Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Initial rough dialback support #18

Merged
merged 27 commits into from
Feb 24, 2015
Merged

Initial rough dialback support #18

merged 27 commits into from
Feb 24, 2015

Conversation

jhass
Copy link
Member

@jhass jhass commented Aug 21, 2014

@zauberstuhl
Copy link

related to #18

@zauberstuhl
Copy link

It still wont work for me :( It close connection after lib/vines/stream/server/outbound/tls.rb:

// edit shortened

@jhass
Copy link
Member Author

jhass commented Nov 20, 2014

Ah yes, that's probably the open point "Stop offering SASL external if cert invalid"

@@ -201,6 +202,12 @@ def router
@config.router
end

# Returns the current +State+ of the stream's state machine. Provided as a
# method so subclasses can override the behavior.
def state

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

forgot to remove the state definition at line 301?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Eh, yes.

@zauberstuhl zauberstuhl modified the milestones: next-build, 0.1.26 Dec 28, 2014
secret = Kit.auth_token
dialback_key = Kit.dialback_key(secret, stream.remote_domain, stream.domain, stream.id)

stream.write(%Q(<db:result from="#{stream.domain}" to="#{stream.remote_domain}">#{dialback_key}</db:result>))
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is where the initiating server initiates the dialback procedure, since it isn't offered SASL authentication because the server it connects to couldn't validate our certificate on one of its outbound connections. Is that the part you're missing maybe?

@zauberstuhl zauberstuhl changed the title Initial rough dialback support [WIP] Initial rough dialback support Jan 27, 2015
jhass and others added 26 commits February 24, 2015 22:44
* Revert using sets for router collections
* Introduce Node utility module to hold utility functions, move some
  there
* Find outbound stream in dialback by id
We added it to find it later so we
have to remove it after reusing,
otherwise stanza will be pushed into void.
In respect of falling back to dialback we
have to accept the certificate and remember
the failed validation later.
If it is required we have to close the stream
instead of restarting and falling back to dialback.
or continue with SASL authentication.
Close the stream if force_s2s_encryption is set!
* Added missing namespaces
* Removed test skip flags
@zauberstuhl zauberstuhl changed the title [WIP] Initial rough dialback support Initial rough dialback support Feb 24, 2015
zauberstuhl pushed a commit that referenced this pull request Feb 24, 2015
Initial rough dialback support
@zauberstuhl zauberstuhl merged commit ab8107e into develop Feb 24, 2015
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants