Discussion:
[Exodus-dev] Help with certificates
Vinod Panicker
2006-03-22 09:21:19 UTC
Permalink
Hi,

I'm trying to get exodus to login to my server using SASL EXTERNAL.
What format does the certificate need to be in?

Anything else that I have to keep in mind?

Regards,
Vinod.
Peter Millard
2006-03-24 00:43:08 UTC
Permalink
I've done my testing with .PEM certificates which is normally what
openssl gives you. Note that you'll need to use the latest build of
Exodus in order for the SASL EXTERNAL stuff to work. Obviously, your
server needs to send it back as a possible mechanism as well :) Make
sure the cert you use has an XMPP jid encoded per RFC 3920, otherwise,
the server needs a way to somehow map a client cert to a client jid. If
this is the case, exodus should do the right thing when it gets back the
<jid> element after we do resource binding.

Eventually, we may be sucking certs from the built-in windows cert
store, but right now the .PEM stuff was easiest to do with the existing
SSL libs we are using.

pgm.
Post by Vinod Panicker
Hi,
I'm trying to get exodus to login to my server using SASL EXTERNAL.
What format does the certificate need to be in?
Anything else that I have to keep in mind?
Vinod Panicker
2006-03-24 04:50:16 UTC
Permalink
Thanks for the reply.

The jid in the cert is expected to be just the node name? Or does it
require to be a bare jid?

Regards,
Vinod.
Post by Peter Millard
I've done my testing with .PEM certificates which is normally what
openssl gives you. Note that you'll need to use the latest build of
Exodus in order for the SASL EXTERNAL stuff to work. Obviously, your
server needs to send it back as a possible mechanism as well :) Make
sure the cert you use has an XMPP jid encoded per RFC 3920, otherwise,
the server needs a way to somehow map a client cert to a client jid. If
this is the case, exodus should do the right thing when it gets back the
<jid> element after we do resource binding.
Eventually, we may be sucking certs from the built-in windows cert
store, but right now the .PEM stuff was easiest to do with the existing
SSL libs we are using.
pgm.
Post by Vinod Panicker
Hi,
I'm trying to get exodus to login to my server using SASL EXTERNAL.
What format does the certificate need to be in?
Anything else that I have to keep in mind?
Peter Millard
2006-03-24 17:23:45 UTC
Permalink
Post by Vinod Panicker
The jid in the cert is expected to be just the node name? Or does it
require to be a bare jid?
Client certs are expected to have a bare-jid in the cert.

pgm.

Continue reading on narkive:
Loading...