Build: #31 was successful Scheduled with changes by Guus der Kinderen
Code commits
Openfire (master)
-
Guus der Kinderen 26875ddee2ec4135e0fe23b6201629d30aa5d37e
Add additional debug logging.
- xmppserver/src/main/java/org/jivesoftware/openfire/session/LocalOutgoingServerSession.java (version 26875ddee2ec4135e0fe23b6201629d30aa5d37e)
-
Guus der Kinderen b7aab55f4b2760a2317c1014ed1d2c0762037b69
OF-1849: Allow StartTLS on DirectTLS port
When DNS SRV records are misconfigured, connections that are expected to receive DirectTLS data could receive non-encrypted data (optionally to be encrypted with StartTLS later).
This commit adds a new configuration option 'xmpp.server.tls.on-plain-detection-allow-nondirecttls-fallback' (default: true) that can be used to toggle this behavior.- xmppserver/src/main/java/org/jivesoftware/openfire/server/ServerDialback.java (version b7aab55f4b2760a2317c1014ed1d2c0762037b69)
- xmppserver/src/main/java/org/jivesoftware/openfire/session/ConnectionSettings.java (version b7aab55f4b2760a2317c1014ed1d2c0762037b69)
- xmppserver/src/main/java/org/jivesoftware/openfire/session/LocalOutgoingServerSession.java (version b7aab55f4b2760a2317c1014ed1d2c0762037b69)
-
Guus der Kinderen 7c63408f78c089679a9424f294e54a7f26befbdb
OF-793: Add comment to clarify code structure.
- xmppserver/src/main/java/org/jivesoftware/openfire/net/TLSWrapper.java (version 7c63408f78c089679a9424f294e54a7f26befbdb)
-
Guus der Kinderen 0e41d3ea29f6bcd1c98b838d40fd55b9e1a60d8d
OF-793: Write </stream:stream> on correct writer
This commit ensures that an end-stream tag, as written by outgoing s2s connections, is written on the proper writer. This change intends to prevent issues where plain-text '</stream:stream>' is written on socket that's supposed to be encrypted.- xmppserver/src/main/java/org/jivesoftware/openfire/server/ServerDialback.java (version 0e41d3ea29f6bcd1c98b838d40fd55b9e1a60d8d)
-
Guus der Kinderen 91118086f76d43cb6484fa08696c92ac610b71d0
OF-793: Log data that triggers "Unsupported record version Unknown-" exception
With some frequency, Openfire logs exceptions with this message: "javax.net.ssl.SSLException: Unsupported record version Unknown-47.115". One source of this appears to be in S2S Dialback negotiation.
This appears to be caused by Openfire trying to parse plain-text data as TLS: the decimal representation 47 115 equals to the characters '/' and 's'. A common place for these characters to occur in XMPP would be in stream close tags: </stream:stream>.
This commit allows the content of the buffer that's being parsed by the TLS handler to be logged in its hexadecimal representation, when the exception occurs.
In a test environment, I've found this hex string to be logged by this: "3c2f73747265616d3a73747265616d3e". Converted to characters, this is: "</stream:stream>"- xmppserver/src/main/java/org/jivesoftware/openfire/net/TLSWrapper.java (version 91118086f76d43cb6484fa08696c92ac610b71d0)
-
Guus der Kinderen 0e9a02d0a2330de98d1ed09b2ec93e210d7a6e02
OF-1433: Allow presence reflection
- xmppserver/src/main/java/org/jivesoftware/openfire/handler/PresenceUpdateHandler.java (version 0e9a02d0a2330de98d1ed09b2ec93e210d7a6e02)
- xmppserver/src/main/java/org/jivesoftware/openfire/spi/RoutingTableImpl.java (version 0e9a02d0a2330de98d1ed09b2ec93e210d7a6e02)
-
Guus der Kinderen 28293b9a8b3910d5fea8f91def1b7e6a3705ac99
OF-1833: Improve dns-check.jsp to include XMPP-over-TLS
- i18n/src/main/resources/openfire_i18n.properties (version 28293b9a8b3910d5fea8f91def1b7e6a3705ac99)
- i18n/src/main/resources/openfire_i18n_es.properties (version 28293b9a8b3910d5fea8f91def1b7e6a3705ac99)
- i18n/src/main/resources/openfire_i18n_ru_RU.properties (version 28293b9a8b3910d5fea8f91def1b7e6a3705ac99)
- xmppserver/src/main/webapp/dns-check.jsp (version 28293b9a8b3910d5fea8f91def1b7e6a3705ac99)