There's a specific kind of SSL certificate to be set up in this case, you just can't use the same certificate used by a web server for example. Our CA gives us the possibility to issue a jabber-specific-certificate without any burden. The main blockers I currently see are:
1. SSL, is it really broken? the Openfire team released 3.8.1 on the 3rd of March 2013, is that version still broken or supposed to be in regard of SSL? 2. should we integrate it with LDAP as we do now? this is indeed nice but it takes in some security exposures, also there is no easy way for Foundation members without a Git account to request their password reset on their own (all the resets should be done by hand by me) 3. Foundation members need to be added on LDAP (still), thus there is no easy way for the server to authenticate an user against a specific LDAP entry, so ideally even someone not being a Foundation member (but with a git account and an LDAP password for the user) could connect to jabber.gnome.org. This takes in another problem, is the service supposed for Foundation members or for the "big public"? (where "big public" means all the GNOME contributors having a Git account) 2013/3/14 Olav Vitters <o...@vitters.nl> > On Tue, Mar 12, 2013 at 09:26:33AM +0100, Bastien Nocera wrote: > > to maintain the OpenFire Jabber server. First, as Olav mentioned, > > there's no SSL support for a service where you would expect privacy. > > There is SSL. Just that: > 1) they broke it in a newer version and never fixed it in any > reasonable timeframe (3 months) > 2) getting the certificate installed was a complete mess. Had to convert > the standard certificate in some terrible format and took a lot of > effort to figure out. > > Current server does SSL IIRC. Though maybe by now it expired again. > > > What I had to go through for SSL: > https://bugzilla.gnome.org/show_bug.cgi?id=592836#c8 > > Couldn't quickly see the bug about openfire messing up their SSL > support. 'Fix' was easy though, downgrading. > > -- > Regards, > Olav > _______________________________________________ > foundation-list mailing list > foundation-list@gnome.org > https://mail.gnome.org/mailman/listinfo/foundation-list > -- Cheers, Andrea Debian Developer, Fedora / EPEL packager, GNOME Sysadmin, GNOME Foundation Membership & Elections Committee Chairman Homepage: http://www.gnome.org/~av
_______________________________________________ foundation-list mailing list foundation-list@gnome.org https://mail.gnome.org/mailman/listinfo/foundation-list
