Connecting to servers on odd ports?
228 views
Skip to first unread message
snake...@gmail.com
Jan 12, 2014, 2:24:26 AM1/12/14
to profan...@googlegroups.com
I subscribe to security through obscurity :). Is there any config option to let me connect to my server that runs on a port other than 5222?
Also, while I'm here, is it able to take advantage of SSL, and as such, invalid SSL certs? :)
Boothj5
Jan 12, 2014, 11:09:40 AM1/12/14
to profan...@googlegroups.com, snake...@gmail.com
Currently there's no way to change from the default ports, but this has been missing for a long time, I've added an issue at github, should be an easy fix.
As far as I understand libstrophe (the underlying XMPP library) is using TLS whenever available (starting with 'profanity -l DEBUG' shows all the activity). However I'm not sure about dealing with invalid certificates, will have to take a look at that one.
Boothj5
Jan 18, 2014, 7:21:12 PM1/18/14
to profan...@googlegroups.com, snake...@gmail.com
The port settings have been added in master:
The /connect format is now:
/connect <account> [server value] [port value]
Examples:
/connect me@chat
/connect me@chat server chat.org
/connect me@chat port 5432
/connect me@chat server chat.org port 5432
/connect me@chat port 5432 server chat.org
The /account set command also has port added, e.g.:
/account set myaccount port 5644Message has been deleted
al...@mtu.edu
Feb 19, 2016, 11:50:23 AM2/19/16
to profanity development, snake...@gmail.com
What about invalid certs?
Boothj5
Feb 20, 2016, 7:02:46 PM2/20/16
to profanity development, snake...@gmail.com, al...@mtu.edu
SSL certificates are now handled in master, using a fork of libstrophe (https://github.com/boothj5/libmesode) and will be in release 0.5.0.
Profanity will use system trusted certificates, and keep it's own list of additional trusted certificates. Upon connecting, if an untrusted certificate is presented, the user is prompted.
The /tls command is currently as follows:
/tls allow : Allow connection to continue with TLS certificate.
/tls always : Always allow connections with TLS certificate.
/tls deny : Abort connection.
/tls cert : Show the current TLS certificate.
/tls cert <fingerprint> : Show details of trusted certificate.
/tls trust : Add the current TLS certificate to manually trusted certificates.
/tls trusted : List summary of manually trusted certificates (with '/tls always' or '/tls trust').
/tls revoke <fingerprint> : Remove a manually trusted certificate.
/tls certpath : Show the trusted certificate path.
/tls certpath set <path> : Specify filesystem path containing trusted certificates.
/tls certpath clear : Clear the trusted certificate path.
/tls show on|off : Show or hide the TLS indicator in the titlebar.
An additional account tls property is also available:
/account set <account> tls force : Force TLS connection, and fail if one cannot be established, this is default behaviour.
/account set <account> tls allow : Use TLS for the connection if it is available.
/account set <account> tls disable : Disable TLS for the connection.
I'm assuming you've also raised https://github.com/boothj5/profanity/issues/741 which I'm currently investigating.
On Friday, 19 February 2016 16:50:23 UTC, al...@mtu.edu wrote:
Profanity will use system trusted certificates, and keep it's own list of additional trusted certificates. Upon connecting, if an untrusted certificate is presented, the user is prompted.
The /tls command is currently as follows:
/tls allow : Allow connection to continue with TLS certificate.
/tls always : Always allow connections with TLS certificate.
/tls deny : Abort connection.
/tls cert : Show the current TLS certificate.
/tls cert <fingerprint> : Show details of trusted certificate.
/tls trust : Add the current TLS certificate to manually trusted certificates.
/tls trusted : List summary of manually trusted certificates (with '/tls always' or '/tls trust').
/tls revoke <fingerprint> : Remove a manually trusted certificate.
/tls certpath : Show the trusted certificate path.
/tls certpath set <path> : Specify filesystem path containing trusted certificates.
/tls certpath clear : Clear the trusted certificate path.
/tls show on|off : Show or hide the TLS indicator in the titlebar.
An additional account tls property is also available:
/account set <account> tls force : Force TLS connection, and fail if one cannot be established, this is default behaviour.
/account set <account> tls allow : Use TLS for the connection if it is available.
/account set <account> tls disable : Disable TLS for the connection.
I'm assuming you've also raised https://github.com/boothj5/profanity/issues/741 which I'm currently investigating.
On Friday, 19 February 2016 16:50:23 UTC, al...@mtu.edu wrote:
What about invalid certs?
Reply all
Reply to author
Forward
0 new messages