xmpp

Feb 8, 2022 GO-2021-0321GO-2022-0370

  GO-2021-0321: An attacker capable of spoofing DNS TXT records can redirect a WebSocket connection request to a server under their control without causing TLS certificate verification to fail. This occurs because the wrong host name is selected during this verification.

  GO-2022-0370: Websocket client connections are vulnerable to man-in-the-middle attacks via DNS spoofing. When looking up a WSS endpoint using a DNS TXT record, the server TLS certificate is incorrectly validated using the name of the server returned by the TXT record request, not the name of the the server being connected to. This permits any attacker that can spoof a DNS record to redirect the user to a server of their choosing. Providing a *tls.Config with a ServerName field set to the correct destination hostname will avoid this issue.

Sep 26, 2021 GO-2021-0321GO-2022-0370

  GO-2021-0321: An attacker capable of spoofing DNS TXT records can redirect a WebSocket connection request to a server under their control without causing TLS certificate verification to fail. This occurs because the wrong host name is selected during this verification.

  GO-2022-0370: Websocket client connections are vulnerable to man-in-the-middle attacks via DNS spoofing. When looking up a WSS endpoint using a DNS TXT record, the server TLS certificate is incorrectly validated using the name of the server returned by the TXT record request, not the name of the the server being connected to. This permits any attacker that can spoof a DNS record to redirect the user to a server of their choosing. Providing a *tls.Config with a ServerName field set to the correct destination hostname will avoid this issue.

Changes in this version

type Session

+ func (s *Session) EncodeMessage(ctx context.Context, v interface{}) (xmlstream.TokenReadCloser, error)

+ func (s *Session) EncodeMessageElement(ctx context.Context, payload interface{}, msg stanza.Message) (xmlstream.TokenReadCloser, error)

+ func (s *Session) EncodePresence(ctx context.Context, v interface{}) (xmlstream.TokenReadCloser, error)

+ func (s *Session) EncodePresenceElement(ctx context.Context, payload interface{}, msg stanza.Presence) (xmlstream.TokenReadCloser, error)

+ func (s *Session) In() stream.Info

+ func (s *Session) Out() stream.Info

+ func (s *Session) SendMessage(ctx context.Context, r xml.TokenReader) (xmlstream.TokenReadCloser, error)

+ func (s *Session) SendMessageElement(ctx context.Context, payload xml.TokenReader, msg stanza.Message) (xmlstream.TokenReadCloser, error)

+ func (s *Session) SendPresence(ctx context.Context, r xml.TokenReader) (xmlstream.TokenReadCloser, error)

+ func (s *Session) SendPresenceElement(ctx context.Context, payload xml.TokenReader, msg stanza.Presence) (xmlstream.TokenReadCloser, error)

May 2, 2021 GO-2021-0321GO-2022-0370

  GO-2021-0321: An attacker capable of spoofing DNS TXT records can redirect a WebSocket connection request to a server under their control without causing TLS certificate verification to fail. This occurs because the wrong host name is selected during this verification.

  GO-2022-0370: Websocket client connections are vulnerable to man-in-the-middle attacks via DNS spoofing. When looking up a WSS endpoint using a DNS TXT record, the server TLS certificate is incorrectly validated using the name of the server returned by the TXT record request, not the name of the the server being connected to. This permits any attacker that can spoof a DNS record to redirect the user to a server of their choosing. Providing a *tls.Config with a ServerName field set to the correct destination hostname will avoid this issue.

Changes in this version

type Session

+ func (s *Session) IterIQ(ctx context.Context, iq xml.TokenReader) (*xmlstream.Iter, error)

+ func (s *Session) IterIQElement(ctx context.Context, payload xml.TokenReader, iq stanza.IQ) (*xmlstream.Iter, error)

+ func (s *Session) UnmarshalIQ(ctx context.Context, iq xml.TokenReader, v interface{}) error

+ func (s *Session) UnmarshalIQElement(ctx context.Context, payload xml.TokenReader, iq stanza.IQ, v interface{}) error

type SessionState

+ func (i SessionState) String() string

Feb 14, 2021 GO-2021-0321GO-2022-0370

  GO-2021-0321: An attacker capable of spoofing DNS TXT records can redirect a WebSocket connection request to a server under their control without causing TLS certificate verification to fail. This occurs because the wrong host name is selected during this verification.

