Re: [jdev] IMPORTANT www.jabber.org software listings
Dnia 2008-02-25, Pn o godzinie 01:34 +0100, Peter Saint-Andre pisze: AFAIK there is no good way to do something similar for STARTTLS connections. If you know of a way, please do let us know. This is just laziness... It's a first step. Enforcing something one does not need to make self life easier is so... government like... ;-) -- /\_./o__ Tomasz Sterna (/^/(_^^' http://www.xiaoka.com/ ._.(_.)_ im:[EMAIL PROTECTED]
Re: [jdev] IMPORTANT www.jabber.org software listings
[EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] Message-ID: [EMAIL PROTECTED] X-Sender: [EMAIL PROTECTED] Received: from ip-213-49-227-39.dsl.scarlet.be [213.49.227.39] with HTTP/1.1 (POST); Mon, 25 Feb 2008 09:54:35 +0100 User-Agent: RoundCube Webmail/0.1 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Well, we'll try to create a TLS checker in our script. Florian Jensen On Mon, 25 Feb 2008 09:42:11 +0100, Tomasz Sterna [EMAIL PROTECTED] wrote: Dnia 2008-02-25, Pn o godzinie 01:34 +0100, Peter Saint-Andre pisze: AFAIK there is no good way to do something similar for STARTTLS connections. If you know of a way, please do let us know. This is just laziness... It's a first step. Enforcing something one does not need to make self life easier is so... government like... ;-) -- Flosoft.biz / CEK Media Service CEK Media Service Seestr. 8 73773 Aichwald Germany
Re: [jdev] IMPORTANT www.jabber.org software listings
On Sun, 24 Feb 2008 18:37:10 +0100, Peter Saint-Andre wrote: The good news: we updated the jabber.org website last night to the new Drupal infrastructure. A couple of notes: - please consider using only one sidebar - http://www.jabber.org/user/register says Note: if you have an account with one of our affiliates (Drupal), you may login now instead of registering. - but logging in with a remote Drupal account doesn't appear to work. - BTW, OpenID support would be nice - but I suspect some of the Drupal modules you are using are not yet available for Drupal 6. Christof -- http://cmeerw.org sip:cmeerw at cmeerw.org mailto:cmeerw at cmeerw.org xmpp:cmeerw at cmeerw.org
Re: [jdev] IMPORTANT www.jabber.org software listings
On 25-Feb-08, at 2:44 PM, Christof Meerwald wrote: On Sun, 24 Feb 2008 18:37:10 +0100, Peter Saint-Andre wrote: The good news: we updated the jabber.org website last night to the new Drupal infrastructure. A couple of notes: - please consider using only one sidebar - http://www.jabber.org/user/register says Note: if you have an account with one of our affiliates (Drupal), you may login now instead of registering. - but logging in with a remote Drupal account doesn't appear to work. drupal.module login should be disabled, for sure. - BTW, OpenID support would be nice - but I suspect some of the Drupal modules you are using are not yet available for Drupal 6. Oh, it's available: http://drupal.org/project/openid Just needs to be downloaded and installed :) -- James Walker :: http://walkah.net/ :: xmpp:[EMAIL PROTECTED]
Re: [jdev] IMPORTANT www.jabber.org software listings
Peter Saint-Andre wrote:
Because we want to do this:
openssl s_client -connect example.com:5223 -CAfile ca.crt
AFAIK there is no good way to do something similar for STARTTLS
connections. If you know of a way, please do let us know.
adding a xmpp-starttls to s_client is not that difficult...
A patch (diff against good old openssl 0.9.8d) is attached.
