[EJAB-1229] Option to enable in LDAPS verification of peer certificate - ProcessOne - Support

Details

Type: Improvement
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: ejabberd 2.1.4, ejabberd 3.0.0-alpha-1
Component/s: LDAP
Labels:
None

Company:
process-one.net (Find related issues)
Last commented by user ?:
false

Description

ejabberd's LDAPS does not check the validity of the peer certificate. This is preferable in most deployments, but in some cases the admin may prefer ejabberd to check that.

ejabberd could implement a configurable option.

See topic 1) in https://bugs.launchpad.net/ubuntu/+source/ejabberd/+bug/252698

Options
- Sort By Name
- Sort By Date
- Ascending
- Descending
- Download All

Attachments

1229-21.diff

07/05/10 16:39

5 kB

Badlop

Activity

Ascending order - Click to sort in descending order

Hide

Permalink

Badlop added a comment - 07/05/10 16:39

Proposed patch.

Show

Badlop added a comment - 07/05/10 16:39 Proposed patch.

Hide

Permalink

ekhramtsov added a comment - 10/05/10 11:59

Done in 3.0.x and 2.1.x

Show

ekhramtsov added a comment - 10/05/10 11:59 Done in 3.0.x and 2.1.x

Hide

Permalink

Badlop added a comment - 10/05/10 12:58

Note: the code included in ejabberd 2.1.x can be found in this patch:
https://git.process-one.net/ejabberd/mainline/commit/f58d03c12e1160f40a7c38b61b0b6a47a1bc6a1b.patch

The patch "1229-21.diff" that I attached in this ticket is old, different, and useless.

Show

Badlop added a comment - 10/05/10 12:58 Note: the code included in ejabberd 2.1.x can be found in this patch: https://git.process-one.net/ejabberd/mainline/commit/f58d03c12e1160f40a7c38b61b0b6a47a1bc6a1b.patch The patch "1229-21.diff" that I attached in this ticket is old, different, and useless.

Hide

Permalink

Badlop added a comment - 10/05/10 15:40

I've committed a related small patch to 2.1.x and master:

--- a/src/eldap/eldap.erl
+++ b/src/eldap/eldap.erl
@@ -431,8 +431,7 @@ init([]) ->
     end;
 init({Hosts, Port, Rootdn, Passwd, Opts}) ->
     catch ssl:start(),
-    {X1,X2,X3} = erlang:now(),
-    ssl:seed(integer_to_list(X1) ++ integer_to_list(X2) ++ integer_to_list(X3)),
+    ssl:seed(randoms:get_string()),
     Encrypt = case proplists:get_value(encrypt, Opts) of
                  tls -> tls;
                  _ -> none

Show

Badlop added a comment - 10/05/10 15:40 I've committed a related small patch to 2.1.x and master: --- a/src/eldap/eldap.erl +++ b/src/eldap/eldap.erl @@ -431,8 +431,7 @@ init([]) -> end; init({Hosts, Port, Rootdn, Passwd, Opts}) -> catch ssl:start(), - {X1,X2,X3} = erlang:now(), - ssl:seed(integer_to_list(X1) ++ integer_to_list(X2) ++ integer_to_list(X3)), + ssl:seed(randoms:get_string()), Encrypt = case proplists:get_value(encrypt, Opts) of tls -> tls; _ -> none

People

Assignee:

ekhramtsov

Reporter:

Badlop

Participants:

Badlop, ekhramtsov

Votes:

0 Vote for this issue

Watchers:

1 Start watching this issue

Dates

Created:

07/05/10 16:38

Updated:

10/05/10 15:40

Resolved:

10/05/10 11:59

Development

Create branch

Agile

View on Board