  GO-2022-0370: Websocket client connections are vulnerable to man-in-the-middle attacks via DNS spoofing. When looking up a WSS endpoint using a DNS TXT record, the server TLS certificate is incorrectly validated using the name of the server returned by the TXT record request, not the name of the the server being connected to. This permits any attacker that can spoof a DNS record to redirect the user to a server of their choosing. Providing a *tls.Config with a ServerName field set to the correct destination hostname will avoid this issue.

Changes in this version

type Session

+ func DialSession(ctx context.Context, location, origin jid.JID, rw io.ReadWriter, ...) (*Session, error)

+ func ReceiveClientSession(ctx context.Context, origin jid.JID, rw io.ReadWriter, ...) (*Session, error)

+ func ReceiveServerSession(ctx context.Context, location, origin jid.JID, rw io.ReadWriter, ...) (*Session, error)

+ func ReceiveSession(ctx context.Context, rw io.ReadWriter, state SessionState, ...) (*Session, error)

+ func (s *Session) InSID() string

+ func (s *Session) OutSID() string

type SessionState

+ const S2S

type StreamConfig

+ WebSocket bool

type StreamFeature

+ func SASLServer(permissions func(*sasl.Negotiator) bool, mechanisms ...sasl.Mechanism) StreamFeature

Nov 21, 2020 GO-2021-0321GO-2022-0370

  GO-2021-0321: An attacker capable of spoofing DNS TXT records can redirect a WebSocket connection request to a server under their control without causing TLS certificate verification to fail. This occurs because the wrong host name is selected during this verification.

  GO-2022-0370: Websocket client connections are vulnerable to man-in-the-middle attacks via DNS spoofing. When looking up a WSS endpoint using a DNS TXT record, the server TLS certificate is incorrectly validated using the name of the server returned by the TXT record request, not the name of the the server being connected to. This permits any attacker that can spoof a DNS record to redirect the user to a server of their choosing. Providing a *tls.Config with a ServerName field set to the correct destination hostname will avoid this issue.

Changes in this version

type Session

+ func (s *Session) EncodeIQ(ctx context.Context, v interface{}) (xmlstream.TokenReadCloser, error)

+ func (s *Session) EncodeIQElement(ctx context.Context, payload interface{}, iq stanza.IQ) (xmlstream.TokenReadCloser, error)

Nov 11, 2020 GO-2021-0321GO-2022-0370

  GO-2021-0321: An attacker capable of spoofing DNS TXT records can redirect a WebSocket connection request to a server under their control without causing TLS certificate verification to fail. This occurs because the wrong host name is selected during this verification.

  GO-2022-0370: Websocket client connections are vulnerable to man-in-the-middle attacks via DNS spoofing. When looking up a WSS endpoint using a DNS TXT record, the server TLS certificate is incorrectly validated using the name of the server returned by the TXT record request, not the name of the the server being connected to. This permits any attacker that can spoof a DNS record to redirect the user to a server of their choosing. Providing a *tls.Config with a ServerName field set to the correct destination hostname will avoid this issue.

Changes in this version

type Session

+ func (s *Session) ConnectionState() tls.ConnectionState

Mar 8, 2020 GO-2021-0321GO-2022-0370

  GO-2021-0321: An attacker capable of spoofing DNS TXT records can redirect a WebSocket connection request to a server under their control without causing TLS certificate verification to fail. This occurs because the wrong host name is selected during this verification.

  GO-2022-0370: Websocket client connections are vulnerable to man-in-the-middle attacks via DNS spoofing. When looking up a WSS endpoint using a DNS TXT record, the server TLS certificate is incorrectly validated using the name of the server returned by the TXT record request, not the name of the the server being connected to. This permits any attacker that can spoof a DNS record to redirect the user to a server of their choosing. Providing a *tls.Config with a ServerName field set to the correct destination hostname will avoid this issue.

