[guardian-dev] chatsecure android failing with jabberd2

Greg Troxel gdt at ir.bbn.com
Wed Apr 22 17:15:10 EDT 2015


Nathan of Guardian <nathan at guardianproject.info> writes:

> We can look at the Smack source code here:
> https://github.com/rtreffer/smack/blob/master/source/org/jivesoftware/smack/SASLAuthentication.java#L480
>
> Somehow that seems tied to this "session supported" capability:
>
>  /**
>      * Notification message saying that the server supports sessions.
>      When a server supports
>      * sessions the client needs to send a Session packet after
>      successfully binding a resource
>      * for the session.
>      */
>     void sessionsSupported() {
>         sessionSupported = true;
>     }

It turns out that jabberd2 does not send the session supported
capability.  This is wrong according to RFC3921, as I understand it.
However, it also seems that libpurple does not check that this
capability is enabled, and just assumes it is.

So it seems like it would be good to do two things in parallel:

  1) file a bug with jabberd2 so the capability is advertised

  2) adjust the Smack code used with ChatSecure to just log a warning
  instead of throwing a fatal exception.

If we don't do 2, then we should

  2a) ensure that the error message displayed is "server did not
  advertise 'session supported' capability" rather than auth failure.

I will look into filing a bug with jabberd2.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 180 bytes
Desc: not available
URL: <http://lists.mayfirst.org/pipermail/guardian-dev/attachments/20150422/16472984/attachment.sig>


More information about the guardian-dev mailing list