gajim issueshttps://dev.gajim.org/gajim/gajim/-/issues2023-05-05T20:53:34Zhttps://dev.gajim.org/gajim/gajim/-/issues/11452AccountWizard: Proxy setting not honored2023-05-05T20:53:34ZkalikoAccountWizard: Proxy setting not honored## Versions
- OS: windows (Portable install)
- Gajim version: 1.7.2
- GTK version:
- Python-nbxmpp version:
## Steps to reproduce the problem
1. Set a global HTTP proxy (no auth)
1. Select the proxy
1. Register a new a...## Versions
- OS: windows (Portable install)
- Gajim version: 1.7.2
- GTK version:
- Python-nbxmpp version:
## Steps to reproduce the problem
1. Set a global HTTP proxy (no auth)
1. Select the proxy
1. Register a new account on a server with xep-0156 HTTP Lookup Method
## Expected behavior
Connect with xep-0156 HTTP Lookup Method using a proxy.
## Actual behavior
From the log (cf. attached) I can see nbxmpp.http is creating requests for two http resources (`updates.json` and `package_index.json`), these requests succeed.
Then I add my account and the request on the `.well-known/host-meta` clearly fails on a timeout.
I can confirm that going through the proxy to fetch this resource is working fine outside gajim.
I had to set a proxy explicitly because I think gajim is not grabbing system exposed proxy (env. var.).
At least, when I set the proxy in gajim I can see some http requests going through (updates and package_index).
[gajim.log](/uploads/a87c305b371a36cb96e2768211a47147/gajim.log)1.8.0https://dev.gajim.org/gajim/gajim/-/issues/7805ACE value "file_transfer_proxies" doesn't seem to work properly2018-07-02T17:29:01ZanonymousACE value "file_transfer_proxies" doesn't seem to work properly# Bug description
Proxying file transfer isn't working.
XML log: https://conference.gajim.org:5281/pastebin/d7182305-1458-4ed7-9db2-e43581653915
# Steps to reproduce
Use Gajim via Tor and try to send a file through a proxy server.
# ...# Bug description
Proxying file transfer isn't working.
XML log: https://conference.gajim.org:5281/pastebin/d7182305-1458-4ed7-9db2-e43581653915
# Steps to reproduce
Use Gajim via Tor and try to send a file through a proxy server.
# Software versions
OS version: Fedora / Gajim 0.15.3
GTK version: n/a
PyGTK version: n/aPatches Welcomehttps://dev.gajim.org/gajim/gajim/-/issues/11276Add ACE setting for opening file uris2022-11-05T21:25:53ZPhilipp Höristphilipp@hoerist.comAdd ACE setting for opening file urisFile uris not be opened by default, this can be a security riskFile uris not be opened by default, this can be a security riskhttps://dev.gajim.org/gajim/gajim/-/issues/9794Client-side only contacts names2022-12-30T10:21:39ZMarcin MielniczukClient-side only contacts namesAs of 1.1.3, if the contact name is set, it's automatically synchronized with the server. For privacy reasons one may prefer to keep the contact names locally (only on the client side).As of 1.1.3, if the contact name is set, it's automatically synchronized with the server. For privacy reasons one may prefer to keep the contact names locally (only on the client side).https://dev.gajim.org/gajim/gajim/-/issues/9573Connecting to an onion service leaks DNS requests to clearnet2019-03-16T15:19:53ZGhost UserConnecting to an onion service leaks DNS requests to clearnetUpon connecting to any .onion account/server the client performs a DNS lookup for _xmppconnect.[...].onion which leaks the requested onion service to the users DNS resolver and its upstreams.
You can watch this happen by running `sudo t...Upon connecting to any .onion account/server the client performs a DNS lookup for _xmppconnect.[...].onion which leaks the requested onion service to the users DNS resolver and its upstreams.
You can watch this happen by running `sudo tcpdump udp port 53 -vv -X` in any terminal window and then connecting to any (valid or not) .onion.