Feb 28, 2020 GO-2021-0321GO-2022-0370

  GO-2021-0321: An attacker capable of spoofing DNS TXT records can redirect a WebSocket connection request to a server under their control without causing TLS certificate verification to fail. This occurs because the wrong host name is selected during this verification.

  GO-2022-0370: Websocket client connections are vulnerable to man-in-the-middle attacks via DNS spoofing. When looking up a WSS endpoint using a DNS TXT record, the server TLS certificate is incorrectly validated using the name of the server returned by the TXT record request, not the name of the the server being connected to. This permits any attacker that can spoof a DNS record to redirect the user to a server of their choosing. Providing a *tls.Config with a ServerName field set to the correct destination hostname will avoid this issue.

Aug 18, 2019 GO-2021-0321GO-2022-0370

  GO-2021-0321: An attacker capable of spoofing DNS TXT records can redirect a WebSocket connection request to a server under their control without causing TLS certificate verification to fail. This occurs because the wrong host name is selected during this verification.

  GO-2022-0370: Websocket client connections are vulnerable to man-in-the-middle attacks via DNS spoofing. When looking up a WSS endpoint using a DNS TXT record, the server TLS certificate is incorrectly validated using the name of the server returned by the TXT record request, not the name of the the server being connected to. This permits any attacker that can spoof a DNS record to redirect the user to a server of their choosing. Providing a *tls.Config with a ServerName field set to the correct destination hostname will avoid this issue.

Jul 28, 2019 GO-2021-0321GO-2022-0370

  GO-2021-0321: An attacker capable of spoofing DNS TXT records can redirect a WebSocket connection request to a server under their control without causing TLS certificate verification to fail. This occurs because the wrong host name is selected during this verification.

  GO-2022-0370: Websocket client connections are vulnerable to man-in-the-middle attacks via DNS spoofing. When looking up a WSS endpoint using a DNS TXT record, the server TLS certificate is incorrectly validated using the name of the server returned by the TXT record request, not the name of the the server being connected to. This permits any attacker that can spoof a DNS record to redirect the user to a server of their choosing. Providing a *tls.Config with a ServerName field set to the correct destination hostname will avoid this issue.

Changes in this version

type Session

+ func (s *Session) Encode(v interface{}) error

+ func (s *Session) EncodeElement(v interface{}, start xml.StartElement) error

+ func (s *Session) TokenWriter() xmlstream.TokenWriteFlushCloser

Jul 18, 2019 GO-2021-0321GO-2022-0370

  GO-2021-0321: An attacker capable of spoofing DNS TXT records can redirect a WebSocket connection request to a server under their control without causing TLS certificate verification to fail. This occurs because the wrong host name is selected during this verification.

  GO-2022-0370: Websocket client connections are vulnerable to man-in-the-middle attacks via DNS spoofing. When looking up a WSS endpoint using a DNS TXT record, the server TLS certificate is incorrectly validated using the name of the server returned by the TXT record request, not the name of the the server being connected to. This permits any attacker that can spoof a DNS record to redirect the user to a server of their choosing. Providing a *tls.Config with a ServerName field set to the correct destination hostname will avoid this issue.

Changes in this version

type Session

+ func (s *Session) SendIQ(ctx context.Context, r xml.TokenReader) (xmlstream.TokenReadCloser, error)

+ func (s *Session) SendIQElement(ctx context.Context, payload xml.TokenReader, iq stanza.IQ) (xmlstream.TokenReadCloser, error)

Jun 22, 2019 GO-2021-0321GO-2022-0370

  GO-2021-0321: An attacker capable of spoofing DNS TXT records can redirect a WebSocket connection request to a server under their control without causing TLS certificate verification to fail. This occurs because the wrong host name is selected during this verification.

