Interop
XMPP Interop
Plan: to make this the main page for all Interop information, a work-in-progress
2010 Interop
From Monday 6th December through to Saturday 11th December, the XSF will be conducting an online interop event to test and demonstrate XMPP interoperability based on the latest core standards. Client and Server implementers are encouraged to participate.
There is a XEP-0045 chatroom hosted at interop@muc.xmpp.org - if anyone has interop problems connecting to it, this is known to be reachable from jabber.org accounts.
There is also a mailing list interop@xmpp.org - joining it can be done by sending email to interop-request@xmpp.org with a subject line of "subscribe", or alternately by using the Web Interface.
2010 Interop CA
The CA certificate (DER-encoded) and CRL are available from http://ca.xmpptest.com/
To install the CA certificate, copy it to /etc/ssl/certs/ and create a symlink called $HASH.0 like this:
- cp ca_certificate.pem /etc/ssl/certs/xmpptest_CA.pem
- openssl x509 -hash -in ca_certificate.pem
- ln -s /etc/ssl/certs/xmpptest_CA.pem /etc/ssl/certs/fd0022dd.0
How to obtain a signed certificate
- Generate a certificate request:
- git clone https://github.com/bjc/prosody.git
- cd prosody/certs
- DOMAIN=yourhost.xmpptest.com
- make $DOMAIN.cnf
- make $DOMAIN.key
- make $DOMAIN.csr
- Send the CSR to MattJ (mwild1 ON gmail com)
- You will receive an email from MattJ with the file $DOMAIN.pem; you can append to it the private key with:
- cat $DOMAIN.key >> $DOMAIN.pem
2010 Server Interop Participation
Each participating server has one IM domain, and a chatroom subdomain. These are setup with only SRV records, no A/AAAA records and ports other than the default 5269.
Isode
- Contacts
- Servers
- mlinkrelease.xmpptest.com: R14.6 M-Link
- mlinktrunk.xmpptest.com: R15.0 M-Link (trunk)
- IPv4 and IPv6 dual-stack
Prosody
ejabberd
- Contacts
- Servers
- ejabberd21.xmpptest.com: ejabberd 2.1.x + EJAB-495 + EJAB-464; dev2.process-one.net ; ports 5222 (c2s) 5269 (s2s) 5280 (BOSH); IBR with CAPTCHA
- ejabberd master; just planned
psyced
- Contacts
- Servers
- psyced - s2s only with XEP-0288 and D-W-D support in several configurations (xep-0178-enabled, standard dialback, dwd, bidi)
- psyced-db.xmpptest.com - dialback only, does not enforce TLS
- psyced-sasl.xmpptest.com - enforces TLS, will offer sasl
- psyced-dwd.xmpptest.com - dialback with d-w-d, bidi
Tigase
2010 Client Interop Participation
Client developers are requested to ask server admins for usernames and passwords as required, to reduce the possibility of spamming (although it seems unlikely, it'd be a pest if it happened).
BoldonJames
Swift
- Contacts
- Kevin Smith XMPP
- Remko Tronçon XMPP+EMail
- Clients
- Swift
Gajim
- Contacts
- Yann Leboulanger XMPP
- Clients
- Gajim
Collabora
- Contacts
- Sjoerd Simons XMPP
- Will Thompson XMPP
- (Emilio Pozuelo Monfort XMPP ? not actively working on the XMPP backend, but is writing a search UI which should be able to drive the XEP-0055 code in Gabble)
- Clients
- Telepathy-Gabble, as used by Empathy
- Particularly interested in testing (based on a quick show of hands on the developer channel):
- XEP-0055
- XEP-0186 Invisible Command (deferred! how upsetting)
- Non-Google implementations of google:queue
- SOCKS5 bytestream proxies
- Server PEP behaviour when we turn +notify on and off on the fly. Specifically: do updates that occur while we do not have +notify set get pushed to us when we turn it back on?
OneTeam
OneTeam for iPhone
Testing
Current Server Config
Working through these during the week, as they need people to change their server configs. For the current config, please allow dialback, allow non-TLS s2s, and don't do cert checking if offered TLS. For C2S, please allow non-TLS (and TLS) connections.
Server Tests
- Test 1 (Wednesday). With no requirements on TLS, SASL or cert checking, ensure that a user connected to the server sending a XEP-0199 ping to each other test server receives the correct reply (meaning s2s worked).
- Test 2 (Thursday). Requiring TLS on all s2s connections on all servers, ensure that a user connected to the server sending a XEP-0199 ping to each other server gets the reply. Ensure that the servers don't s2s (i.e. the user receives an error from their own server when sending the ping) to notls.xmpptest.com (not yet set up). Failure against tigasetrunk is also required, as it doesn't support TLS.
- Test 3 (Friday). Requiring TLS on all s2s connections, with identity verification, ensure that the user's ping works to all test servers. Ensure it doesn't work to (notls|expiredcert|mismatchcert|revokedcert|selfcert).xmpptest.com (not yet set up). Failure against tigasetrunk is also required, as it doesn't support TLS.
Server Results
- Test 1
- mlinktrunk Works against: mlinkrelease, tigasetrunk, ejabberd21, prosody8, psyced-db, psyced-dwd, psyced-sasl. Fails against: none.