Beware, detection of the starttls stream feature is not perfectly
reliable. Usage:
`openssl s_client -connect example.com:5222 -starttls xmpp -starttls_to
example.com`
--- openssl-0.9.8d/apps/s_client.c 2005-11-25 14:46:41.0 +0100
+++ openssl-0.9.8d-patched/apps/s_client.c 2007-02-22 21:39:04.0
+0100
@@ -187,6 +187,8 @@
BIO_printf(bio_err, -host host - use -connect instead\n);
BIO_printf(bio_err, -port port - use -connect instead\n);
BIO_printf(bio_err, -connect host:port - who to connect to (default is
%s:%s)\n,SSL_HOST_NAME,PORT_STR);
+BIO_printf(bio_err, -starttls_to name - use name as 'to' in xmpp
starttls mode, default is host from -connect\n);
+BIO_printf(bio_err, -starttls_from name - use name as 'from' in xmpp
s2s starttls mode\n);
BIO_printf(bio_err, -verify depth - turn on peer certificate
verification\n);
BIO_printf(bio_err, -cert arg - certificate file to use, PEM
format assumed\n);
@@ -249,6 +251,8 @@
short port=PORT;
int full_log=1;
char *host=SSL_HOST_NAME;
+char *starttls_tohost=NULL;
+ char *starttls_fromhost=NULL;
char *cert_file=NULL,*key_file=NULL;
int cert_format = FORMAT_PEM, key_format = FORMAT_PEM;
char *passarg = NULL, *pass = NULL;
@@ -327,6 +331,16 @@
if (--argc 1) goto bad;
host= *(++argv);
}
+else if (strcmp(*argv,-starttls_to) == 0)
+{
+if (--argc 1) goto bad;
+starttls_tohost= *(++argv);
+}
+else if (strcmp(*argv,-starttls_from) == 0)
+{
+if (--argc 1) goto bad;
+starttls_fromhost= *(++argv);
+}
else if (strcmp(*argv,-port) == 0)
{
if (--argc 1) goto bad;
@@ -469,6 +483,10 @@
starttls_proto = 1;
else if (strcmp(*argv,pop3) == 0)
starttls_proto = 2;
+else if (strcmp(*argv, xmpp) == 0)
+ starttls_proto = 3;
+else if (strcmp(*argv, xmpp-server) == 0)
+ starttls_proto = 4;
else
goto bad;
}
@@ -731,6 +749,60 @@
BIO_printf(sbio,STLS\r\n);
BIO_read(sbio,sbuf,BUFSIZZ);
}
+ if (starttls_proto == 3 || starttls_proto == 4)
+{
+int r;
+if (starttls_proto == 3)
+{
+BIO_printf(bio_c_out, using XMPP c2s protocol\n);
+BIO_printf(sbio,stream:stream
+
xmlns:stream='http://etherx.jabber.org/streams'
+ xmlns='jabber:client'
+ to='%s' version='1.0', starttls_tohost);
+}
+else
+{
+BIO_printf(bio_c_out, using XMPP s2s protocol\n);
+BIO_printf(sbio,stream:stream
+
xmlns:stream='http://etherx.jabber.org/streams'
+ xmlns='jabber:server'
+ xmlns:db='jabber:server:dialback'
+ to='%s' from='%s' version='1.0',
+ starttls_tohost, starttls_fromhost);
+}
+BIO_printf(bio_c_out, sent opening stream header\n);
+BIO_printf(bio_c_out, expecting for stream:features\n);
+r = BIO_read(sbio,mbuf,BUFSIZZ);
+mbuf[r] = 0;
+BIO_printf(bio_c_out, READ: %s\n, mbuf);
+while(!strstr(mbuf, starttls
xmlns='urn:ietf:params:xml:ns:xmpp-tls'))
+{
+if (strstr(mbuf, /stream:features))
+{
+BIO_printf(bio_c_out, error: no starttls stream
feature\n);
+goto shut;
+}
+r = BIO_read(sbio,mbuf,BUFSIZZ);
+mbuf[r]
Re: [jdev] IMPORTANT www.jabber.org software listings
Hey, stpeter says: FORGET THIS MESSAGE. We fixed the datbase. If information has changed, you can update it nevertheless. Greets, Florian Jensen PS: Thanks Pedro! On Sun, 24 Feb 2008 19:56:37 +0100, Tomasz Sterna [EMAIL PROTECTED] wrote: Dnia 2008-02-24, N o godzinie 18:37 +0100, Peter Saint-Andre pisze: The good news: we updated the jabber.org website last night to the new Drupal infrastructure. http://www.jabber.org/submissionguide Page not found -- Flosoft.biz / CEK Media Service CEK Media Service Seestr. 8 73773 Aichwald Germany
Re: [jdev] IMPORTANT www.jabber.org software listings
Dnia 2008-02-24, N o godzinie 18:37 +0100, Peter Saint-Andre pisze: 5. Click the Edit tab and re-add your information And what if I don't see edit tab? ;-) -- /\_./o__ Tomasz Sterna (/^/(_^^' http://www.xiaoka.com/ ._.(_.)_ im:[EMAIL PROTECTED]
Re: [jdev] IMPORTANT www.jabber.org software listings
Dnia 2008-02-24, N o godzinie 18:37 +0100, Peter Saint-Andre pisze: The good news: we updated the jabber.org website last night to the new Drupal infrastructure. http://www.jabber.org/submissionguide Page not found -- /\_./o__ Tomasz Sterna (/^/(_^^' http://www.xiaoka.com/ ._.(_.)_ im:[EMAIL PROTECTED]
Re: [jdev] IMPORTANT www.jabber.org software listings