  GO-2022-0370: Websocket client connections are vulnerable to man-in-the-middle attacks via DNS spoofing. When looking up a WSS endpoint using a DNS TXT record, the server TLS certificate is incorrectly validated using the name of the server returned by the TXT record request, not the name of the the server being connected to. This permits any attacker that can spoof a DNS record to redirect the user to a server of their choosing. Providing a *tls.Config with a ServerName field set to the correct destination hostname will avoid this issue.

Jun 18, 2019 GO-2021-0321GO-2022-0370

  GO-2021-0321: An attacker capable of spoofing DNS TXT records can redirect a WebSocket connection request to a server under their control without causing TLS certificate verification to fail. This occurs because the wrong host name is selected during this verification.

  GO-2022-0370: Websocket client connections are vulnerable to man-in-the-middle attacks via DNS spoofing. When looking up a WSS endpoint using a DNS TXT record, the server TLS certificate is incorrectly validated using the name of the server returned by the TXT record request, not the name of the the server being connected to. This permits any attacker that can spoof a DNS record to redirect the user to a server of their choosing. Providing a *tls.Config with a ServerName field set to the correct destination hostname will avoid this issue.

Jun 11, 2019 GO-2021-0321GO-2022-0370

  GO-2021-0321: An attacker capable of spoofing DNS TXT records can redirect a WebSocket connection request to a server under their control without causing TLS certificate verification to fail. This occurs because the wrong host name is selected during this verification.

  GO-2022-0370: Websocket client connections are vulnerable to man-in-the-middle attacks via DNS spoofing. When looking up a WSS endpoint using a DNS TXT record, the server TLS certificate is incorrectly validated using the name of the server returned by the TXT record request, not the name of the the server being connected to. This permits any attacker that can spoof a DNS record to redirect the user to a server of their choosing. Providing a *tls.Config with a ServerName field set to the correct destination hostname will avoid this issue.

Aug 25, 2018 GO-2021-0321GO-2022-0370

  GO-2021-0321: An attacker capable of spoofing DNS TXT records can redirect a WebSocket connection request to a server under their control without causing TLS certificate verification to fail. This occurs because the wrong host name is selected during this verification.

  GO-2022-0370: Websocket client connections are vulnerable to man-in-the-middle attacks via DNS spoofing. When looking up a WSS endpoint using a DNS TXT record, the server TLS certificate is incorrectly validated using the name of the server returned by the TXT record request, not the name of the the server being connected to. This permits any attacker that can spoof a DNS record to redirect the user to a server of their choosing. Providing a *tls.Config with a ServerName field set to the correct destination hostname will avoid this issue.

Aug 22, 2018 GO-2021-0321GO-2022-0370

  GO-2021-0321: An attacker capable of spoofing DNS TXT records can redirect a WebSocket connection request to a server under their control without causing TLS certificate verification to fail. This occurs because the wrong host name is selected during this verification.

  GO-2022-0370: Websocket client connections are vulnerable to man-in-the-middle attacks via DNS spoofing. When looking up a WSS endpoint using a DNS TXT record, the server TLS certificate is incorrectly validated using the name of the server returned by the TXT record request, not the name of the the server being connected to. This permits any attacker that can spoof a DNS record to redirect the user to a server of their choosing. Providing a *tls.Config with a ServerName field set to the correct destination hostname will avoid this issue.

Changes in this version

type Session

+ func (s *Session) Send(ctx context.Context, r xml.TokenReader) (xmlstream.TokenReadCloser, error)

+ func (s *Session) SendElement(ctx context.Context, r xml.TokenReader, start xml.StartElement) (xmlstream.TokenReadCloser, error)

Aug 20, 2018 GO-2021-0321GO-2022-0370

  GO-2021-0321: An attacker capable of spoofing DNS TXT records can redirect a WebSocket connection request to a server under their control without causing TLS certificate verification to fail. This occurs because the wrong host name is selected during this verification.

