Interop

From XMPP WIKI
Revision as of 10:48, 13 December 2010 by Dwd (talk | contribs) (→‎Other results)
Jump to navigation Jump to search

XMPP Interop

Plan: to make this the main page for all Interop information, a work-in-progress

2010 Interop

From Monday 6th December through to Saturday 11th December, the XSF will be conducting an online interop event to test and demonstrate XMPP interoperability based on the latest core standards. Client and Server implementers are encouraged to participate.

There is a XEP-0045 chatroom hosted at interop@muc.xmpp.org - if anyone has interop problems connecting to it, this is known to be reachable from jabber.org accounts.

There is also a mailing list interop@xmpp.org - joining it can be done by sending email to interop-request@xmpp.org with a subject line of "subscribe", or alternately by using the Web Interface.

2010 Interop CA

The CA certificate (DER-encoded) and CRL are available from http://ca.xmpptest.com/

To install the CA certificate, copy it to /etc/ssl/certs/ and create a symlink called $HASH.0 like this:

  • cp ca_certificate.pem /etc/ssl/certs/xmpptest_CA.pem
  • openssl x509 -hash -in ca_certificate.pem
  • ln -s /etc/ssl/certs/xmpptest_CA.pem /etc/ssl/certs/fd0022dd.0
How to obtain a signed certificate
  1. Generate a certificate request:
  2. Send the CSR to MattJ (mwild1 ON gmail com)
  3. You will receive an email from MattJ with the file $DOMAIN.pem; you can append to it the private key with:
    • cat $DOMAIN.key >> $DOMAIN.pem

2010 Server Interop Participation

Each participating server has one IM domain, and a chatroom subdomain. These are setup with only SRV records, no A/AAAA records and ports other than the default 5269.

Isode

  • Contacts
  • Servers
    • mlinkrelease.xmpptest.com: R14.6 M-Link
    • mlinktrunk.xmpptest.com: R15.0 M-Link (trunk)
      • IPv4 and IPv6 dual-stack

Prosody

  • Contacts
  • Servers
    • prosody8.xmpptest.com: Prosody 0.8-hg

ejabberd

  • Contacts
  • Servers
    • ejabberd21.xmpptest.com: ejabberd 2.1.x + EJAB-495 + EJAB-464; dev2.process-one.net ; ports 5222 (c2s) 5269 (s2s) 5280 (BOSH); IBR with CAPTCHA
    • ejabberd master; just planned

psyced

  • Contacts
  • Servers
    • psyced - s2s only with XEP-0288 and D-W-D support in several configurations (xep-0178-enabled, standard dialback, dwd, bidi)
    • psyced-db.xmpptest.com - dialback only, does not enforce TLS
    • psyced-sasl.xmpptest.com - enforces TLS, will offer sasl
    • psyced-dwd.xmpptest.com - dialback with d-w-d, bidi

Tigase

  • Contacts
  • Servers
    • tigasetrunk.xmpptest.com: Tigase (trunk)

2010 Client Interop Participation

Client developers are requested to ask server admins for usernames and passwords as required, to reduce the possibility of spamming (although it seems unlikely, it'd be a pest if it happened).

BoldonJames

  • Contacts
  • Clients
    • SAFEchat V2.3

Swift

Gajim

  • Contacts
    • Yann Leboulanger XMPP
  • Clients
    • Gajim

Collabora

  • Contacts
    • Sjoerd Simons XMPP
    • Will Thompson XMPP
    • (Emilio Pozuelo Monfort XMPP ? not actively working on the XMPP backend, but is writing a search UI which should be able to drive the XEP-0055 code in Gabble)
  • Clients
  • Particularly interested in testing (based on a quick show of hands on the developer channel):
    • XEP-0055
    • XEP-0186 Invisible Command (deferred! how upsetting)
    • Non-Google implementations of google:queue
    • SOCKS5 bytestream proxies
    • Server PEP behaviour when we turn +notify on and off on the fly. Specifically: do updates that occur while we do not have +notify set get pushed to us when we turn it back on?

OneTeam

  • Contacts
  • Clients
    • OneTeam

OneTeam for iPhone

  • Contacts
  • Clients
    • OneTeam for iPhone

Testing

Current Server Config

Working through these during the week, as they need people to change their server configs. For the current config, please allow dialback, allow non-TLS s2s, and don't do cert checking if offered TLS. For C2S, please allow non-TLS (and TLS) connections.


Server Tests

  • Test 1 (Wednesday). With no requirements on TLS, SASL or cert checking, ensure that a user connected to the server sending a XEP-0199 ping to each other test server receives the correct reply (meaning s2s worked).
  • Test 2 (Thursday). Requiring TLS on all s2s connections on all servers, ensure that a user connected to the server sending a XEP-0199 ping to each other server gets the reply. Ensure that the servers don't s2s (i.e. the user receives an error from their own server when sending the ping) to notls.xmpptest.com (not yet set up). Failure against tigasetrunk is also required, as it doesn't support TLS.
  • Test 3 (Friday). Requiring TLS on all s2s connections, with identity verification, ensure that the user's ping works to all test servers. Ensure it doesn't work to (notls|expiredcert|mismatchcert|revokedcert|selfcert).xmpptest.com (not yet set up). Failure against tigasetrunk is also required, as it doesn't support TLS.

