Commit Graph

29 Commits

Author SHA1 Message Date
Nulll 22096d58af Update servers.xml 2017-05-29 18:23:49 +02:00
Yann Leboulanger 33381fcae5 [Darlan] remove non-IBR from servers.xml. Fixes #8203 2015-12-22 21:28:27 +01:00
Fedor Brunner d079272f69 Add new entries from https://xmpp.net/services.xml 2014-01-23 16:29:04 +01:00
Fedor Brunner 016796c70d Sort entries in servers.xml 2014-01-23 16:18:32 +01:00
Fedor Brunner 8092d66929 Reformat the servers.xml using HTML Tidy tool
http://tidy.sourceforge.net/
2014-01-23 15:29:27 +01:00
Fedor Brunner 3b629a52d2 "4096-bit MODP Group" from RFC3526, Section 5.
The prime is: 2^4096 - 2^4032 - 1 + 2^64 * { [2^3966 pi] + 240904 }

RFC3526 specifies a generator of 2.

The generation of the group is described in RFC 2412.

Fixes: #7644
2014-02-17 14:54:20 +01:00
Fedor Brunner 80cc75f575 New set of CA certificates is in cacert.pem, used only on Windows.
These CA certificates were copied from debian ca-certificates, which uses
certificates from Mozilla's trust store.

spi CA certificate has be removed, no server in xmpp.net list uses this
CA certificate.
https://xmpp.net/directory.php

I have removed these CA certificates with 1024-bit RSA public keys,
because Mozilla is planning to remove them in Q1 2014 :

Digital_Signature_Trust_Co._Global_CA_1.crt
Digital_Signature_Trust_Co._Global_CA_3.crt
Entrust.net_Secure_Server_CA.crt
Equifax_Secure_CA.crt
Equifax_Secure_eBusiness_CA_1.crt
Equifax_Secure_Global_eBusiness_CA.crt
GTE_CyberTrust_Global_Root.crt
NetLock_Business_=Class_B=_Root.crt
NetLock_Express_=Class_C=_Root.crt
RSA_Root_Certificate_1.crt
Thawte_Premium_Server_CA.crt
Thawte_Server_CA.crt
ValiCert_Class_1_VA.crt
ValiCert_Class_2_VA.crt
Verisign_Class_1_Public_Primary_Certification_Authority.crt
Verisign_Class_1_Public_Primary_Certification_Authority_-_G2.crt
Verisign_Class_2_Public_Primary_Certification_Authority_-_G2.crt
Verisign_Class_3_Public_Primary_Certification_Authority.crt
Verisign_Class_3_Public_Primary_Certification_Authority_-_G2.crt

See:
https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/policy/
https://wiki.mozilla.org/CA:MD5and1024

I'm also removing TurkTrust CA certificates because of this security
incident:
https://blog.mozilla.org/security/2013/01/03/revoking-trust-in-two-turktrust-certficates/

TURKTRUST_Certificate_Services_Provider_Root_1.crt
TURKTRUST_Certificate_Services_Provider_Root_2007.crt
TURKTRUST_Certificate_Services_Provider_Root_2.crt

other/cacert.pem is used only on Windows. On Unix platforms
use CA certificates installed in /etc/ssl/certs
(python-nbxmpp loads CA certificates from /etc/ssl/certs directory)