  GO-2022-0370: Websocket client connections are vulnerable to man-in-the-middle attacks via DNS spoofing. When looking up a WSS endpoint using a DNS TXT record, the server TLS certificate is incorrectly validated using the name of the server returned by the TXT record request, not the name of the the server being connected to. This permits any attacker that can spoof a DNS record to redirect the user to a server of their choosing. Providing a *tls.Config with a ServerName field set to the correct destination hostname will avoid this issue.

Changes in this version

type Session

+ func (s *Session) SetCloseDeadline(t time.Time) error

Aug 19, 2018 GO-2021-0321GO-2022-0370

  GO-2021-0321: An attacker capable of spoofing DNS TXT records can redirect a WebSocket connection request to a server under their control without causing TLS certificate verification to fail. This occurs because the wrong host name is selected during this verification.

  GO-2022-0370: Websocket client connections are vulnerable to man-in-the-middle attacks via DNS spoofing. When looking up a WSS endpoint using a DNS TXT record, the server TLS certificate is incorrectly validated using the name of the server returned by the TXT record request, not the name of the the server being connected to. This permits any attacker that can spoof a DNS record to redirect the user to a server of their choosing. Providing a *tls.Config with a ServerName field set to the correct destination hostname will avoid this issue.

Aug 17, 2018 GO-2021-0321GO-2022-0370

  GO-2021-0321: An attacker capable of spoofing DNS TXT records can redirect a WebSocket connection request to a server under their control without causing TLS certificate verification to fail. This occurs because the wrong host name is selected during this verification.

  GO-2022-0370: Websocket client connections are vulnerable to man-in-the-middle attacks via DNS spoofing. When looking up a WSS endpoint using a DNS TXT record, the server TLS certificate is incorrectly validated using the name of the server returned by the TXT record request, not the name of the the server being connected to. This permits any attacker that can spoof a DNS record to redirect the user to a server of their choosing. Providing a *tls.Config with a ServerName field set to the correct destination hostname will avoid this issue.

Changes in this version

type StreamConfig

+ TeeIn io.Writer

+ TeeOut io.Writer

Aug 16, 2018 GO-2021-0321GO-2022-0370

  GO-2021-0321: An attacker capable of spoofing DNS TXT records can redirect a WebSocket connection request to a server under their control without causing TLS certificate verification to fail. This occurs because the wrong host name is selected during this verification.

  GO-2022-0370: Websocket client connections are vulnerable to man-in-the-middle attacks via DNS spoofing. When looking up a WSS endpoint using a DNS TXT record, the server TLS certificate is incorrectly validated using the name of the server returned by the TXT record request, not the name of the the server being connected to. This permits any attacker that can spoof a DNS record to redirect the user to a server of their choosing. Providing a *tls.Config with a ServerName field set to the correct destination hostname will avoid this issue.

Changes in this version

type Conn

+ func (c *Conn) Secure() bool

type Negotiator

+ func NewNegotiator(cfg StreamConfig) Negotiator

+ type StreamConfig struct

+ Features []StreamFeature

+ Lang string

+ S2S bool

Aug 6, 2018 GO-2021-0321GO-2022-0370

  GO-2021-0321: An attacker capable of spoofing DNS TXT records can redirect a WebSocket connection request to a server under their control without causing TLS certificate verification to fail. This occurs because the wrong host name is selected during this verification.

  GO-2022-0370: Websocket client connections are vulnerable to man-in-the-middle attacks via DNS spoofing. When looking up a WSS endpoint using a DNS TXT record, the server TLS certificate is incorrectly validated using the name of the server returned by the TXT record request, not the name of the the server being connected to. This permits any attacker that can spoof a DNS record to redirect the user to a server of their choosing. Providing a *tls.Config with a ServerName field set to the correct destination hostname will avoid this issue.

Changes in this version

type Dialer

+ NoTLS bool

+ Resolver *net.Resolver

+ TLSConfig *tls.Config

Aug 2, 2018 GO-2021-0321GO-2022-0370

  GO-2021-0321: An attacker capable of spoofing DNS TXT records can redirect a WebSocket connection request to a server under their control without causing TLS certificate verification to fail. This occurs because the wrong host name is selected during this verification.

