| Age | Commit message (Collapse) | Author |
|---|
|
Only EXTERNAL and PLAIN mechanisms are supported without it for now.
|
|
Libgsasl will probably be made optional, so another source of random
is needed. Libgsasl uses libgcrypt underneath. Gcrypt, unlike nettle,
handles random seeding on its own, which would be annoying to
implement for different platforms otherwise.
|
|
|
|
|
|
Just use gethostbyname when it's disabled. Possibly will add c-ares,
getaddrinfo_a, and other options in the future.
|
|
|
|
|
|
|
|
|
|
Also an option to require TLS is added.
There's no DANE TLSA checks with OpenSSL yet, TLS session resumptions
and ALPN aren't used with it; just basic connections with certificate
verification are added. And now SASL EXTERNAL authentication isn't
quite usable.
|
|
Now it builds with newer compiler and library versions, the
ones from Debian 11 repositories.
|
|
The rexmpp_jid_check function now ensures that JID parts are valid
UTF-8 strings, and that only allowed code points (per RFC 8265) are
used in those. Though there is a few more checks to perform still.
|
|
Various checks and utility functions should still be added, and it
currently relies on gpg(1) for key generation and validation, but
PEP-based key distribution and basic OpenPGP functionality are
there.
|
|
|
|
libunbound supports DNSSEC, which is needed for DANE TLSA: GnuTLS
verifies a certificate for the final host, but SRV and A/AAAA records
leading to it should be verified as well.
c-ares is still used to parse domain names in SRV records, but should
be replaced soon.
|
|
Currently it is just experimental and does not affect the
verification (except for adding a delay); perhaps the verification
should be made configurable, including an option to rely on DANE.
|
|
|
