Adium always generates HTML even when there is no formatting requested by the user (enclosing text in <FONT> and adding in <BR> tags). This is a bit annoying to read, so could xmpp-client remove them? I'd be fine if they were just stripped (replacing with the empty string or space as appropriate) but maybe some processing would be OK to the extent that a terminal can safely support.

In ui.go, there is a typo in an info-level message to the user, where it reads "Status updated enabled", when it probably should read, "Status updates enabled".

(12:15AM) Failed to resolve XMPP server: lookup _xmpp-client._tcp.jabber.ccc.de on 192.168.1.254:53: no such host

I'm not using Tor or any proxies etc.

Hi, Riseup changed their hidden service address:
https://help.riseup.net/en/security/network-security/tor#riseups-tor-hidden-services

After selecting "Use Tor" in the initial configuration with a Riseup email address, xmpp-client tried to connect to: ztmc4p37hvues222.onion, which is no longer Riseup's hidden service xmpp gateway. It's now: 4cjw6cwpeaeppfqz.onion.

https://help.riseup.net/en/security/network-security/tor#riseups-tor-hidden-services

It would be an nice thing to have Desktop notifications.

Problems would mostly be the cross-platform-compability, I guess.

This could maybe be solved by having a "turn notifications on or off"-switch in the config file and the possibility to add an specific shell command for notifications.

Tails 1.3RC, go 1.3.3.
Installation as in the readme give the following error messages

...
amnesia@amnesia:$ export GOPATH=/home/amnesia/Persistent/go/
amnesia@amnesia:$ go get github.com/agl/xmpp-client
package github.com/agl/xmpp-client
imports github.com/agl/xmpp
imports golang.org/x/crypto/otr: unrecognized import path "golang.org/x/crypto/otr"
package github.com/agl/xmpp-client
imports github.com/agl/xmpp
imports golang.org/x/crypto/ssh/terminal: unrecognized import path "golang.org/x/crypto/ssh/terminal"
package github.com/agl/xmpp-client
imports github.com/agl/xmpp
imports golang.org/x/net/html: unrecognized import path "golang.org/x/net/html"
package github.com/agl/xmpp-client
imports github.com/agl/xmpp
imports golang.org/x/net/proxy: unrecognized import path "golang.org/x/net/proxy"

The setEqual function in ui.go has a bug. Basically, the labeled break should be a labeled continue.

Here's a test case that shows the breakage:
http://play.golang.org/p/3vqIJINTt_

As I recently updated/reinstalled xmpp-client, my roster --online output stopped returning my contacts in alphabetic order but it appears they're ordered by date I added them as buddies. I looked at recent commit history and haven't found anything particular related to this.

Is this intentional or might it be unrelated to xmpp-client?

Instead of putting everything (all chats, status changes) in one long scroll, support a "window" or "tab" convention like IRSSI, or Pidgin, where each conversation occupies its own conceptual space, and it is possible to navigate between these windows/tabs/panes/contexts/whatever-other-word-seems-sensible.

lock in the versions of the packages you depend on by using godep. https://github.com/tools/godep

Using godeps seems especially important in terms of being able to try historical versions of xmpp-client without the need to sift through various git commit logs to see compatible revisions of xmpp versus xmpp-client...

As the subject says it would be nice to see which cipher suite the client and server agreed upon.

I just had my first-ever xmpp-client crash. Prior to crashing I'd had one OTR conversation, which the other party ended, and then a number of presence messages. Server is jabber.ccc.de.

panic: runtime error: slice bounds out of range

goroutine 22 [running]:
runtime.panic(0x826a860, 0x83e4aef)
    /usr/lib/go/src/pkg/runtime/panic.c:279 +0xe9
code.google.com/p/go.crypto/ssh/terminal.(*Terminal).writeLine(0x18610340, 0x1864b130, 0x1, 0x2a)
    /home/amnesia/Persistent/go/src/code.google.com/p/go.crypto/ssh/terminal/terminal.go:565 +0x24c
code.google.com/p/go.crypto/ssh/terminal.(*Terminal).handleKey(0x18610340, 0x20, 0x0, 0x0, 0x18610300)
    /home/amnesia/Persistent/go/src/code.google.com/p/go.crypto/ssh/terminal/terminal.go:550 +0x7ea
code.google.com/p/go.crypto/ssh/terminal.(*Terminal).readLine(0x18610340, 0x0, 0x0, 0x0, 0x0)
    /home/amnesia/Persistent/go/src/code.google.com/p/go.crypto/ssh/terminal/terminal.go:665 +0x4a4
code.google.com/p/go.crypto/ssh/terminal.(*Terminal).ReadLine(0x18610340, 0x0, 0x0, 0x0, 0x0)
    /home/amnesia/Persistent/go/src/code.google.com/p/go.crypto/ssh/terminal/terminal.go:639 +0xab
main.(*Input).ProcessCommands(0x18646d9c, 0x187bbe30)
    /home/amnesia/Persistent/go/src/github.com/agl/xmpp-client/input.go:358 +0x19a
created by main.main
    /home/amnesia/Persistent/go/src/github.com/agl/xmpp-client/ui.go:371 +0x1680