I don't python, but a patch like the following should fix the issue
```patch
diff --git a/gajim/common/connection.py b/gajim/common/connection.py
index 571e00d30..90b0bafd0 100644
--- a/gajim/common/connection.py
+++ b/gajim/common/connection.py
@@ -1078,12 +1078,16 @@ class Connection(CommonConnection, ConnectionHandlers):
h = hostname
p = 5222
ssl_p = 5223
+ use_txt = True
if use_custom:
h = custom_h
p = custom_p
ssl_p = custom_p
if not self.redirected:
use_srv = False
+ if h.endswith('.onion'):
+ use_srv = False
+ use_txt = False
self.redirected = None
# SRV resolver
@@ -1095,7 +1099,7 @@ class Connection(CommonConnection, ConnectionHandlers):
]
self._hostname = hostname
- if h:
+ if h and use_txt:
app.resolver.resolve('_xmppconnect.' + helpers.idn_to_ascii(h),
self._on_resolve_txt, type_='txt')
```https://dev.gajim.org/gajim/gajim/-/issues/8771Connection fails if trying to connect using TOR2019-11-16T14:51:39ZMartinConnection fails if trying to connect using TOR## Versions
- OS: Debian 9 Stretch
- Gajim version: gajim-default-nightly/unstable,unstable,unstable,now 20171023-1 (in info it says 0.16.11.1)
- GTK version: 3.22.11
- Python-nbxmpp version: 0.6.0
## Steps to reproduce the pr...## Versions
- OS: Debian 9 Stretch
- Gajim version: gajim-default-nightly/unstable,unstable,unstable,now 20171023-1 (in info it says 0.16.11.1)
- GTK version: 3.22.11
- Python-nbxmpp version: 0.6.0
## Steps to reproduce the problem
Set up your account to connect via Proxy (SOCKS5, localhost, 9050)
## Expected behavior
Gajim starts and is connecting using TOR
## Actual behavior
Gajim fails to connect (changing localhost to 127.0.0.1 doesn't make any difference)
```
26.10.2017 19:34:41 (I) nbxmpp.proxy_connectors: Authentification successfull. Jabber server contacted.
26.10.2017 19:34:41 (I) nbxmpp.transports_nb: Plugging fd 18, W:True, R:True
26.10.2017 19:34:41 (I) nbxmpp.transports_nb: pollout called, state == PROXY_CONNECTING
26.10.2017 19:34:41 (I) nbxmpp.transports_nb: Plugging fd 18, W:False, R:True
26.10.2017 19:34:41 (E) nbxmpp.transports_nb: _do_send:
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/nbxmpp/transports_nb.py", line 584, in _do_send
sent_data = decode_py2(sent_data, 'utf-8')
File "/usr/lib/python3/dist-packages/nbxmpp/transports_nb.py", line 91, in decode_py2
string = string.decode(encoding)
UnicodeDecodeError: 'utf-8' codec can't decode byte 0x8f in position 5: invalid start byte
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/nbxmpp/transports_nb.py", line 588, in _do_send
if ord(char) & 0xc0 == 0xc0:
TypeError: ord() expected string of length 1, but int found
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/nbxmpp/transports_nb.py", line 584, in _do_send
sent_data = decode_py2(sent_data, 'utf-8')
File "/usr/lib/python3/dist-packages/nbxmpp/transports_nb.py", line 91, in decode_py2
string = string.decode(encoding)
UnicodeDecodeError: 'utf-8' codec can't decode byte 0x8f in position 5: invalid start byte
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/nbxmpp/transports_nb.py", line 588, in _do_send
if ord(char) & 0xc0 == 0xc0:
TypeError: ord() expected string of length 1, but int found
26.10.2017 19:34:41 (I) nbxmpp.client_nb: Disconnecting NBClient:
26.10.2017 19:34:41 (I) nbxmpp.plugin: Plugging <nbxmpp.transports_nb.NonBlockingTCP object at 0x7f887be597f0> __OUT__ of <nbxmpp.client_nb.NonBlockingClient object at 0x7f888998f4a8>.
26.10.2017 19:34:41 (E) gajim.c.connection: Connection to proxy failed:
26.10.2017 19:34:41 (D) gajim.c.ged: our-show Args: (<gajim.common.connection_handlers_events.OurShowEvent object at 0x7f887be4eeb8>,)
26.10.2017 19:34:41 (D) gajim.plugin_system: ClientsIconsPlugin.connect_with_roster_draw_contact() <entered>
26.10.2017 19:34:41 (D) gajim.plugin_system: ClientsIconsPlugin.connect_with_roster_draw_contact() <left>
26.10.2017 19:34:41 (D) gajim.conversation_textview: Printed Line: 4, martin ist jetzt Abgemeldet, 1509039281.6551602, inserted after: None, stanza-id: None, correct-id: None
26.10.2017 19:34:41 (D) gajim.plugin_system: ClientsIconsPlugin.connect_with_roster_draw_contact() <entered>
26.10.2017 19:34:41 (D) gajim.plugin_system: ClientsIconsPlugin.connect_with_roster_draw_contact() <left>
26.10.2017 19:34:41 (D) gajim.c.ged: connection-lost Args: (<gajim.common.connection_handlers_events.ConnectionLostEvent object at 0x7f8889987f60>,)
```https://dev.gajim.org/gajim/gajim/-/issues/6096Connection info, crypto etc2019-09-29T19:56:36ZZashConnection info, crypto etc# Problem
Gajim currently doesn't offer a way to show more information about the connection.
