Build: #881 was successful Scheduled with changes by Guus der Kinderen and daryl herzmann <akrherz@iastate.edu>
Code commits
Openfire (master)
-
daryl herzmann <akrherz@iastate.edu> 4a5766ea068b5b54d29c64026aea4ec27b3132ec
Merge pull request #1471 from guusdk/OF-1849_Allow-startls-on-directtls-port
OF-1849 allow startls on directtls port -
daryl herzmann <akrherz@iastate.edu> b8e02dd2e70c0f8dc73dc29c96713a33abfe9599
Merge pull request #1470 from guusdk/OF-793_Unsupported-record-version
OF-793: Fixes for 'unsupported record version' exception -
daryl herzmann <akrherz@iastate.edu> e68f6537a0c7b588fda2b3ee1cefd987c0380bee
Merge pull request #1463 from guusdk/OF-1433_Allow-presence-reflection
OF-1433: Allow presence reflection -
daryl herzmann <akrherz@iastate.edu> 9cb002e96a345a963220cb0e86e457be8cc5788f
Merge pull request #1450 from guusdk/OF-1833_dns-check-xmpp-over-tls
OF-1833: Improve dns-check.jsp to include XMPP-over-TLS -
Guus der Kinderen c5cbe3282f7b7182af19b9e3a190fb0aefbc6d79
OF-793: Add comment to clarify code structure.
- xmppserver/src/main/java/org/jivesoftware/openfire/net/TLSWrapper.java (version c5cbe3282f7b7182af19b9e3a190fb0aefbc6d79)
-
Guus der Kinderen 654e7689dd3f6023780db4eac40633add26ee8f5
Add additional debug logging.
- xmppserver/src/main/java/org/jivesoftware/openfire/session/LocalOutgoingServerSession.java (version 654e7689dd3f6023780db4eac40633add26ee8f5)
-
Guus der Kinderen 429de4d58a0543de7a84949c0c3576096da7ab7d
OF-1849: Allow StartTLS on DirectTLS port
When DNS SRV records are misconfigured, connections that are expected to receive DirectTLS data could receive non-encrypted data (optionally to be encrypted with StartTLS later).
This commit adds a new configuration option 'xmpp.server.tls.on-plain-detection-allow-nondirecttls-fallback' (default: true) that can be used to toggle this behavior.- xmppserver/src/main/java/org/jivesoftware/openfire/server/ServerDialback.java (version 429de4d58a0543de7a84949c0c3576096da7ab7d)
- xmppserver/src/main/java/org/jivesoftware/openfire/session/ConnectionSettings.java (version 429de4d58a0543de7a84949c0c3576096da7ab7d)
- xmppserver/src/main/java/org/jivesoftware/openfire/session/LocalOutgoingServerSession.java (version 429de4d58a0543de7a84949c0c3576096da7ab7d)
-
Guus der Kinderen f271eba6e56a50383dbbe663563a16fbd2fc2446
OF-793: Write </stream:stream> on correct writer
This commit ensures that an end-stream tag, as written by outgoing s2s connections, is written on the proper writer. This change intends to prevent issues where plain-text '</stream:stream>' is written on socket that's supposed to be encrypted.- xmppserver/src/main/java/org/jivesoftware/openfire/server/ServerDialback.java (version f271eba6e56a50383dbbe663563a16fbd2fc2446)
-
Guus der Kinderen 2f654c8ba7a69b09ea7448873c7f76fa94837024
OF-793: Log data that triggers "Unsupported record version Unknown-" exception
With some frequency, Openfire logs exceptions with this message: "javax.net.ssl.SSLException: Unsupported record version Unknown-47.115". One source of this appears to be in S2S Dialback negotiation.
This appears to be caused by Openfire trying to parse plain-text data as TLS: the decimal representation 47 115 equals to the characters '/' and 's'. A common place for these characters to occur in XMPP would be in stream close tags: </stream:stream>.
This commit allows the content of the buffer that's being parsed by the TLS handler to be logged in its hexadecimal representation, when the exception occurs.
In a test environment, I've found this hex string to be logged by this: "3c2f73747265616d3a73747265616d3e". Converted to characters, this is: "</stream:stream>"- xmppserver/src/main/java/org/jivesoftware/openfire/net/TLSWrapper.java (version 2f654c8ba7a69b09ea7448873c7f76fa94837024)
-
Guus der Kinderen 42a4e2eca414a4e87f3b294a54635ddfa557eecf m
OF-1433: Allow presence reflection
- xmppserver/src/main/java/org/jivesoftware/openfire/handler/PresenceUpdateHandler.java (version 42a4e2eca414a4e87f3b294a54635ddfa557eecf)
- xmppserver/src/main/java/org/jivesoftware/openfire/spi/RoutingTableImpl.java (version 42a4e2eca414a4e87f3b294a54635ddfa557eecf)
-
Guus der Kinderen 2ce63c5c819179e731e4dd4e1eeeda94f2da46c6 m
OF-1833: Improve dns-check.jsp to include XMPP-over-TLS
- i18n/src/main/resources/openfire_i18n.properties (version 2ce63c5c819179e731e4dd4e1eeeda94f2da46c6)
- i18n/src/main/resources/openfire_i18n_es.properties (version 2ce63c5c819179e731e4dd4e1eeeda94f2da46c6)
- i18n/src/main/resources/openfire_i18n_ru_RU.properties (version 2ce63c5c819179e731e4dd4e1eeeda94f2da46c6)
- xmppserver/src/main/webapp/dns-check.jsp (version 2ce63c5c819179e731e4dd4e1eeeda94f2da46c6)