goroutine 16 [select]:
main.main()
    /home/amnesia/Persistent/go/src/github.com/agl/xmpp-client/ui.go:385 +0x52a3

goroutine 19 [finalizer wait, 18 minutes]:
runtime.park(0x806ebc0, 0x83e7444, 0x83e67e9)
    /usr/lib/go/src/pkg/runtime/proc.c:1369 +0x94
runtime.parkunlock(0x83e7444, 0x83e67e9)
    /usr/lib/go/src/pkg/runtime/proc.c:1385 +0x3f
runfinq()
    /usr/lib/go/src/pkg/runtime/mgc0.c:2644 +0xc5
runtime.goexit()
    /usr/lib/go/src/pkg/runtime/proc.c:1445

goroutine 20 [syscall]:
os/signal.loop()
    /usr/lib/go/src/pkg/os/signal/signal_unix.go:21 +0x24
created by os/signal.init·1
    /usr/lib/go/src/pkg/os/signal/signal_unix.go:27 +0x37

goroutine 21 [chan receive]:
main.func·002()
    /home/amnesia/Persistent/go/src/github.com/agl/xmpp-client/ui.go:200 +0x5b
created by main.main
    /home/amnesia/Persistent/go/src/github.com/agl/xmpp-client/ui.go:203 +0x2a6

goroutine 23 [IO wait, 6 minutes]:
net.runtime_pollWait(0xb7549478, 0x72, 0x0)
    /usr/lib/go/src/pkg/runtime/netpoll.goc:146 +0x62
net.(*pollDesc).Wait(0x1863e5b8, 0x72, 0x0, 0x0)
    /usr/lib/go/src/pkg/net/fd_poll_runtime.go:84 +0x48
net.(*pollDesc).WaitRead(0x1863e5b8, 0x0, 0x0)
    /usr/lib/go/src/pkg/net/fd_poll_runtime.go:89 +0x46
net.(*netFD).Read(0x1863e580, 0x18854000, 0x8000, 0x8000, 0x0, 0xb7548218, 0xb)
    /usr/lib/go/src/pkg/net/fd_unix.go:242 +0x28d
net.(*conn).Read(0x1860e2c0, 0x18854000, 0x8000, 0x8000, 0x0, 0x0, 0x0)
    /usr/lib/go/src/pkg/net/net.go:122 +0xc6
crypto/tls.(*block).readFromUntil(0x1869a0c0, 0xb75494e8, 0x1860e2c0, 0x5, 0x0, 0x0)
    /usr/lib/go/src/pkg/crypto/tls/conn.go:451 +0xb0
crypto/tls.(*Conn).readRecord(0x18694180, 0x17, 0x0, 0x0)
    /usr/lib/go/src/pkg/crypto/tls/conn.go:536 +0x1be
crypto/tls.(*Conn).Read(0x18694180, 0x18617000, 0x1000, 0x1000, 0x0, 0x0, 0x0)
    /usr/lib/go/src/pkg/crypto/tls/conn.go:901 +0x140
bufio.(*Reader).fill(0x187bb770)
    /usr/lib/go/src/pkg/bufio/bufio.go:97 +0x14c
bufio.(*Reader).ReadByte(0x187bb770, 0xb747008c, 0x0, 0x0)
    /usr/lib/go/src/pkg/bufio/bufio.go:199 +0x75
encoding/xml.(*Decoder).getc(0x18676c00, 0xb747dc8c)
    /usr/lib/go/src/pkg/encoding/xml/xml.go:851 +0x8d
encoding/xml.(*Decoder).rawToken(0x18676c00, 0x0, 0x0, 0x0, 0x0)
    /usr/lib/go/src/pkg/encoding/xml/xml.go:511 +0x12d
encoding/xml.(*Decoder).Token(0x18676c00, 0x0, 0x0, 0x0, 0x0)
    /usr/lib/go/src/pkg/encoding/xml/xml.go:246 +0x688
github.com/agl/xmpp.nextStart(0x18676c00, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
    /home/amnesia/Persistent/go/src/github.com/agl/xmpp/xmpp.go:627 +0x6a
github.com/agl/xmpp.next(0x1861bb90, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
    /home/amnesia/Persistent/go/src/github.com/agl/xmpp/xmpp.go:800 +0x89
github.com/agl/xmpp.(*Conn).Next(0x1861bb90, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
    /home/amnesia/Persistent/go/src/github.com/agl/xmpp/xmpp.go:102 +0x6a
main.(*Session).readMessages(0x18646d80, 0x187bbe60)
    /home/amnesia/Persistent/go/src/github.com/agl/xmpp-client/ui.go:170 +0x4e
created by main.main
    /home/amnesia/Persistent/go/src/github.com/agl/xmpp-client/ui.go:374 +0x16ca

