mirrors/git-annex
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages 1 Wiki Activity Actions

Added a comment

Browse source
This commit is contained in:
https://john-millikin.com/ 2013-07-22 01:50:41 +00:00 committed by admin
commit 109ae4b6b3
1 changed files with 16 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

16
doc/bugs/cannot_connect_to_xmpp_server/comment_11_4d4abd00b5568e2afbb958ce219b786a._comment Normal file
View file

@ -0,0 +1,16 @@
[[!comment format=mdwn
username="https://john-millikin.com/"
nickname="John Millikin"
subject="comment 11"
date="2013-07-22T01:50:40Z"
content="""
(I'm the author of the XMPP library git-annex uses)
The biggest issue I can think of with continuing in the absence of a <features> element is authentication. Without <features> the client library is not able to know which SASL mechanisms are supported, so it can't authenticate.
It is possible to modify the XMPP library such that it can work around the problems exibited by this server software (adding a timeout to <features> receipt, hardcoding a fallback SASL list), but I very much do not want to do that because it would almost certainly cause unexpected behavior when used with properly working servers.
According to http://www.mail-archive.com/jdev@jabber.org/msg10598.html , jabberd-1.4.3 was released in 2003. Since its release, there have been multiple severe security issues discovered, including a remote crash (see http://mail.jabber.org/pipermail/jabberd/2004-September/002004.html and http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1378 ).
In my opinion, the best course of action is for Daniel to switch to a different Jabber server software, preferably one that is still actively maintained.
"""]]