-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathREADME
101 lines (82 loc) · 4.69 KB
/
README
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
CRYPT-CR
Server: uniq, salt
Client: SHA256(uniq ":" crypt(salt, passwd)) XOR passwd
SETTING UP DNS
You need a record like this in your DNS server configuration:
_xmpp-server._tcp IN SRV 0 10 5222 xmpp
xmpp is the hostname of the server the vink daemon is running on. If your
domain is "example.org", this would mean "host.example.org" handles the
"user@example.org" addresses.
SETTING UP TLS
A TLS server needs a private key and a certificate that verifies the owner
of this private key. The certificate is usually provided by a Certificate
Authority (CA).
To create the private key, run:
openssl genrsa -out /etc/vink.d/privkey.pem
To create a certificate signing request for this key, run:
openssl req -key /etc/vink.d/privkey.pem -new -out key.csr
The "Common Name" certificate parameter is what software will look at to
verify host names. If your server is hosting "user@example.org", you need to
enter "example.org" as your Common Name.
Now you submit the "key.csr" file to a Certificate Authority, and you will
get a certificate chain in return. Save that file as
"/etc/vink.d/certiciates.pem". The reason why we call it a chain, is that
there may be a series of certificates verifying each other, before ultimately
ending up with a signature from someone trusted by all the major operating
systems.
You do not need the certificate from a Certificate Authority if you're only
doing testing, or running on a closed network. To sign your own certiicate,
run this command instead of the second command:
openssl req -key /etc/vink.d/privkey.pem -new -x509 -out /etc/vink.d/certificates.pem
SSL test:
openssl s_client -CAfile /etc/ssl/certs/ca-certificates.crt -host wave.rashbox.org -port 5222
Discovery result from acmewave.com 2009-11-07
<iq type="result" id="157-3" from="acmewave.com" to="rashbox.org">
<query xmlns="http://jabber.org/protocol/disco#info">
<identity category="server" name="Openfire Server" type="im"/>
<identity category="pubsub" type="pep"/>
<feature var="google:jingleinfo"/>
<feature var="http://jabber.org/protocol/address"/>
<feature var="http://jabber.org/protocol/commands"/>
<feature var="http://jabber.org/protocol/disco#info"/>
<feature var="http://jabber.org/protocol/disco#items"/>
<feature var="http://jabber.org/protocol/offline"/>
<feature var="http://jabber.org/protocol/pubsub"/>
<feature var="http://jabber.org/protocol/pubsub#collections"/>
<feature var="http://jabber.org/protocol/pubsub#config-node"/>
<feature var="http://jabber.org/protocol/pubsub#create-and-configure"/>
<feature var="http://jabber.org/protocol/pubsub#create-nodes"/>
<feature var="http://jabber.org/protocol/pubsub#default_access_model_open"/>
<feature var="http://jabber.org/protocol/pubsub#delete-nodes"/>
<feature var="http://jabber.org/protocol/pubsub#get-pending"/>
<feature var="http://jabber.org/protocol/pubsub#instant-nodes"/>
<feature var="http://jabber.org/protocol/pubsub#item-ids"/>
<feature var="http://jabber.org/protocol/pubsub#manage-subscriptions"/>
<feature var="http://jabber.org/protocol/pubsub#meta-data"/>
<feature var="http://jabber.org/protocol/pubsub#modify-affiliations"/>
<feature var="http://jabber.org/protocol/pubsub#multi-subscribe"/>
<feature var="http://jabber.org/protocol/pubsub#outcast-affiliation"/>
<feature var="http://jabber.org/protocol/pubsub#persistent-items"/>
<feature var="http://jabber.org/protocol/pubsub#presence-notifications"/>
<feature var="http://jabber.org/protocol/pubsub#publish"/>
<feature var="http://jabber.org/protocol/pubsub#publisher-affiliation"/>
<feature var="http://jabber.org/protocol/pubsub#purge-nodes"/>
<feature var="http://jabber.org/protocol/pubsub#retract-items"/>
<feature var="http://jabber.org/protocol/pubsub#retrieve-affiliations"/>
<feature var="http://jabber.org/protocol/pubsub#retrieve-default"/>
<feature var="http://jabber.org/protocol/pubsub#retrieve-items"/>
<feature var="http://jabber.org/protocol/pubsub#retrieve-subscriptions"/>
<feature var="http://jabber.org/protocol/pubsub#subscribe"/>
<feature var="http://jabber.org/protocol/pubsub#subscription-options"/>
<feature var="http://jabber.org/protocol/rsm"/>
<feature var="jabber:iq:last"/>
<feature var="jabber:iq:privacy"/>
<feature var="jabber:iq:private"/>
<feature var="jabber:iq:register"/>
<feature var="jabber:iq:roster"/>
<feature var="jabber:iq:time"/>
<feature var="jabber:iq:version"/>
<feature var="urn:xmpp:ping"/>
<feature var="vcard-temp"/>
</query>
</iq>