Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Initial rough dialback support #18

Merged
merged 27 commits into from
Feb 24, 2015
Merged

Initial rough dialback support #18

merged 27 commits into from
Feb 24, 2015

Conversation

jhass
Copy link
Member

@jhass jhass commented Aug 21, 2014

@zauberstuhl
Copy link

related to #18

@zauberstuhl zauberstuhl mentioned this pull request Aug 21, 2014
Open
@jhass jhass force-pushed the dialback branch 2 times, most recently from 38cc260 to e703cdd Compare August 22, 2014 21:02
@zauberstuhl zauberstuhl added this to the next milestone Sep 1, 2014
@zauberstuhl zauberstuhl modified the milestones: next-next, next Sep 3, 2014
@zauberstuhl zauberstuhl modified the milestones: next-build, next-minor Oct 29, 2014
@zauberstuhl
Copy link

It still wont work for me :( It close connection after lib/vines/stream/server/outbound/tls.rb:

// edit shortened

@jhass
Copy link
Member Author

jhass commented Nov 20, 2014

Ah yes, that's probably the open point "Stop offering SASL external if cert invalid"

zauberstuhl
zauberstuhl reviewed Dec 10, 2014
View reviewed changes
lib/vines/stream.rb
@@ -201,6 +202,12 @@ def router
@config.router
end

# Returns the current +State+ of the stream's state machine. Provided as a
# method so subclasses can override the behavior.
def state
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

forgot to remove the state definition at line 301?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Eh, yes.

@zauberstuhl zauberstuhl modified the milestones: next-build, 0.1.26 Dec 28, 2014
jhass
jhass reviewed Jan 20, 2015
View reviewed changes
lib/vines/stream/server/outbound/auth.rb
secret = Kit.auth_token
dialback_key = Kit.dialback_key(secret, stream.remote_domain, stream.domain, stream.id)

stream.write(%Q(<db:result from="#{stream.domain}" to="#{stream.remote_domain}">#{dialback_key}</db:result>))
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is where the initiating server initiates the dialback procedure, since it isn't offered SASL authentication because the server it connects to couldn't validate our certificate on one of its outbound connections. Is that the part you're missing maybe?

@zauberstuhl zauberstuhl changed the title Initial rough dialback support [WIP] Initial rough dialback support Jan 27, 2015
jhass and others added 26 commits February 24, 2015 22:44
@jhass
add vendor/ruby and vines.log to .gitignore
28b3671
@jhass
sign test certificate to avoid errors on recent OpenSSL versions
d504b5f
@jhass
Stage 2
f119a62 
* Revert using sets for router collections
* Introduce Node utility module to hold utility functions, move some
  there
* Find outbound stream in dialback by id
Implement Initiating and Authoritative handling
016389b 
in respect of XEP-0220
Remove stream from routing table
fb78234 
We added it to find it later so we
have to remove it after reusing,
otherwise stanza will be pushed into void.
Delete duplicate state function
347d02b
Update stream ID via Sring or Node
96618d9
Update stream id immediately after stream_header
7f8c286
No need for stream features while authoritative request
6eb9901
Server class should be aware of the authoritative request
a1de64f
Add s2s force encryption option to host config
b696dc1
Accept all certificates to restart the stream later
5a5628e 
In respect of falling back to dialback we
have to accept the certificate and remember
the failed validation later.
Enable TLS for s2s inbound and outbound
8fb96b4
Remember whether tls is required on outbound
8c5c446 
If it is required we have to close the stream
instead of restarting and falling back to dialback.
Restart authentication on inbound if tls fails
e672b51 
or continue with SASL authentication.
Close the stream if force_s2s_encryption is set!
Add tls flag to stream:features if forcing encryption
b62793a
Add unit tests for dialback stream feature
948952a
Fixed Boolean check in server class
4ddd63c
Add missing dialback namespace to stanza
c667dd4
Fixed db outbound tests
1fe9096
Cleaned and fixed results from code review
580fc8c 
* Added missing namespaces
* Removed test skip flags
Moving dialback verify stanza to auth layer
22342d8
According to RFC it is optional to skip stream features
ac08033 
* Moving callback to auth layer
Returns useless string; Using slash construct
f3dfa0c
Fixed missing whitespace character in result request
83da255
Moved dialback_verify_key test to auth layer
427f37c
@zauberstuhl zauberstuhl changed the title [WIP] Initial rough dialback support Initial rough dialback support Feb 24, 2015
zauberstuhl pushed a commit that referenced this pull request Feb 24, 2015
Merge pull request #18 from diaspora/dialback
ab8107e 
Initial rough dialback support
@zauberstuhl zauberstuhl merged commit ab8107e into develop Feb 24, 2015
@zauberstuhl zauberstuhl mentioned this pull request May 30, 2015
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
feature
Projects
None yet
Milestone
0.1.27
Development

Successfully merging this pull request may close these issues.
2 participants
@jhass @zauberstuhl