# Analysis
Some users may want to know the specifics about the connection, such as ciphers used etc.
# Enhancement recommendation
Implement some...# Problem
Gajim currently doesn't offer a way to show more information about the connection.
# Analysis
Some users may want to know the specifics about the connection, such as ciphers used etc.
# Enhancement recommendation
Implement something similar to how web browsers show connection info, with details about certificates, ciphers, etc. Could be a popup from the lock (it's a pair of keys in my theme) icon.1.2.0https://dev.gajim.org/gajim/gajim/-/issues/7571Don't load XHTML images automatically2020-07-29T18:38:19ZDarlanDon't load XHTML images automatically# phenomenon
Unwilling disclosure of user IP address.
# background analysis
Send HTML message with image file, using XML Console, to user or MUC.
\<message xmlns="jabber:client" to="test@conference.gajim.org" type="groupchat" ...# phenomenon
Unwilling disclosure of user IP address.
# background analysis
Send HTML message with image file, using XML Console, to user or MUC.
\<message xmlns="jabber:client" to="test@conference.gajim.org" type="groupchat" id="fake lmc">
\<body>
https://gajim.org/imgs/logo_small.png
\</body>
\<html xmlns='http://jabber.org/protocol/xhtml-im'>
\<body xmlns='http://www.w3.org/1999/xhtml'>
\<img src='https://gajim.org/imgs/logo_small.png'
alt='logo_small.png'
title='logo_small.png'
height='100'
width='140'/>
\</body>
\</html>
\</message>
# implementation recommendation
~~*Gajim = 0.16* Do not load images from internet.~~
*Gajim > 0.16* Add an Info-bar that would ask user whether to load image within message or replace image with a placeholder that prompt user to this issue.
*Gajim > 0.16* Add support for [XEP:0231 XEP-0231: Bits of Binary]?
See [GajimChat:2013:08:08:19:58:31 Chatroom logs for gajim@conference.gajim.org (Thursday, August 08, 2013)].1.2.2https://dev.gajim.org/gajim/gajim/-/issues/5294drop python-crypto dependency2018-05-28T16:25:36Zanonymousdrop python-crypto dependencyIt seems to me that gajim requires python-crypto just because of SHA256:
bradford:gajim$ grep -w -r -E 'ARC[24]|Blowfish|CAST|DES|DES3|IDEA|MD[24]|RC5|RIPMED|SHA256|XOR' *
gajim.nsi: File "bin\Crypto.Hash.SHA256.pyd"
...It seems to me that gajim requires python-crypto just because of SHA256:
bradford:gajim$ grep -w -r -E 'ARC[24]|Blowfish|CAST|DES|DES3|IDEA|MD[24]|RC5|RIPMED|SHA256|XOR' *
gajim.nsi: File "bin\Crypto.Hash.SHA256.pyd"
gajim.nsi: Delete "$INSTDIR\bin\Crypto.Hash.SHA256.pyd"
src/common/stanza_session.py: from Crypto.Hash import HMAC, SHA256
src/common/stanza_session.py: self.hash_alg = SHA256
src/common/stanza_session.py: self.hash_alg = SHA256
src/common/stanza_session.py: raise NegotiationError('SHA256(e) != He')
src/common/crypto.py:from Crypto.Hash import SHA256
src/common/crypto.py: sh = SHA256.new()
bradford:gajim$
However, current python includes sha256 in hashlib library:
bradford:gajim$ python
Python 2.6.2 (r262:71600, Aug 21 2009, 12:23:57)
[GCC 4.4.1 20090818 (Red Hat 4.4.1-6)] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> import hashlib
>>> dir(hashlib)
['__builtins__', '__doc__', '__file__', '__get_builtin_constructor', '__hash_new', '__name__', '__package__', '__py_new', '_hashlib', 'md5', 'new', 'sha1', 'sha224', 'sha256', 'sha384', 'sha512']
>>>
Philipp Höristphilipp@hoerist.comPhilipp Höristphilipp@hoerist.comhttps://dev.gajim.org/gajim/gajim/-/issues/11427Enable download/decrypt for shared files when preview is disabled2023-06-15T19:45:19Zxmpp ftwEnable download/decrypt for shared files when preview is disabledWhen file upload preview is disabled, a plaintext "aesgcm" link is displayed in chat. It takes copy/pasting and an external tool (omemo-wget) to open the file.