- mlinkrelease Works against: mlinktrunk, tigasetrunk, ejabberd21, prosody8, psyced-db, psyced-dwd, psyced-sasl. Fails against: none.
- tigasetrunk Didn't participate.
- ejabberd21 Works against: mlinkrelease, mlinktrunk, prosody8, psyced-dwd, psyced-sasl, tigasetrunk. Fails against: none.
- prosody8 Works against: mlinkrelease, mlinktrunk, ejabberd21, psyced-db, psyced-sasl, psyced-dwd, tigasetrunk. Fails against: none.
- psyced-db Works against: mlinkrelease, mlinktrunk, ejabberd21, psyced-dwd, psyced-sasl, tigasetrunk. Fails against: none.
- psyced-dwd (not actively participating, requires TLS)
- psyced-sasl (not actively participating, requires TLS)
- Test 2
- mlinktrunk Works against: mlinkrelease, ejabberd21, prosody8, psyced-db, psyced-dwd, psyced-sasl. Fails against: tigasetrunk (Expected).
- mlinkrelease Not participating - can only require valid certs, or not require - can't require a cert but not care if it's valid.
- tigasetrunk Not participating - doesn't support TLS on s2s.
- ejabberd21 Works against: mlinkrelease, mlinktrunk, prosody8, psyced-db, psyced-dwd, psyced-sasl. Fails against: tigasetrunk (Expected).
- prosody8 Works against: mlinktrunk, mlinkrelease, ejabberd21, psyced-db, psyced-sasl, psyced-dwd. Fails against: tigasetrunk (Expected).
- psyced-db Works against: . mlinkrelease, mlinktrunk, ejabberd21, prosody8, psyced-dwd, psyced-sasl. Fails against: tigasetrunk (expected).
- psyced-dwd Works against: mlinkrelease, mlinktrunk, ejabberd21, prosody8, psyced-db, psyced-sasl Fails against: tigasetrunk (expected).
- psyced-sasl Works against: mlinkrelease, mlinktrunk, ejabberd21, prosody8, psyced-db, psyced-dwd . Fails against: tigasetrunk (expected).
- Test 3
- mlinktrunk Works against: mlinkrelease, ejabberd21, prosody8, psyced-db, psyced-sasl. Fails against: expiredcert (Expected), revokedcert (Expected), mismatchcert (Expected), selfcert (Expected), tigasetrunk (Expected), psyced-dwd (Server down).
- mlinkrelease Not participating
- tigasetrunk Not participating - doesn't support TLS on s2s.
- ejabberd21. Works against: mlinkrelease, mlinktrunk, prosody8, revokedcert (oooh). Fails against: psyced-db (Server down), psyced-sasl (Server down), psyced-dwd (Server down), expiredcert (Expected), mismatchcert (Expected), selfcert (Expected), tigasetrunk (Expected).
- prosody8 Works against: mlinktrunk, mlinkrelease, ejabberd21, psyced-sasl, psyced-dwd. Failed against: psyced-db (Server down), tigasetrunk (Expected), expiredcert (Expected), revokedcert (Expected), selfcert (Expected), mismatchcert (Expected).
- psyced-db Not participating
- psyced-dwd Not participating
- psyced-sasl Works against: mlinkrelease, mlinktrunk, prosody8, ejabberd21. Fails against: expiredcert (Expected), revokedcert (Expected), mismatchcert (Expected), selfcert (Expected), tigasetrunk (Expected)
Client Tests
- Test 1 (Wednesday). Check that each client can connect to each test server.
- Test 2 (Thursday). Check that the clients will not login to notls.xmpptest.com, as it will only offer PLAIN without TLS.
- Test 3 (Friday). Check that the clients will login to all test servers, but not to the invalid TLS domains (see the s2s test list), or will warn the user before doing so.
Client Results
- Test 1
- Swift: Passed: mlinktrunk, mlinkrelease, ejabberd21, prosody8, tigasetrunk. Skipped: psyced-* (No XMPP C2S)
- Test 2
- Swift: Passed
- Test 3
- Swift: Passed: mlinkrelease, ejabberd21, prosody8, expiredcert, mismatchcert, selfcert. Skipped: revokedcert (Swift doesn't support CRL), psyced-* (No XMPP C2S), tigasetrunk (Not set up with correct certificates)
Other results
- Gajim and OneTeam worked well with voice over Jingle, with acceptable sound quality
- The N900 client and OneTeam worked well with voice over Jingle, when the phone was on wifi, did not work the phone was on 3G
- Modern versions of telepathy-gabble happily interoperate with M-Link Trunk's implementation of google:queue. Sadly, the version on the N900 does not detect M-Link's support for google:queue (because it only checks for the google:roster stream feature. Google doesn't actually advertise google:queue).
- Swift authenticates with SCRAM-SHA-1-PLUS against mlinktrunk
- Swift logs in succesfully with IPv6 to mlinktrunk
- Servers don't like SSLv2 on s2s links.
- mlinktrunk and prosody8 communicated using XEP-0198 on both S2S streams. A conversation was achieved between Matthew Wild and Dave Cridland using Swift at both ends, with XEP-0198 over every link.
- mlinktrunk and Psyced communicated bidirectionally using XEP-0288 over S2S.
- Isode's implementation of SCRAM-SHA1-PLUS was interop-tested against GNU SASL's (actually using IMAP rather than XMPP).