|
|
|
@ -276,7 +276,52 @@ Compatibility
|
|
|
|
|
|
|
|
|
|
Tested with ejabberd and mongooseim.
|
|
|
|
|
|
|
|
|
|
Security Considerations
|
|
|
|
|
-----------------------
|
|
|
|
|
|
|
|
|
|
[libstrophe](https://github.com/strophe/libstrophe.git) does not verify
|
|
|
|
|
the TLS server certificates. Sessions can be MITM'ed.
|
|
|
|
|
|
|
|
|
|
libstrophe has support for TLS certificate verification on a
|
|
|
|
|
[branch](https://github.com/strophe/libstrophe/tree/tls-cert).
|
|
|
|
|
|
|
|
|
|
[libmesode](https://github.com/boothj5/libmesode.git) supports TLS
|
|
|
|
|
certificate verification.
|
|
|
|
|
|
|
|
|
|
License
|
|
|
|
|
-------
|
|
|
|
|
|
|
|
|
|
Copyright (c) 2015-2016, Michael Santos <michael.santos@gmail.com>
|
|
|
|
|
|
|
|
|
|
Permission to use, copy, modify, and/or distribute this software for any
|
|
|
|
|
purpose with or without fee is hereby granted, provided that the above
|
|
|
|
|
copyright notice and this permission notice appear in all copies.
|
|
|
|
|
|
|
|
|
|
THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
|
|
|
|
|
WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
|
|
|
|
|
MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
|
|
|
|
|
ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
|
|
|
|
|
WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
|
|
|
|
|
ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
|
|
|
|
|
OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
|
|
|
|
|
|
|
|
|
TODO
|
|
|
|
|
----
|
|
|
|
|
|
|
|
|
|
* TLS support
|
|
|
|
|
* Support TLS certificate verification
|
|
|
|
|
|
|
|
|
|
Switch to using [libmesode](https://github.com/boothj5/libmesode)
|
|
|
|
|
|
|
|
|
|
* support [XEP-0384: OMEMO Encryption](https://xmpp.org/extensions/xep-0384.html)
|
|
|
|
|
|
|
|
|
|
* sandbox
|
|
|
|
|
|
|
|
|
|
After connecting to the XMPP server, xmppipe reads from stdin, writes
|
|
|
|
|
to stdout and read/writes from the network socket.
|
|
|
|
|
|
|
|
|
|
Drop additional capabilities using OS-specific sandboxes:
|
|
|
|
|
|
|
|
|
|
* OpenBSD: pledge(2)
|
|
|
|
|
* Linux: BPF syscall filtering using prctl(2) or seccomp(2)
|
|
|
|
|
* FreeBSD: capabilities using capsicum(4)
|
|
|
|
|
* any: setrlimit(2)
|
|
|
|
|