Tomasz Sterna wrote: Dnia 2008-02-24, N o godzinie 18:37 +0100, Peter Saint-Andre pisze: The good news: we updated the jabber.org website last night to the new Drupal infrastructure. http://www.jabber.org/submissionguide Page not found Hmm I thought we had fixed all of those. The correct URL is: http://www.jabber.org/submission-guide Fixing now. Peter -- Peter Saint-Andre https://stpeter.im/ smime.p7s Description: S/MIME Cryptographic Signature
Re: [jdev] IMPORTANT www.jabber.org software listings
25 feb 2008 kl. 00.23 skrev Peter Saint-Andre: Hi, Nice going everyone! When I click on the submit library node I get an access denied on [1]. Do I need to do something or does an admin have to enable my account to be able to submit information? Cheers, Mikael Hallendal [1] http://www.jabber.org/node/add/library Tomasz Sterna wrote: Dnia 2008-02-24, N o godzinie 18:37 +0100, Peter Saint-Andre pisze: The good news: we updated the jabber.org website last night to the new Drupal infrastructure. http://www.jabber.org/submissionguide Page not found Hmm I thought we had fixed all of those. The correct URL is: http://www.jabber.org/submission-guide Fixing now. Peter -- Peter Saint-Andre https://stpeter.im/ -- Imendio AB, http://www.imendio.com
Re: [jdev] IMPORTANT www.jabber.org software listings
Mikael Hallendal wrote: 25 feb 2008 kl. 00.23 skrev Peter Saint-Andre: Hi, Nice going everyone! Not so nice yet. More bugs than I care to name... :( When I click on the submit library node I get an access denied on [1]. Do I need to do something or does an admin have to enable my account to be able to submit information? You need to be granted content creator privileges. One of the website admins can do this for you. Like me or Florian Jensen. I would have done it already but it seems you didn't use one of your usual nicks. ;-) Peter -- Peter Saint-Andre https://stpeter.im/ smime.p7s Description: S/MIME Cryptographic Signature
Re: [jdev] IMPORTANT www.jabber.org software listings
25 feb 2008 kl. 00.55 skrev Peter Saint-Andre: Hi, Mikael Hallendal wrote: 25 feb 2008 kl. 00.23 skrev Peter Saint-Andre: Hi, Nice going everyone! Not so nice yet. More bugs than I care to name... :( When I click on the submit library node I get an access denied on [1]. Do I need to do something or does an admin have to enable my account to be able to submit information? You need to be granted content creator privileges. One of the website admins can do this for you. Like me or Florian Jensen. I would have done it already but it seems you didn't use one of your usual nicks. ;-) Oh, but I did, maybe you just didn't know about it? ;) hallski is the account. Thanks, Micke Peter -- Peter Saint-Andre https://stpeter.im/ -- Imendio AB, http://www.imendio.com
Re: [jdev] IMPORTANT www.jabber.org software listings
Dnia 2008-02-24, N o godzinie 18:37 +0100, Peter Saint-Andre pisze: The good news: we updated the jabber.org website last night to the new Drupal infrastructure. Why do you require services to be listed on the public im services list, to run an SSL-only port for client connections? This is non-standard, undocumented and legacy. I thought we wanted to encourage use of STARTTLS not the legacy SSL wrapper. -- /\_./o__ Tomasz Sterna (/^/(_^^' http://www.xiaoka.com/ ._.(_.)_ im:[EMAIL PROTECTED]
Re: [jdev] IMPORTANT www.jabber.org software listings
Dnia 2008-02-25, Pn o godzinie 01:16 +0100, Peter Saint-Andre pisze: Because we want to do this: openssl s_client -connect example.com:5223 -CAfile ca.crt AFAIK there is no good way to do something similar for STARTTLS connections. If you know of a way, please do let us know. This is just laziness... Write a proper custom check tool. You will gather more information with it, beside the certificate. -- /\_./o__ Tomasz Sterna (/^/(_^^' http://www.xiaoka.com/ ._.(_.)_ im:[EMAIL PROTECTED]
Re: [jdev] IMPORTANT www.jabber.org software listings
Tomasz Sterna wrote: Dnia 2008-02-25, Pn o godzinie 01:16 +0100, Peter Saint-Andre pisze: Because we want to do this: openssl s_client -connect example.com:5223 -CAfile ca.crt AFAIK there is no good way to do something similar for STARTTLS connections. If you know of a way, please do let us know. This is just laziness... It's a first step. Write a proper custom check tool. You will gather more information with it, beside the certificate. Feel free to join the web team and help out. Peter -- Peter Saint-Andre https://stpeter.im/ smime.p7s Description: S/MIME Cryptographic Signature