It would be useful if we could use xmpp-client to register a new jabber id.

src/github.com/agl/xmpp-client/ui.go:141: undefined: terminal.MakeRaw
src/github.com/agl/xmpp-client/ui.go:145: undefined: terminal.Restore
src/github.com/agl/xmpp-client/ui.go:147: undefined: terminal.GetSize

It obviously has something to do with code.google.com/p/go.crypto/ssh/terminal, termios, syscall, etc. Unfortunately that's way beyond my knowledge.
Maybe some parts of https://github.com/nsf/termbox-go could be helpful? E.g. syscalls_darwin_amd64.go

I have just the questions if there is the idea or intention to support MUC in the future.

This is probably not the case because MUC is not really encryptable and the project goal here is to have a privacy aware cool xmpp-client I guess.

I'd be interested in auto reconnection logic. Would this be useful to anyone else?

I get several disconnects per day due to laptop sleeping/resuming and changing network interfaces.

xmpp-client output after disconnection:

* (11:15AM) EOF
* (11:15AM) Exiting because channel to server closed

It looks like the password already remains in memory during the entire session:

Would support for XEP-0280 something you would consider?

It has some potential problems with OTR. but those can be fixed as well

Also something to consider would be XEP-0313

Using home/end with the intent of navigating back and forth through the stanza being composed do not work. It also seems that using home or end then trying to insert a character rather than following with an arrow key cause xmpp-client to hang.

Per https://www.calyxinstitute.org/projects/public_jabber_xmpp_server we see that Calyx now runs a Tor Hidden Service for their Jabber service.

I've attached a quick patch to add the HS to the client:

cat 0001-Add-jabber.calyxinstitute.org-Tor-HS.patch
From ff73f9ac6052c385630445285484341a22e45d65 Mon Sep 17 00:00:00 2001
From: Jacob Appelbaum <[email protected]>
Date: Wed, 5 Feb 2014 15:43:12 +0000
Subject: [PATCH] Add jabber.calyxinstitute.org Tor HS

---
 config.go | 1 +
 1 file changed, 1 insertion(+)

diff --git a/config.go b/config.go
index c4b4ade..e097b68 100644
--- a/config.go
+++ b/config.go
@@ -188,6 +188,7 @@ func enroll(config *Config, term *terminal.Terminal) bool {
    knownTorDomain := map[string]string{
        "jabber.ccc.de": "okj7xc6j2szr2y75.onion",
        "riseup.net":    "ztmc4p37hvues222.onion",
+       "jabber.calyxinstitute.org": "ijeeynrc6x2uy5ob.onion",
    }

    // Autoconfigure well known Tor hidden services.
-- 
1.8.5.3

... like a terminal.

I'm using go1.4.2 darwin/amd64.

 * (10:49PM) Making TCP connection to jabberd.jabber.ccc.de.:5222
 * (10:49PM) Starting TLS handshake
 * (10:49PM) SSL/TLS version: TLS 1.2
 * (10:49PM) Cipher suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
 * (10:49PM) Failed to connect to XMPP server: xmpp: failed to verify TLS certificate: x509: certificate signed by unknown authority (possibly because of "x509: cannot verify signature: algorithm unimplemented" while trying to verify candidate authority certificate "CA Cert Signing Authority")

Ideas?

