Open myzinsky opened 3 years ago
Same issue here, I'm wondering whether that has something to do with the fact that I'm using a self-signed certificate (which I did trust so that Siskin could connect). This is the output on the server side:
2022-04-10 19:48:36.262640+00:00 [info] Got HTTP upload slot for xxx@xxx.lan/xxx (file: IMG_7439.png, size: 709944)
2022-04-10 19:48:36.279022+00:00 [info] (<0.804.0>) Accepted connection [::ffff:10.0.0.23]:58194 -> [::ffff:172.17.0.7]:5443
Even thought the server reports an accepted connection, Siskin reports an issue when trying to upload a photo.
@mrusme If you have accepted a self-signed certificate during XMPP connection establishment, then it is only accepted for establishing an XMPP connection for a particular account.
This means it is not trusted nor accepted for establishing the HTTPS connection required for HTTP File Upload to work correctly. This is not a bug, but how the app works.
Accepting self-signed SSL certificates for XMPP connections is part of the app, but was introduced to allow testing the app on the development servers which are not accessible from the internet. HTTP File Upload, on the other hand, should be accessible from the internet, as this should allow anyone to have a link to access the uploaded file. Having a self-signed certificate may forbid the recipient of a link from downloading a file and verifying HTTP server identity. Due to that, HTTP File Upload HTTP servers should have a valid SSL certificate.
Due to that, and the fact that many can acquire SSL certificates for HTTPS connections for free (ie. from LetsEncrypt), I think that this is how the app should work.
@hantu85 in my case I'm using ejabberd internally, without access to the outside world. Assuming a company is setting up something like that inside their VPC, where no Let's Encrypt certificate could be issued, how would they go with sharing files through XMPP?
I understand the security impact of accepting a self-signed certificate and I guess one way to mitigate this issue is to install the company's CA on each device. However, I believe it would be nice if there was a big fat warning with an "I agree" checkmark that would allow people to accept self-signed certs for file uploads as well, in cases in which they might not be able to install the root CA on every machine due to BYOD.
@mrusme We may consider this in the future, but we will treat it as a low priority feature. We are open to PR with the implementation of this feature.
Describe the bug Upload of pictures does not work on siskin on my iPhone. On Beagle it works well.
The picture is uploaded and also the file is accepted by Ejabberd and stored correctly. However siskin is not submitting the according link to it.
Details (please complete the following information):