Uploaded image for project: 'ejabberd development'
  1. ejabberd development
  2. EJAB-1229

Option to enable in LDAPS verification of peer certificate

        Details

          Description

          ejabberd's LDAPS does not check the validity of the peer certificate. This is preferable in most deployments, but in some cases the admin may prefer ejabberd to check that.

          ejabberd could implement a configurable option.

          See topic 1) in https://bugs.launchpad.net/ubuntu/+source/ejabberd/+bug/252698

            Expenses

              Activity

              Ascending order - Click to sort in descending order
              Hide
              Permalink
              badlop Badlop added a comment -

              Proposed patch.

              Show
              badlop Badlop added a comment - Proposed patch.
              Hide
              Permalink
              ekhramtsov ekhramtsov added a comment -

              Done in 3.0.x and 2.1.x

              Show
              ekhramtsov ekhramtsov added a comment - Done in 3.0.x and 2.1.x
              Hide
              Permalink
              badlop Badlop added a comment -

              Note: the code included in ejabberd 2.1.x can be found in this patch:
              https://git.process-one.net/ejabberd/mainline/commit/f58d03c12e1160f40a7c38b61b0b6a47a1bc6a1b.patch

              The patch "1229-21.diff" that I attached in this ticket is old, different, and useless.

              Show
              badlop Badlop added a comment - Note: the code included in ejabberd 2.1.x can be found in this patch: https://git.process-one.net/ejabberd/mainline/commit/f58d03c12e1160f40a7c38b61b0b6a47a1bc6a1b.patch The patch "1229-21.diff" that I attached in this ticket is old, different, and useless.
              Hide
              Permalink
              badlop Badlop added a comment -

              I've committed a related small patch to 2.1.x and master:

              --- a/src/eldap/eldap.erl
+++ b/src/eldap/eldap.erl
@@ -431,8 +431,7 @@ init([]) ->
     end;
 init({Hosts, Port, Rootdn, Passwd, Opts}) ->
     catch ssl:start(),
-    {X1,X2,X3} = erlang:now(),
-    ssl:seed(integer_to_list(X1) ++ integer_to_list(X2) ++ integer_to_list(X3)),
+    ssl:seed(randoms:get_string()),
     Encrypt = case proplists:get_value(encrypt, Opts) of
                  tls -> tls;
                  _ -> none
              Show
              badlop Badlop added a comment - I've committed a related small patch to 2.1.x and master: --- a/src/eldap/eldap.erl +++ b/src/eldap/eldap.erl @@ -431,8 +431,7 @@ init([]) -> end; init({Hosts, Port, Rootdn, Passwd, Opts}) -> catch ssl:start(), - {X1,X2,X3} = erlang:now(), - ssl:seed(integer_to_list(X1) ++ integer_to_list(X2) ++ integer_to_list(X3)), + ssl:seed(randoms:get_string()), Encrypt = case proplists:get_value(encrypt, Opts) of tls -> tls; _ -> none

                People

                • Votes:
                  0 Vote for this issue
                  Watchers:
                  1 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved:

                    Development