mirror of
https://github.com/processone/ejabberd.git
synced 2024-06-20 22:22:09 +02:00
brokerbrokerschatejabberderlanggroupchatiotjabberjabber-servermessagingmqttpubsubserversipsip-serverstunturnvoipxmpp
86e17c379c
Prior to this commit, ejabberd handled certificate authentication for incoming s2s connections like this: 1. Verify the certificate without checking the host name. On failure, behave according to 's2s_use_starttls'. On success: 2. Offer SASL EXTERNAL. 3. If the remote server chooses SASL EXTERNAL, compare the authorization identity against the certificate host name(s). On failure, abort the connection unconditionally. ejabberd now does this instead: 1. Verify the certificate and compare the certificate host name(s) against the 'from' attribute of the stream header. On failure, behave according to 's2s_use_starttls'. On success: 2. Offer SASL EXTERNAL. 3. If the remote server chooses SASL EXTERNAL, ignore the authorization identity (if any) and consider the peer authenticated. The old behavior was suggested by previous versions of XEP-0178, the new behavior is suggested by the current version 1.1. |
||
|---|---|---|
| asn1 | ||
| contrib/extract_translations | ||
| doc | ||
| examples | ||
| include | ||
| m4 | ||
| priv/msgs | ||
| rel | ||
| sql | ||
| src | ||
| test | ||
| tools | ||
| win32 | ||
| .gitignore | ||
| autogen.sh | ||
| configure | ||
| configure.ac | ||
| configure.bat | ||
| COPYING | ||
| ejabberd.init.template | ||
| ejabberd.yml.example | ||
| ejabberdctl.cfg.example | ||
| ejabberdctl.template | ||
| inetrc | ||
| install-sh | ||
| Makefile.in | ||
| Makefile.win32 | ||
| README | ||
| rebar | ||
| rebar.config.script | ||
| vars.config.in | ||
ejabberd - High-Performance Enterprise Instant Messaging Server Quickstart guide 0. Requirements To compile ejabberd you need: - GNU Make - GCC - Libexpat 1.95 or higher - Libyaml 1.4 or higher - Erlang/OTP R15B or higher. - OpenSSL 0.9.8 or higher, for STARTTLS, SASL and SSL encryption. - Zlib 1.2.3 or higher, for Stream Compression support (XEP-0138). Optional. - PAM library. Optional. For Pluggable Authentication Modules (PAM). - GNU Iconv 1.8 or higher, for the IRC Transport (mod_irc). Optional. Not needed on systems with GNU Libc. - ImageMagick's Convert program. Optional. For CAPTCHA challenges. - exmpp 0.9.6 or higher. Optional. For import/export XEP-0227 files. 1. Compile and install on *nix systems To compile ejabberd execute the commands: ./configure make To install ejabberd, run this command with system administrator rights (root user): sudo make install These commands will: - Install the configuration files in /etc/ejabberd/ - Install ejabberd binary, header and runtime files in /lib/ejabberd/ - Install the administration script: /sbin/ejabberdctl - Install ejabberd documentation in /share/doc/ejabberd/ - Create a spool directory: /var/lib/ejabberd/ - Create a directory for log files: /var/log/ejabberd/ 2. Start ejabberd You can use the ejabberdctl command line administration script to start and stop ejabberd. For example: ejabberdctl start For detailed information please refer to the ejabberd Installation and Operation Guide