XEP-0388 says: "SASL2 MUST only be used by Clients or offered by Servers
after TLS negotiation". Therefore, we reject SASL2 negotiations over
unencrypted transports by default. However, TLS might be terminated
outside of ejabberd. Add the 'allow_unencrypted_sasl2' option to
support this use case.
This allows connections to server that have both xmpps-server and xmpp-server
srv entries, for which xmpps version doesn't work correctly. Before this
change we would stop on non-working xmpps server, now we will also attempt
to connect further servers on list.
How to use:
- Compile ejabberd with Rebar3
- Start ejabberd with "make relive"
- Edit some ejabberd source code file
- Save the file, and Sync will compile and reload it automatically
I've added src_dirs option so Sync doesn't act on dependencies,
which would produce many garbage log lines.
However, now it only works if the parent directory is named "ejabberd"
Sync requires at least Erlang/OTP 21, which introduced the
new try-catch syntax to retrieve the stacktrace
https://www.erlang.org/patches/otp-21.0
References:
https://hex.pm/packages/synchttps://github.com/rustyio/sync
base64url is not called directly in ejabberd code since e227940,
it is only required by p1_acme and erlang-jose 1.11.1
erlang-jose 1.11.1 defines base64url dependency as an hex package,
and rebar2 is not able to download it.
For that reason, when compiling ejabberd with rebar2,
we provide a rebar2-friendly base64url dependency definition.
That way when jose is downloaded, that dependency is already available.
Previously, preparing translations required rebar3 and:
./configure --enable-tools
make
make translations
With this change it works with rebar3 and mix, just running:
./configure
make translations
Adding ejabberd_po to gitonly_deps isn't strictly needed,
because we request a branch in the ejabberd-po git repository,
and rebar.config.script understands that this means ejabberd_po
should be downloaded from git, not hex.pm.
Elixir is standalone since years ago. When Elixir support is required,
better simply install Elixir and use Mix as build tool.
Or install Elixir and use the experimental Rebar3 support to compile
Elixir files and dependencies.
Looks like clients using strophejs aren't able to authenticate when we
add data required by that spec to scram packets, so at least give a way
to disable this until clients will be fixed.
This makes scram downgrade protection hash calculation work properly when
using non -plus sasl mechanism or when stream is not encrypted
This should fix issue #4123.