[Bug 39057] Can't connect to Oracle Jabber server
bugzilla-daemon at freedesktop.org
bugzilla-daemon at freedesktop.org
Thu Sep 26 07:51:21 PDT 2013
https://bugs.freedesktop.org/show_bug.cgi?id=39057
--- Comment #14 from Simon McVittie <simon.mcvittie at collabora.co.uk> ---
(In reply to comment #13)
> 26.09.2013 16:14:26.903295 - [wocky] _write_node_tree: Serializing tree:
> * iq xmlns='jabber:client' type='set' id='278600903271'
> * query xmlns='jabber:iq:privacy'
> * list name='invisible'
> * item action='deny' order='1'
> * presence-out
> 26.09.2013 16:14:26.947413 - [wocky] _end_element_ns: Received stanza
> * iq xmlns='jabber:client' from='privacy-cm.uc-cup2' id='278600903271'
> to='user at domain/resource' type='error'
> * error type='cancel'
> * item-not-found xmlns='urn:ietf:params:xml:ns:xmpp-stanzas'
> 26.09.2013 16:14:26.947540 - [wocky] check_spoofing: wocky-c2s-porter.c:885:
> 'privacy-cm.uc-cup2' (normal: 'privacy-cm.uc-cup2') attempts to spoof an IQ
> reply from '(null)'
Just to confirm, your domain is not in fact privacy-cm.uc-cup2?
The spoofing check is correct to reject this: this reply is indistinguishable
from an unrelated XMPP user('s server) doing something malicious. We don't have
any way to know that stanzas claiming to be from privacy-cm.uc-cup2 (whatever
that is) are valid replies to a stanza that was (implicitly) sent to
user at domain.
(If our own full JID is user at domain/resource, then omitting the 'to' on a
stanza is meant to be exactly equivalent to setting to='user at domain' - we're
asking our own "home" server to handle the stanza on our behalf.)
--
You are receiving this mail because:
You are the QA Contact for the bug.
You are the assignee for the bug.
More information about the telepathy-bugs
mailing list