xmpp-client doesn't warn you if cert has been changed
mrphs opened this issue · comments
Not sure if this is a feature or a bug, but xmpp-client apparently don't warn you if TLS cert of the jabber server has been changed.
I haven't looked at the code to see if it caches the cert or even the sha256 FP or not, if it does, it might be a good idea to warn user when it changes. And if it doesn't... maybe we should discuss that.
Hey, there's an configuration option, called "ServerCertificateSHA256", you can pin the cert with.
If the SHA256 fingerprint doesn't match, xmpp-client will refuse to connect.
But yes, maybe there should be a warning if the certificate changes...
The ServerCertificateSHA256
option exists and can be used to identify a specific certificate if you wish. (Although it was originally intended for servers that use a self-signed cert.)
As for warning every time the certificate changes: certificates do change. They expire every so often if nothing else. I'm not sure what action users are supposed to take in response to such a warning and thus I expect the answer will be "ignore it" in the vast majority of cases.