diff options
| author | Holger Weiss <holger@zedat.fu-berlin.de> | 2014-04-23 11:45:17 +0200 |
|---|---|---|
| committer | Holger Weiss <holger@zedat.fu-berlin.de> | 2014-04-23 11:45:17 +0200 |
| commit | 86e17c379c22b79120d7c15e8b3366637a08dc84 (patch) | |
| tree | cec2df38d868db9e4e793d11fcd192470ce82293 /src/ejabberd_commands.erl | |
| parent | Fix extraction of host names from certificates (diff) | |
Verify host name before offering SASL EXTERNAL
Prior to this commit, ejabberd handled certificate authentication for
incoming s2s connections like this:
1. Verify the certificate without checking the host name. On failure,
behave according to 's2s_use_starttls'. On success:
2. Offer SASL EXTERNAL.
3. If the remote server chooses SASL EXTERNAL, compare the authorization
identity against the certificate host name(s). On failure, abort the
connection unconditionally.
ejabberd now does this instead:
1. Verify the certificate and compare the certificate host name(s)
against the 'from' attribute of the stream header. On failure,
behave according to 's2s_use_starttls'. On success:
2. Offer SASL EXTERNAL.
3. If the remote server chooses SASL EXTERNAL, ignore the authorization
identity (if any) and consider the peer authenticated.
The old behavior was suggested by previous versions of XEP-0178, the new
behavior is suggested by the current version 1.1.
Diffstat (limited to 'src/ejabberd_commands.erl')
0 files changed, 0 insertions, 0 deletions