doubt reg. TLS and GSSAPI

Etan S. C. Reisner deryni at pidgin.im
Fri Apr 11 12:25:47 EDT 2008


On Fri, Apr 11, 2008 at 08:06:58PM +0530, Rahul Amaram wrote:
> Hi,
<snip>
> Now here are my doubts:

Do you have doubts because you have tried to use pidgin and failed or just
'because'? If you haven't tried I really suggest you do that before
asking, it can save everyone time.

> 1. Does pidgin check the certificate against the domain name
> (company.com) or the server name (jabber.example.com)? It currently
> seems to be verifying against the domain name. Is this expected behaviour?


In pidgin 2.4.0 and later the connect server should be used when a
hostname is specified in that field, the srv record host if no connect
server is specified and an srv record exists, and the domain otherwise.

> 2. When pidgin tries to fetch a ticket for the jabber service, which of
> the below is used as the servername for building the principal
> xmpp/servername at EXAMPLE.COM?
>      - Domain company.com
>      - Server jabber.example.com
>      - Name got by resolving domain company.com and doing a reverse
> look-up on the IP (Pidgin seems to be doing this currently)
>      - Name got by resolving server jabber.example.com and doing a
> reverse look-up on the IP (Shouldn't this be the expected behaviour?)

I believe this should function simlilarly to my answer above.

> 3. Is it necessary that the domain company.com be resolvable if I am
> filling the "Connect Server" field? If so, for what?

No, with a connect server the Domain entry should not need to be resolvable.

> Looking forward to an early response.
>
> Thanks and Regards,
> Rahul.

    -Etan



More information about the Support mailing list