[JDEV] 1.4.2-test tarball, HTTP proxy, and zero-k auth case sensitivity

Chris McDonald phx-jabber at mindspring.com
Wed Oct 17 19:23:05 CDT 2001

Got this running on Mandrake 8.1 no problem but it doesn't seem to like the
1.4.1 SSL configurations...anyone have any ideas?  I'll play with it in
cygwin as soon as I can get that to install successfully.

Chris McDonald
Jabber Admin phx-jabber
Earthlink Phoenix Call Center

-----Original Message-----
From: jdev-admin at jabber.org [mailto:jdev-admin at jabber.org]On Behalf Of
Sent: Tuesday, October 16, 2001 11:31 AM
To: jdev at jabber.org
Subject: [JDEV] 1.4.2-test tarball, HTTP proxy, and zero-k auth case

I'll just roll a few things into one message...

First, anyone interested in helping test the 1.4.2 server before release
to make sure it works on their platform or just for general functionality,
please grab the tarball at:


The only changes in cvs so far is a HUP fix and smart admin auto-reply.
I've tested personally on linux, solaris, and darwin/OSX.  The build is
supposed to work for the latest cygwin on win32 as well, but it's not
quite right, so if you have cygwin and can fix Makefiles and get it to
build many would appreciate it :)

Send any problem reports, platform fixes and warnings, or even if it just
works on a new platform, to jer at jabber.org, and I'll get it into cvs for
the 1.4.2 release.  If your testing functionality, the only major changes
were to the presence management and auth/reg code, so look there for any
oddities.  I'll have a full changelog available soon.

On the HTTP proxy bit, yes the existing hack in 1.4.1 is just that, and
only works with some proxies, as well as it's not in the new CCM running
on jabber.org.  Yes, the only real way to get through any proxy is with
polling HTTP requests, and yes there is experimental support out there for
it, check out "wcs" in cvs (which uses the "http" component as well) or
look at the original announcement at http://jabber.org/?oid=1102 which is
being used in a few places... I'm planning on spending some time upgrading
and doing another release of wcs/http after 1.4.2 is out.

On the 0k auth hash case sensitivity, the spec is to blame, it should make
it very clear that the exact use requires the hashing always to be of the
lower-case hex string.  It can't be case-insensitive since hashing an "A"
isn't the same as hashing an "a", and when validating 0k auth on the
server, it must first re-hash the given hash to validate it.


jdev mailing list
jdev at jabber.org

More information about the JDev mailing list