18
Conversation
related to #18 |
38cc260
to
e703cdd
Compare
It still wont work for me :( It close connection after // edit shortened |
Ah yes, that's probably the open point "Stop offering SASL external if cert invalid" |
@@ -201,6 +202,12 @@ def router | |||
@config.router | |||
end | |||
|
|||
# Returns the current +State+ of the stream's state machine. Provided as a | |||
# method so subclasses can override the behavior. | |||
def state |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
forgot to remove the state
definition at line 301?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Eh, yes.
secret = Kit.auth_token | ||
dialback_key = Kit.dialback_key(secret, stream.remote_domain, stream.domain, stream.id) | ||
|
||
stream.write(%Q(<db:result from="#{stream.domain}" to="#{stream.remote_domain}">#{dialback_key}</db:result>)) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is where the initiating server initiates the dialback procedure, since it isn't offered SASL authentication because the server it connects to couldn't validate our certificate on one of its outbound connections. Is that the part you're missing maybe?
in respect of XEP-0220
We added it to find it later so we have to remove it after reusing, otherwise stanza will be pushed into void.
In respect of falling back to dialback we have to accept the certificate and remember the failed validation later.
If it is required we have to close the stream instead of restarting and falling back to dialback.
or continue with SASL authentication. Close the stream if force_s2s_encryption is set!
* Added missing namespaces * Removed test skip flags
* Moving callback to auth layer
Initial rough dialback support
No cluster support (Only if upstream interested?)see Cluster dialback support for vines #52Investigate also adding Bidi (XEP-0288) support (Only if upstream interested?)see Adding Bidi (XEP-0288) support to Vines #53