(This is again a go.crypto/ssh/terminal limitation, but I will put this here because I find it a problem only regarding xmpp-client.)

Terminal input currently is ASCII only. My äöü and ß keys are just dead. This is not a big problem for german text, but certainly for most non-european languages.

• (3:57PM) Unknown IQ: jabber:iq:last query
• (3:57PM) Unknown IQ: urn:xmpp:time time

I have no idea what these mean. Are they normal?

Hello,
I've tried the following steps accourting your installation

1. sudo apt-get install git golang mercurial
2. export GOPATH=$HOME/go
3. go get github.com/agl/xmpp-client

I've expected that deh programm will be downloaded an executet at the 3rd Step. But I've got the following Message:

# github.com/agl/xmpp-client/xmpp
go/src/github.com/agl/xmpp-client/xmpp/xmpp.go:455: tlsState.Version undefined (type tls.ConnectionState has no field or method Version)

Maybe I've missed something, could you say what I'm doing wrong.

I'm using go in the version go1.2.1 linux/386

According to otr.go, SMPFailed will be returned when the shared-secret authentication fails, but this is not handled by xmpp-client. As a result, I think that if the wrong /otr-auth secret is given, authentication will just fail silently.

has anyone tested xmpp-client in qubes besides me?

using go1.4.2 in a fedora 20 qube, i built and installed xmpp-client. i get a failure to connect to jabber.ccc.de; one of these:

x509: certificate signed by unknown authority (possibly because of "x509: connot verify signature: algorithm unimplemented" while trying to verify candidate authority certificate "CA Cert Signing Authority")

there must be an easy solution to this... such as yum installing a package with crypto libraries that make this work?

Currently, when I want to look back through what's been said, I have to use the buffer-navigation capabilities of my terminal. xmpp-client can probably do this much better.

MIT, ISC, BSD, DWTFPL, Apache, GPL, djb rant instead of license, public domain?

None of the above?

While speaking with someone from the Freedom of the Press foundation who expressed the desire for an xmpp-client GUI (to better facilitate journalists in moving away from using Pidgin), I was looking into the structural feasibility of adding UI hooks (for your gogtk package used in Pond) to xmpp-client.

Bored with looking at code and not playing with it, and inspired by @leif's patch to add the JID of the current contact being spoken to in the prompt, I added support for changing the colour of that JID based on the OTR encrypted/unencrypted state of that conversation.

Personally, I'm terrified, after some messages leaked, unencrypted, to a contact I wasn't currently speaking to (near identical JIDs plus janky TAB key, #FTL) to turn off "Always Encrypt": true. @leif's patch helps significantly to be sure that I'm speaking to the correct person, and I'd be more comfortable disabling "Always Encrypt" if I were always kept informed of the current OTR state of the current conversation.

I apologise for dumping completely unsolicited patches on you. If this feature isn't desired, you should feel free to close this issue, and I am happy to just keep these patches as my own thing.

In chat sessions with Gibberbot after ending one OTR session and starting a second one, I get the error:

* (6:39PM) While processing message from xxx: otr: peer requested keyid 1 when I'm on 5

All later OTR sessions produce a similar error (with bigger keyid on the xmpp-client side).

The OTRv2 spec says:

When starting a private conversation with a correspondent, generate two DH key pairs for yourself, and set our_keyid = 2.

My interpretation would be that Gibberbot is right and we should start a second AKE with theirKeyId and myKeyId=2. On the other hand, I don't have any problems in sessions with the somewhat authoritative Pidgin-OTR and other clients, so I wonder if this is really the intended interpretation.

I am not necessarily asking for a patch here; if somebody more knowledgeable about OTR could indicate how this should be fixed, I could probably do it myself.

It would be quite swell if we could manually pin a server's TLS cert fingerprint and bypass CA chain verification.

This would be particularly useful for those of us using self-signed certs who distribute the the fingerprints through a secure back channel.

Would you be opposed to this feature? I figured I'd ask before writing any code.

It appears that contacts' OTR keys can only be marked as verified via /otr-auth and /otr-authqa, neither of which allows me to tell xmpp-client that I've manually verified the fingerprint out-of-band.