Fixes #7629
2014-02-17 14:37:29 +01:00
Yann Leboulanger d4c2fd4da8 [fedor] enable forward secrecy thanks to Diffie-Hellman parameters. Fixes #7555 2013-11-12 21:10:22 +01:00
Denis Fomin 9c28f79b5f Update services.xml from xmpp.net/services.xml Fixes #7310 2013-02-28 12:05:07 +04:00
Yann Leboulanger 76962db81f update servers.xml from xmpp.org. Fixes #5797 2010-10-05 10:51:15 +02:00
Yann Leboulanger dc26f29db3 add Deutsche Telekom Root CA 2 vert. Fixes #5937 2010-09-24 19:25:04 +02:00
Yann Leboulanger faca096b56 add StartCom's Root CA Certificate. Fixes #5569 2010-01-25 18:54:43 +01:00
Yann Leboulanger 91bb7421da add some jabber server to server list. Fixes #5189 2009-07-29 20:47:00 +02:00
Yann Leboulanger f6d2e23016 add blabla.kz server to servers list. Fixes #4950 2009-04-05 15:28:48 +00:00
Yann Leboulanger 13a2d98bcf add ukrainian server 2008-12-04 07:00:52 +00:00
Julien Pivotto 05ddfa3cda update server list 2008-08-13 22:54:03 +00:00
Yann Leboulanger 19037e90a9 add Class3 CAcert.org Certificate in cacert.pem. fixes #3329 2007-11-22 11:26:27 +00:00
Yann Leboulanger ecd995fda3 [omega] Don't check the fingerprint of the SSL certificats with a fixed list, but use OpenSSL to check if the certificat is valid. 2007-06-03 14:15:50 +00:00
Julien Pivotto b11ad2e5ac Add fritalk.com to the list of Jabber servers 2007-05-31 20:54:46 +00:00
Yann Leboulanger d60a2c1490 add jabber.nuxo.net to the list of servers. 2007-03-08 08:43:16 +00:00
junglecow 53321ed464 New fingerprint for jabber.org is 66:9B:DB:4F:85:B7:A2:26:4D:76:01:C1:14:ED:0A:A9:24:15:8C:85 2007-01-24 22:39:51 +00:00
junglecow 5529852ded - Fix TB on fingerprint mismatch
- Add debug message on import failure of PyOpenSSL
 - Update gajim.org digest after migration to new server
2006-12-29 01:46:46 +00:00
junglecow 44674f7e75 - Implement matching of fingerprints against servers.xml
- Add support for fingerprints to servers.xml parser.
 - Add support for 'hidden' servers to servers.xml parser.
 - Add some fingerprints to servers.xml, for testing and as example for the new format.
 - Force asynchronous (nonblocking) SSL handshake in all case
 - Add logging to c/connection.py

Known issues:
 - Checking of fingerprints doesn't work on in-band SSL (Typically port 5222) because of stuff happening out of sequence. Workaround: use immediate SSL mode ("Legacy SSL" option in server config). Because there is as of yet no other way to /force/ SSL, this is also the most secure setting.
 - A lot of code is still looking for a better place to live.
2006-12-22 23:30:23 +00:00
junglecow b0ba6742cc Oops, local mods weren't meant to go into repository. 2006-12-20 21:13:07 +00:00
junglecow a4655276fe [Trunk]
- In verbose mode, print encodings. (Especially for Windows users who don't have Python) (gajim.py)
 - Attempt at fixing traceback when getting user's home directory in Windows. See #2812. (c/configpaths.py)
 - Show 'error' icon next to account while waiting for reconnect. Fixes #2786. (c/connection_handlers.py, c/gajim.py, c/connection.py)
[PyOpenSSL]
 - Fix 100% CPU usage and hanging connection when server closes connection on us. (c/x/transports_nb.py)
 - Fix 'hanging' connection when server closes the connection on us before we can open the XML stream. (Disconnect handler didn't get called.) (c/x/client_nb.py)
 - Change prints to logger calls, various enhancements to debug printing, reduce spam (c/x/transports_nb.py)
 - this → self (c/x/transports_nb.py)
 - Call _do_receive() once to collect error message from socket, when error flag is raised in scheduler. (c/x/transports_nb.py)
2006-12-20 20:40:08 +00:00
Jean-Marie Traissard df93a2581e Added im.apinc.org to server list. (Should be already here, admin of server noticed) 2006-09-27 22:41:22 +00:00
Nikos Kouremenos b2c71fb427 update servers.xml from http://www.jabber.org/servers.xml 2006-09-27 16:14:16 +00:00
Jean-Marie Traissard 6c6868a452 Added im.apinc.org in servers list 2006-06-04 14:54:17 +00:00
Dimitur Kirov cc41b56820 temporary fix: added missing server lists
which causes Gajim to fail at start
2005-09-19 13:49:36 +00:00