Gajim - 2017-07-23


  1. contrapunctus mimi89999, any idea why the link from you isn't shown inline by Gajim?
  2. Link Mauve contrapunctus, most likely his server being misconfigured and not serving the proper MIME type.
  3. donniethedumbass hi
  4. contrapunctus What happened to the chat marker (?) support in Gajim? I'm still getting notified in Conversations of (MUC) messages I've already seen in Gajim...
  5. contrapunctus What happened to the chat marker (?) support in Gajim? I'm still getting notified in Conversations of (MUC) messages I've already seen in Gajim, even though I'm running nightly...
  6. SaltyBones Holger, any clue what mod_s2s_dialback is?
  7. SaltyBones Just had some problems and needed to add that.
  8. lovetox Link Mauve, do you know, as a client do i have to try to connect with TLS to a server on port 5222
  9. lovetox like could a server dont support STARTTLS on 5222
  10. lovetox and would it then be expected from the client that i try TLS
  11. lovetox or was it always a different port for TLS
  12. Link Mauve Uh?
  13. Link Mauve I don’t understand your question.
  14. lovetox if a server only support TLS on port 5222
  15. Link Mauve StartTLS can be absent from a server’s answer, in which case the RFC says to still attempt it (even though I find that quite stupid).
  16. Link Mauve Well, if it does you just connect to it?
  17. lovetox how do i know? would a connection with STARTTLS to a server that only support TLS not fail?
  18. lovetox thats my question do i have to try both on port 5222? is that intended? or should the server either use a known TLS port like 5223, or have srv entrys that tell me what is what
  19. Link Mauve What do you mean by “only support TLS”?
  20. lovetox direct TLS
  21. Link Mauve Oh, you mean the legacy one!
  22. Link Mauve Some people have been using 5223 at some point, but what you actually want is XEP-0368.
  23. lovetox yeah i know, with 0368 i know where i have to connect with what, there is no question
  24. Link Mauve But there is no point in supporting only that.
  25. lovetox but when a server doesnt support 0368. and doesnt have a xmpps._tcp srv record
  26. lovetox has only one that points to 5222
  27. lovetox am i expected to try an error, what he supports on that port?
  28. Link Mauve No, if it doesn’t support 0368, you can safely assume it doesn’t support legacy TLS.
  29. Link Mauve You may want to try on 5223, but imo that’s a waste.
  30. lovetox thanks
  31. lovetox because now gajim trys with legacy and starttls, on every known port, until it finds a successful connection
  32. lovetox i want to get rid of it
  33. lovetox use 0368
  34. lovetox and if not there, only connect with starttls
  35. Link Mauve That’s pretty stupid, indeed.
  36. Link Mauve You should do both resolvings at once, imo.
  37. lovetox that was my idea
  38. lovetox gajim has already a method that chooses based on weight
  39. lovetox but it does not query xmpps
  40. Holger SaltyBones: 'mod_s2s_dialback' must be enabled in recent ejabberd versions if you want the server to fall back to DNS-based authentication when you don't trust the remote server's certificate.
  41. SaltyBones And what is DNS based auth?
  42. SaltyBones Do I want that? Can I make the certs trusted instead?
  43. Holger example.com connects to you, you don't trust it's cert. Then you look up example.com's IP address and connect back to that one. If that's the server that initiated the original connection, you'll trust it.
  44. Holger https://xmpp.org/extensions/xep-0220.html
  45. Holger I can't tell you whether you want it, that's a policy question. You'll probably still find remote server you can't talk to if you don't do that.
  46. Holger It's the certs presented by remote servers, so you can't change them. (You could only "make them trusted" by adding their CA certificate to your trust store.)
  47. SaltyBones Yeah that s what I meant
  48. SaltyBones So this is not related to the dns entry editing auth that letsencrypt does. That s what I was wondering.
  49. Holger No.
  50. Holger It's an old mechanism that was just refactored out into a separate ejabberd module now.
  51. Holger But that's quite off-topic in here :-)