I am not familiar with this portion of the XMPP protocol, but this urn:ietf:params:xml:ns:xmpp-streams Stream Error occurred for me recently, which correctly caused xmpp-client to SIGTERM and disconnect from the server immediately (XMPP Stream Errors are unrecoverable). If parsing the XML to see if there is an error message is considered acceptable, it might be a bit more informative to the user to know more about what went wrong, rather than what I saw:

 * (8:25PM) {http://etherx.jabber.org/streams error} &{{http://etherx.jabber.org/streams error} {urn:ietf:params:xml:ns:xmpp-streams system-shutdown} Received SIGTERM}
 * (8:25PM) EOF
 * (8:25PM) Exiting because channel to server closed

This was from a build of 4f8a025e481ee8776a19e37425615bebffa1af3f.

Why is this broken? Is it because it cannot check the certificate for a CN which has an onion address... and strict CA checking is turned on now by default?

I noticed that if you try to install this client after installing golang through apt, then you run into this error:

code.google.com/p/go.crypto/ssh/terminal

/usr/lib/go/src/pkg/code.google.com/p/go.crypto/ssh/terminal/terminal.go:517: function ends without a return statement

Another open issue points out that it's a problem with the version of go that comes in the default packages. You need 1.1 or higher.

There are obviously other ways to get 1.1 or higher, but I did it by building go from source.

Well anyway, here's all of the steps I followed to get xmpp-client working. I hope someone else finds them helpful too.

$ cd /usr/lib
$ hg clone -u release https://code.google.com/p/go
$ cd go/src
$ ./all.bash
$ cd ~
$ mkdir go
$ cd go
$ vi golangenv.sh
paste this into the file and save:
export PATH=$PATH:/usr/local/bin
export GOPATH=$HOME/go
export PATH=$PATH:$GOPATH/bin
$ chmod +x golangenv.sh
$ source golangenv.sh
$ go get github.com/agl/xmpp-client
$ xmpp-client

Then to run in the future, just:
$ cd ~/go
$ source golangenv.sh
$ xmpp-client

You can also put the environment variables in ~/.pam_environment and then logout and relogin, but I'm finding it a little annoying to keep track of all the environment variables golang projects need, so I'm just using a small script instead.

I was about to create a homebrew for xmpp-client but then I noticed that I'm unable to use xmpp-client with either the golang builds in homebrew or with the official signed golang packages.

Here is the error:

go get -v github.com/agl/xmpp-client
github.com/agl/xmpp-client (download)
code.google.com/p/go.crypto (download)
code.google.com/p/go.net (download)
github.com/agl/xmpp (download)
code.google.com/p/go.crypto/otr
code.google.com/p/go.crypto/ssh/terminal
code.google.com/p/go.net/proxy
github.com/agl/xmpp

code.google.com/p/go.crypto/ssh/terminal

/usr/local/Cellar/go/1.0.3/src/pkg/code.google.com/p/go.crypto/ssh/terminal/util.go:27: undefined: syscall.Termios

I've got a hyper-paranoid as hell friend (his name is @leif ) using your client. I'm using Pidgin with OTR on my laptop through Debian and Xabber on my Android device with OTR disabled because OTRs multi-client design is completely messed up and no one implements it right. Your client on Leif's machine initiated OTR with my Pidgin client but then any new actually containing content messages from Leif got directed to Xabber on my Android device as pure OTR vomit. The only way I was able to get the messages over into Pidgin was to kill the client on my Android device.

My friend Leif is obnoxiously paranoid, could you please fix this before I fly to Berlin and punch him in the face for inconveniencing all of his friends through is hyper-paranoid-tin-foil-hat-annoying-as-fuck-hacker-fanboy-mannerisms? Hopefully now that I've totally de-anonymised him he'll drop by here and provide more info to this bug. Thanks!

Hi,

I'm pretty certain that in the past I was asked for the passphrase explicitly. Today I rebuild xmpp-client on two computers and on both the behaviour changed to "> " (and nothing more) after launching (which seems to translate to "please enter passphrase").

Are there dependencies missing, did they change or what happened to "Please enter passphrase"?

Sincerely,

Malte

I recently tried to bootstrap xmpp-client on a Debian 7.1 machine:

go get -v github.com/agl/xmpp-client
code.google.com/p/go.crypto (download)
code.google.com/p/go.net (download)
code.google.com/p/go.crypto/otr
code.google.com/p/go.crypto/ssh/terminal
# code.google.com/p/go.crypto/ssh/terminal
Documents/src/go/src/code.google.com/p/go.crypto/ssh/terminal/terminal.go:517: function ends without a return statement
code.google.com/p/go.net/proxy
github.com/agl/xmpp
# github.com/agl/xmpp
Documents/src/go/src/github.com/agl/xmpp/xmpp.go:70: function ends without a return statement
Documents/src/go/src/github.com/agl/xmpp/xmpp.go:536: function ends without a return statement

Is this a known issue?

