Checking hostname in XMPP server when using TLS

zhong ming wu mr.z.m.wu at gmail.com
Tue Nov 2 15:37:05 EDT 2010


First Pidgin is great.  Thanks.

My question is related to TLS implementation of xmpp client functionality
that I think is unspecific to pidgin

As u know a xmpp domain may have more than 1 server handling c2s
connections.  Perhaps that is the original reason why when a client connects
to server via TLS it check to see if ssl cert is issued in domain name not
server name; that way a domain can use 1 cert in all servers.

In the opposite case of one server handling multiple virtual domains this is
undesirable since otherwise one cert suffices

Moreover assuming DNS is safe (big assumption in the past & some will say
now) should client not do DNS look up and then use server cert to verify
authenticity of it

Just curios in general about how xmpp client authors decide to check domain
name with the SSL certificate

I have tested aidium psi empathy ichat beem in addition to pidgin on windows
and linux

HTTP and smtp does not work like that
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://pidgin.im/pipermail/support/attachments/20101102/7a92e79b/attachment.htm>


More information about the Support mailing list