  GO-2022-0370: Websocket client connections are vulnerable to man-in-the-middle attacks via DNS spoofing. When looking up a WSS endpoint using a DNS TXT record, the server TLS certificate is incorrectly validated using the name of the server returned by the TXT record request, not the name of the the server being connected to. This permits any attacker that can spoof a DNS record to redirect the user to a server of their choosing. Providing a *tls.Config with a ServerName field set to the correct destination hostname will avoid this issue.

Changes in this version

type Session

+ func DialClientSession(ctx context.Context, origin jid.JID, lang string, features ...StreamFeature) (*Session, error)

+ func DialServerSession(ctx context.Context, location, origin jid.JID, lang string, ...) (*Session, error)

Mar 1, 2018 GO-2021-0321GO-2022-0370

  GO-2021-0321: An attacker capable of spoofing DNS TXT records can redirect a WebSocket connection request to a server under their control without causing TLS certificate verification to fail. This occurs because the wrong host name is selected during this verification.

  GO-2022-0370: Websocket client connections are vulnerable to man-in-the-middle attacks via DNS spoofing. When looking up a WSS endpoint using a DNS TXT record, the server TLS certificate is incorrectly validated using the name of the server returned by the TXT record request, not the name of the the server being connected to. This permits any attacker that can spoof a DNS record to redirect the user to a server of their choosing. Providing a *tls.Config with a ServerName field set to the correct destination hostname will avoid this issue.

Changes in this version

+ var ErrInputStreamClosed = errors.New("xmpp: attempted to read token from closed stream")

+ var ErrOutputStreamClosed = errors.New("xmpp: attempted to write token to closed stream")

Oct 7, 2017 GO-2021-0321GO-2022-0370

  GO-2021-0321: An attacker capable of spoofing DNS TXT records can redirect a WebSocket connection request to a server under their control without causing TLS certificate verification to fail. This occurs because the wrong host name is selected during this verification.

  GO-2022-0370: Websocket client connections are vulnerable to man-in-the-middle attacks via DNS spoofing. When looking up a WSS endpoint using a DNS TXT record, the server TLS certificate is incorrectly validated using the name of the server returned by the TXT record request, not the name of the the server being connected to. This permits any attacker that can spoof a DNS record to redirect the user to a server of their choosing. Providing a *tls.Config with a ServerName field set to the correct destination hostname will avoid this issue.

Changes in this version

type Conn

+ func (c *Conn) Close() error

+ func (c *Conn) ConnectionState() (connState tls.ConnectionState, ok bool)

+ func (c *Conn) LocalAddr() net.Addr

+ func (c *Conn) Read(b []byte) (n int, err error)

+ func (c *Conn) RemoteAddr() net.Addr

+ func (c *Conn) SetDeadline(t time.Time) error

+ func (c *Conn) SetReadDeadline(t time.Time) error

+ func (c *Conn) SetWriteDeadline(t time.Time) error

+ func (c *Conn) Write(b []byte) (int, error)

type Session

+ func NewClientSession(ctx context.Context, origin *jid.JID, lang string, rw io.ReadWriter, ...) (*Session, error)

+ func NewServerSession(ctx context.Context, location, origin *jid.JID, lang string, rw io.ReadWriter, ...) (*Session, error)

+ func (s *Session) EncodeToken(t xml.Token) error

+ func (s *Session) Flush() error

Oct 2, 2017 GO-2021-0321GO-2022-0370

  GO-2021-0321: An attacker capable of spoofing DNS TXT records can redirect a WebSocket connection request to a server under their control without causing TLS certificate verification to fail. This occurs because the wrong host name is selected during this verification.

  GO-2022-0370: Websocket client connections are vulnerable to man-in-the-middle attacks via DNS spoofing. When looking up a WSS endpoint using a DNS TXT record, the server TLS certificate is incorrectly validated using the name of the server returned by the TXT record request, not the name of the the server being connected to. This permits any attacker that can spoof a DNS record to redirect the user to a server of their choosing. Providing a *tls.Config with a ServerName field set to the correct destination hostname will avoid this issue.