After a user account has been removed with /rosteredit && /rostereditdone, a corresponding otr-fingerprint remains in the config file.

With a large roster and few messages, it can become rather challenging to find actually communiques among notes that so-and-so has signed on or off or whatnot.

It would be great to be able to use common keybindings to navigate the current input line. E.g. ^W to delete a word, ^H to delete a character etc etc. I use them without thinking, currently without the intended effect :-)

66161b1 still works, current version gives an "EOF" on or directly after starting the TLS negotiation (more complete error message when I'm back on the upgraded/defunct machine).

I know too many people for /roster to be useful for me. Rather than trim my roster, some sort of support for only showing a subset of the roster would be nice.

Hitting tab repeatedly cycles through contacts, changing the recipient of the next message. This leads to a hilarious/disastrous failure mode when you paste tab-indented text, such as source code (without using /paste mode): different lines are sent to different people, depending on the indentation level of each line.

Perhaps pasting could be detected similarly to the way irssi does it?

Start xmpp-client in e.g. the Gnome Terminal, type in your passwort and press the up arrow after login finished. You can see your passwort in plaintext.

We should add a few new domains that have Tor Hidden Services.

http://jabber.s7t.de / jabberip5hpbrafx.onion according to https://twitter.com/ManiacTwister/status/555759240875606016
securejabber.me / giyvshdnojeivkom.onion according to https://securejabber.me/
wtfismyip.com / ofkztxcohimx34la.onion according to https://wtfismyip.com/jabber/
so36.net / s4fgy24e2b5weqdb.onion according to https://so36.net/services/xmpp/
jabber.ipredator.se / 3iffdebkzzkpgipa.onion according to https://www.ipredator.se/page/services#service_jabber
gabbler.de / gabbler7m74gkjci.onion according to http://www.gabbler.de/
jabber.autistici.org / wi7qkxyrdpu5cmvr.onion according to http://www.autistici.org/en/stuff/man_anon/tor.html

If somone could verify all of the above, I think one commit per domain would make sense - I have prepared a patch:

diff --git a/config.go b/config.go
index 40581b2..cadb2ba 100644
--- a/config.go
+++ b/config.go
@@ -190,6 +190,20 @@ func enroll(config *Config, term *terminal.Terminal) bool {
                "riseup.net":                "4cjw6cwpeaeppfqz.onion",
                "jabber.calyxinstitute.org": "ijeeynrc6x2uy5ob.onion",
                "jabber.otr.im":             "5rgdtlawqkcplz75.onion",
+               // https://twitter.com/ManiacTwister/status/555759240875606016
+               "jabber.s7t.de":             "jabberip5hpbrafx.onion",
+                // https://securejabber.me/
+               "securejabber.me":           "giyvshdnojeivkom.onion",
+               // https://wtfismyip.com/jabber/
+               "wtfismyip.com":             "ofkztxcohimx34la.onion",
+               // https://so36.net/services/xmpp/
+               "so36.net":                  "s4fgy24e2b5weqdb.onion",
+               // https://www.ipredator.se/page/services#service_jabber
+               "jabber.ipredator.se":       "3iffdebkzzkpgipa.onion",
+               // http://www.gabbler.de/
+               "gabbler.de":                "gabbler7m74gkjci.onion",
+               // http://www.autistici.org/en/stuff/man_anon/tor.html
+               "jabber.autistici.org":      "wi7qkxyrdpu5cmvr.onion",
        }

        // Autoconfigure well known Tor hidden services.

I would like someone else can sign of on my research above. @agl - do you want one pull with a commit per domain or one commit for everything?

I propose that we add a new jabber server with Tor HS:

jabber.otr.im -> 5rgdtlawqkcplz75.onion ( Documented here: https://otr.im/chat.html )

It appears that as an example, Pidgin will complain when connecting to jabber.ccc.de or jabber.calyxinstitute.org - their respective .onion is not a proper SAN for either service.

Is this a reasonable thing to do? Should we assume that the name that matters is the name included in the user ID and that the .onion doesn't matter at all?

How are we feeling about SSL/TLS cert verification in xmpp-client generally? What improvements might be useful?