Server Results

  • Test 1
    • mlinktrunk Works against: mlinkrelease, tigasetrunk, ejabberd21, prosody8, psyced-db, psyced-dwd, psyced-sasl. Fails against: none.
    • mlinkrelease Works against: mlinktrunk, tigasetrunk, ejabberd21, prosody8, psyced-db, psyced-dwd, psyced-sasl. Fails against: none.
    • tigasetrunk Didn't participate.
    • ejabberd21 Works against: mlinkrelease, mlinktrunk, prosody8, psyced-dwd, psyced-sasl, tigasetrunk. Fails against: none.
    • prosody8 Works against: mlinkrelease, mlinktrunk, ejabberd21, psyced-db, psyced-sasl, psyced-dwd, tigasetrunk. Fails against: none.
    • psyced-db Works against: mlinkrelease, mlinktrunk, ejabberd21, psyced-dwd, psyced-sasl, tigasetrunk. Fails against: none.
    • psyced-dwd (not actively participating, requires TLS)
    • psyced-sasl (not actively participating, requires TLS)
  • Test 2
    • mlinktrunk Works against: mlinkrelease, ejabberd21, prosody8, psyced-db, psyced-dwd, psyced-sasl. Fails against: tigasetrunk (Expected).
    • mlinkrelease Not participating - can only require valid certs, or not require - can't require a cert but not care if it's valid.
    • tigasetrunk Not participating - doesn't support TLS on s2s.
    • ejabberd21 Works against: mlinkrelease, mlinktrunk, prosody8, psyced-db, psyced-dwd, psyced-sasl. Fails against: tigasetrunk (Expected).
    • prosody8 Works against: mlinktrunk, mlinkrelease, ejabberd21, psyced-db, psyced-sasl, psyced-dwd. Fails against: tigasetrunk (Expected).
    • psyced-db Works against: . mlinkrelease, mlinktrunk, ejabberd21, prosody8, psyced-dwd, psyced-sasl. Fails against: tigasetrunk (expected).
    • psyced-dwd Works against: mlinkrelease, mlinktrunk, ejabberd21, prosody8, psyced-db, psyced-sasl Fails against: tigasetrunk (expected).
    • psyced-sasl Works against: mlinkrelease, mlinktrunk, ejabberd21, prosody8, psyced-db, psyced-dwd . Fails against: tigasetrunk (expected).
  • Test 3
    • mlinktrunk Works against: mlinkrelease, ejabberd21, prosody8, psyced-db, psyced-sasl. Fails against: expiredcert (Expected), revokedcert (Expected), mismatchcert (Expected), selfcert (Expected), tigasetrunk (Expected), psyced-dwd (Server down).
    • mlinkrelease Not participating
    • tigasetrunk Not participating - doesn't support TLS on s2s.
    • ejabberd21. Works against: mlinkrelease, mlinktrunk, prosody8, revokedcert (oooh). Fails against: psyced-db (Server down), psyced-sasl (Server down), psyced-dwd (Server down), expiredcert (Expected), mismatchcert (Expected), selfcert (Expected), tigasetrunk (Expected).
    • prosody8 Works against: mlinktrunk, mlinkrelease, ejabberd21, psyced-sasl, psyced-dwd. Failed against: psyced-db (Server down), tigasetrunk (Expected), expiredcert (Expected), revokedcert (Expected), selfcert (Expected), mismatchcert (Expected).
    • psyced-db Not participating
    • psyced-dwd Not participating
    • psyced-sasl Works against: mlinkrelease, mlinktrunk, prosody8, ejabberd21. Fails against: expiredcert (Expected), revokedcert (Expected), mismatchcert (Expected), selfcert (Expected), tigasetrunk (Expected)

Client Tests

  • Test 1 (Wednesday). Check that each client can connect to each test server.
  • Test 2 (Thursday). Check that the clients will not login to notls.xmpptest.com, as it will only offer PLAIN without TLS.
  • Test 3 (Friday). Check that the clients will login to all test servers, but not to the invalid TLS domains (see the s2s test list), or will warn the user before doing so.

Client Results

  • Test 1
    • Swift: Passed: mlinktrunk, mlinkrelease, ejabberd21, prosody8, tigasetrunk. Skipped: psyced-* (No XMPP C2S)
  • Test 2
    • Swift: Passed
  • Test 3
    • Swift: Passed: mlinkrelease, ejabberd21, prosody8, expiredcert, mismatchcert, selfcert. Skipped: revokedcert (Swift doesn't support CRL), psyced-* (No XMPP C2S), tigasetrunk (Not set up with correct certificates)

Other results

  • Gajim and OneTeam worked well with voice over Jingle, with acceptable sound quality
  • The N900 client and OneTeam worked well with voice over Jingle, when the phone was on wifi, did not work the phone was on 3G
  • Modern versions of telepathy-gabble happily interoperate with M-Link Trunk's implementation of google:queue. Sadly, the version on the N900 does not detect M-Link's support for google:queue (because it only checks for the google:roster stream feature. Google doesn't actually advertise google:queue).
  • Swift authenticates with SCRAM-SHA-1-PLUS against mlinktrunk
  • Swift logs in succesfully with IPv6 to mlinktrunk
  • Servers don't like SSLv2 on s2s links.
  • mlinktrunk and prosody8 communicated using XEP-0198 on both S2S streams. A conversation was achieved between Matthew Wild and Dave Cridland using Swift at both ends, with XEP-0198 over every link.
  • mlinktrunk and Psyced communicated bidirectionally using XEP-0288 over S2S.
  • Isode's implementation of SCRAM-SHA1-PLUS was interop-tested against GNU SASL's (actually using IMAP rather than XMPP).