[ejabberd] Compliance Tester and XEP-0368

Nk nk at os.vu
Sun Nov 5 17:04:50 MSK 2017


Hi all

I’m running the compliance tester against an instance of aenigma [https://github.com/openspace42/aenigma], my ejabberd server automation project.

It’s running ejabberd v17.08.

I’m getting this result from a compliance test [https://github.com/iNPUTmice/ComplianceTester]

running XEP-0357: Push Notifications… FAILED
running XEP-0368: SRV records for XMPP over TLS… FAILED
running XEP-0384: OMEMO Encryption… FAILED
running XEP-0313: Message Archive Management (MUC)… FAILED
passed 11/15

I know 0357 is not yet supported and 0368 should work in v17.09 [does it?], but I can’t try this at the moment. I also know that one component is missing for 0384 [any news on this?].

I don’t understand why 0313 would fail. This is my config:

mod_muc:
    host: "xc. at HOST@"
    access:
      - allow
    access_admin:
      - allow: admin
    access_create: muc_create
    access_persistent: muc_create
    history_size: 0
    default_room_options:
      mam: true
      allow_subscription: true

mod_mam:
    default: always
    cache_size: 1048576
    cache_life_time: 2678400

Any ideas? Conversations correctly figures out the xc. at HOST@ part, so that’s not the issue I think [I like short domains, that’s just me ;]

Also, I have a broad question about 0368. Theoretically its use is to specify an SRV record for xmpps connections [either on port 5223 or 443] if I understand correctly. But what is ejabberd’s role in this? What actually changes in v17.09? And what clients read this behaviour and act upon it?

And when using port 5223, are all services, even those running on different ports like HTTP Upload on 5444, make available for the client on port 5223?

I’m using SSLH to accept c2s connections on port 443 that then go to port 5222 [https://github.com/openspace42/aenigma/blob/master/conf/sslh/etc-sslh-v1.18], but of course HTTP uploads still don’t work. Someone on the SSLH ml suggested I use port 5223 with ALPN, but how does that help, if 5223 doesn’t allow HTTP uploads for instance?

I’ve tried with Conversations but neither does it switch automatically to ports 5223 or 443 [even though I do have xmpps-client SRV records with high priorities for these ports], and even if I manually set port 5223 or 443 in the advanced options section, HTTP uploads fail from behind a firewall that blocks port 5444. How does a client know when to override port 5444 as defined in put_url?

In general, what on earth is the actual XEP / standard for dealing with all connections on one single port [even 5223 is ok, then I’ll work out how to multiplex it on 443 with SSLH]?

I basically need a client to work with port 443 for all services, this is a must have if we want to work at a user-friendliness level like that of Signal [right, @weiss? ;]

Thanks in advance and sorry for the noob-level question.


Nk

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.jabber.ru/pipermail/ejabberd/attachments/20171105/47657f1a/attachment.html>


More information about the ejabberd mailing list