[ejabberd] anyone here managed to do s2s to gmail.com domain using TLS ?

Magnus Henoch magnus.henoch at gmail.com
Tue Nov 2 18:36:55 MSK 2010


Chris Maciejewski <chris at wima.co.uk> writes:

> Yes, I managed to do that by adding SRV record to the DNS server used
> by my ejabberd box.
>
> Used dnsmasqd to do it, by adding this line to /etc/dnsmasql.conf:
>
> srv-host=_xmpp-server._tcp.gmail.com,talk.google.com,5222
>
> This way ejabberd will resolved gmail.com to talk.google.com port 2222
> which is where Google hosts TLS enabled XMPP service.

But port 5222 is for _client_ connections (which certainly support starttls).

> ...However now I am facing different problem. ejabber is throwing
> "invalid namespace" error, see below:
>
> =INFO REPORT==== 2010-11-02 14:20:02 ===
> I(<0.360.0>:ejabberd_s2s_out:1158) : Trying to open s2s connection:
> xmpp.mydomain.com -> gmail.com with TLS=true
>
> =INFO REPORT==== 2010-11-02 14:20:02 ===
> I(<0.360.0>:ejabberd_s2s_out:306) : Closing s2s connection:
> xmpp.mydomain.com -> gmail.com (invalid namespace).
> Namespace provided: "jabber:client"
> Namespace expected: "jabber:server"

Which explains this error: Google believes that your ejabberd server is
a client, and therefore replies in the client namespace.

When I send the stream header in your message to Google's S2S service, I
get a stream header with no version attribute back (last line), which
implies that they do not support starttls for S2S.

$ dig srv _xmpp-server._tcp.gmail.com
[...]
_xmpp-server._tcp.gmail.com. 86400 IN   SRV     5 0 5269 xmpp-server.l.google.com.
[...]
$ telnet xmpp-server.l.google.com 5269
Trying 74.125.45.125...
Connected to xmpp-server.l.google.com.
Escape character is '^]'.
<?xml version='1.0'?><stream:stream
xmlns:stream='http://etherx.jabber.org/streams' xmlns='jabber:server'
xmlns:db='jabber:server:dialback' to='gmail.com' version='1.0'>
<stream:stream id="0430F9D5922346D5" xmlns:stream="http://etherx.jabber.org/streams" xmlns="jabber:server" xmlns:db="jabber:server:dialback">

-- 
Magnus Henoch



More information about the ejabberd mailing list