[Please send follow-ups to the [email protected] list.] In certificates used for web servers, it is possible to set the clientAuth and serverAuth bits in certs offered by a browser or a web server (respectively).
Life is a little more complicated in XMPP because an XMPP server can act as a TLS client for server-to-server (s2s) connections. That is, the XMPP server that initiates the s2s connection acts as a TLS client and the XMPP server that receives the s2s connection acts as a TLS server. Therefore an XMPP server can act as either a TLS client or a TLS server. My question is: do any XMPP server codebases (or the TLS libraries they use) depend on inclusion of the clientAuth or serverAuth bits in order to function properly? The problem I foresee is that an XMPP server might fail on an attempt to encrypt an s2s connection if the cert presented by the peer server does not include the clientAuth or serverAuth bit. Thanks! /psa _______________________________________________ JDev mailing list Forum: http://www.jabberforum.org/forumdisplay.php?f=20 Info: http://mail.jabber.org/mailman/listinfo/jdev Unsubscribe: [email protected] _______________________________________________
