| Age | Commit message (Collapse) | Author |
|---|
|
|
|
|
|
|
|
Still depending on gcrypt for hashing, but this is a step towards
making that dependency optional.
|
|
|
|
|
|
Continuing replacement of libxml2, planning to use libexpat or a Rust
XML parser as an alternative for XML parsing.
|
|
|
|
|
|
The new structure (rexmpp_xml) is simpler, and should allow
manipulation from Rust without any dependency on libxml2 from the Rust
code (while Rust has its own parsers, such as rxml). Alternative XML
parsers (e.g., libexpat) now can be used from the C code.
The replacement/abstraction is not quite complete yet: the parsing
process itself (xmlParseChunk and friends) should be abstracted out.
|
|
|
|
Possibly other modules will follow. Aiming to provide memory-safe(r)
alternatives, while keeping the C versions as well.
|
|
Works with Dino and Conversations, but currently relying on external
players and streamers for actual audio playback and capture.
For now requiring GnuTLS and libnice for calls; OpenSSL should be
supported as an alternative to the former, and the latter should be
made optional, maybe with libjuice as an alternative.
|
|
Only EXTERNAL and PLAIN mechanisms are supported without it for now.
|
|
Reducing dependency on gsasl.
|
|
Libgsasl will probably be made optional, so another source of random
is needed. Libgsasl uses libgcrypt underneath. Gcrypt, unlike nettle,
handles random seeding on its own, which would be annoying to
implement for different platforms otherwise.
|
|
|
|
|
|
|
|
|
|
Just use gethostbyname when it's disabled. Possibly will add c-ares,
getaddrinfo_a, and other options in the future.
|
|
Also an option to require TLS is added.
There's no DANE TLSA checks with OpenSSL yet, TLS session resumptions
and ALPN aren't used with it; just basic connections with certificate
verification are added. And now SASL EXTERNAL authentication isn't
quite usable.
|
|
Now it builds with newer compiler and library versions, the
ones from Debian 11 repositories.
|
|
|
|
|
|
The rexmpp_jid_check function now ensures that JID parts are valid
UTF-8 strings, and that only allowed code points (per RFC 8265) are
used in those. Though there is a few more checks to perform still.
|
|
|
|
|
|
Various checks and utility functions should still be added, and it
currently relies on gpg(1) for key generation and validation, but
PEP-based key distribution and basic OpenPGP functionality are
there.
|
|
|
|
Forgot to remove <ares.h>.
|
|
|
|
libunbound supports DNSSEC, which is needed for DANE TLSA: GnuTLS
verifies a certificate for the final host, but SRV and A/AAAA records
leading to it should be verified as well.
c-ares is still used to parse domain names in SRV records, but should
be replaced soon.
|
|
Currently it is just experimental and does not affect the
verification (except for adding a delay); perhaps the verification
should be made configurable, including an option to rely on DANE.
|
|
|
|
|
|
|