Changes in this version

type Session

+ func (s *Session) Token() (xml.Token, error)

Sep 24, 2017 GO-2021-0321GO-2022-0370

  GO-2021-0321: An attacker capable of spoofing DNS TXT records can redirect a WebSocket connection request to a server under their control without causing TLS certificate verification to fail. This occurs because the wrong host name is selected during this verification.

  GO-2022-0370: Websocket client connections are vulnerable to man-in-the-middle attacks via DNS spoofing. When looking up a WSS endpoint using a DNS TXT record, the server TLS certificate is incorrectly validated using the name of the server returned by the TXT record request, not the name of the the server being connected to. This permits any attacker that can spoof a DNS record to redirect the user to a server of their choosing. Providing a *tls.Config with a ServerName field set to the correct destination hostname will avoid this issue.

Changes in this version

+ var ErrTLSUpgradeFailed = errors.New("The underlying connection cannot be upgraded to TLS")

+ type Config struct

+ Features map[xml.Name]StreamFeature

+ Identity string

+ Lang language.Tag

+ Location *jid.JID

+ Origin *jid.JID

+ Password string

+ S2S bool

+ TLSConfig *tls.Config

+ Version internal.Version

+ func NewClientConfig(origin *jid.JID, features ...StreamFeature) (c *Config)

+ func NewServerConfig(location, origin *jid.JID, features ...StreamFeature) (c *Config)

+ type Conn net.Conn

+ func DialClient(ctx context.Context, network string, addr *jid.JID) (Conn, error)

+ func DialServer(ctx context.Context, network string, addr *jid.JID) (Conn, error)

+ type Dialer struct

+ NoLookup bool

+ S2S bool

+ func (d *Dialer) Dial(ctx context.Context, network string, addr *jid.JID) (Conn, error)

+ type Handler interface

+ HandleXMPP func(s *Session, start *xml.StartElement) error

+ type HandlerFunc func(s *Session, start *xml.StartElement) error

+ func (f HandlerFunc) HandleXMPP(s *Session, start *xml.StartElement) error

+ type Negotiator func(ctx context.Context, session *Session, data interface{}) (mask SessionState, rw io.ReadWriter, cache interface{}, err error)

+ type Session struct

+ func NegotiateSession(ctx context.Context, config *Config, rw io.ReadWriter, negotiate Negotiator) (*Session, error)

+ func NewSession(ctx context.Context, config *Config, rw io.ReadWriter) (*Session, error)

+ func (s *Session) Close() (err error)

+ func (s *Session) Config() *Config

+ func (s *Session) Conn() io.ReadWriter

+ func (s *Session) Encoder() *xml.Encoder

+ func (s *Session) Feature(namespace string) (data interface{}, ok bool)

+ func (s *Session) LocalAddr() *jid.JID

+ func (s *Session) RemoteAddr() *jid.JID

+ func (s *Session) Serve(handler Handler) error

+ func (s *Session) State() SessionState

+ func (s *Session) TokenReader() xmlstream.TokenReader

+ type SessionState uint8

+ const Authn

+ const InputStreamClosed

+ const OutputStreamClosed

+ const Ready

+ const Received

+ const Secure

+ type StreamFeature struct

+ List func(ctx context.Context, e *xml.Encoder, start xml.StartElement) (req bool, err error)

+ Name xml.Name

+ Necessary SessionState

+ Negotiate func(ctx context.Context, session *Session, data interface{}) (mask SessionState, rw io.ReadWriter, err error)

+ Parse func(ctx context.Context, r xmlstream.TokenReader, start *xml.StartElement) (req bool, data interface{}, err error)

+ Prohibited SessionState

+ func BindCustom(server func(*jid.JID, string) (*jid.JID, error)) StreamFeature

+ func BindResource() StreamFeature

+ func SASL(mechanisms ...sasl.Mechanism) StreamFeature

+ func StartTLS(required bool) StreamFeature