It makes sense to have a download and open (with default desktop settings / ...When file upload preview is disabled, a plaintext "aesgcm" link is displayed in chat. It takes copy/pasting and an external tool (omemo-wget) to open the file.
It makes sense to have a download and open (with default desktop settings / xdg-open) for the file when preview is disabled, so the user doesn't need external tools.
Why making good UX around disabled preview is important:
- preview leaks IP metadata to a third-party server, unless a proxy is enabled ; opting out of message preview makes such a leak opt-in
- file previews are a well-known vector of attacks (in general, not specific to gajim) ; opting out of message preview makes such a security risk opt-in1.8.1https://dev.gajim.org/gajim/gajim/-/issues/11749Encryption-by-default appears to only work for 1:1 chats2024-03-05T22:44:27ZMarcin MielniczukEncryption-by-default appears to only work for 1:1 chatsThe feature was introduced in https://dev.gajim.org/gajim/gajim/-/merge_requests/965, however, as of 1.8.4, groupchats do not respect this setting.
I will try to debug it in the coming weeks.The feature was introduced in https://dev.gajim.org/gajim/gajim/-/merge_requests/965, however, as of 1.8.4, groupchats do not respect this setting.
I will try to debug it in the coming weeks.Next Releasehttps://dev.gajim.org/gajim/gajim/-/issues/7253Gajim complains about a SSL/TLS certificate when connecting to a custom hostname2018-09-02T11:19:36ZmuelliGajim complains about a SSL/TLS certificate when connecting to a custom hostnameI have a Jabber account (foo@example.com) and a domain that hosts the actual jabber server (jabberdomain.com). So I set up my example.com account and put the actual server in "Use custom hostname/port".
Gajim complains:
"Error verifying...I have a Jabber account (foo@example.com) and a domain that hosts the actual jabber server (jabberdomain.com). So I set up my example.com account and put the actual server in "Use custom hostname/port".
Gajim complains:
"Error verifying SSL certificate
There was an error verifying the SSL certificate of your jabber server: The authenticity of the example.com certificate could be invalid.
The certificate does not cover this domain.
Do you still want to connect to this server?"
The hosting server does have it's own certificate which I get shown when I click the "View cert" button.
So I guess that Gajim doesn't take into account that I indeed wanted to connect to the hosting domain and that the received certificate is expected and fine.
I would have expected to be able to connect without such a dialogue.https://dev.gajim.org/gajim/gajim/-/issues/7795Gajim saves password as plain text without additional warning2020-03-23T23:54:39ZszpakGajim saves password as plain text without additional warning# problem
On Linux with Gnome user could expect that password for an account will be kept using a keyring. I was surprise when I found my password stored as plain text in Gajim's configuration.
This feature were not active, but I wasn't ...# problem
On Linux with Gnome user could expect that password for an account will be kept using a keyring. I was surprise when I found my password stored as plain text in Gajim's configuration.
This feature were not active, but I wasn't aware of it.
# analysis
Looking at code when required libraries are not available (or given system just doesn't support it) Gajim silently fallback to save password as plain text.
# enhancement recommendation
Gajim should display additional warning when user decides to keep password and there is method available which would allow to save it in the "safe" way. There could be also some info how to configure it.
1.2.0https://dev.gajim.org/gajim/gajim/-/issues/8538Gajim with Tor leaks DNS requests2022-05-12T21:23:09Zt2dGajim with Tor leaks DNS requestsThis issues it related to #7023
I saw at [privacy handbook](https://www.privacy-handbuch.de/handbuch_63-gajim_tor.htm) that Gajim is not resolving DNS over TOR. Or check at [Tor wiki](https://trac.torproject.org/projects/tor/wiki/doc/To...This issues it related to #7023
I saw at [privacy handbook](https://www.privacy-handbuch.de/handbuch_63-gajim_tor.htm) that Gajim is not resolving DNS over TOR. Or check at [Tor wiki](https://trac.torproject.org/projects/tor/wiki/doc/TorifyHOWTO/InstantMessaging).
To check, I enabled the Tor Proxy in my account settings, started my client and looked for DNS requests with Wireshark. I could verify their claims.
I think, this is not the expected behavior. If you use Tor, you don't want anyone to know, which hosts you connect to. At least the domain names related to a "torified" account should be resolved over Tor. Another strategy would be to proxy everything over Tor as soon as one account enabled Tor.1.4.0https://dev.gajim.org/gajim/gajim/-/issues/4954Hide private data when using gajim -v2018-05-09T13:07:49ZanonymousHide private data when using gajim -vI'd like an option to hide vital data like password hash and roster contents when I'm issuing "gajim -v". I don't feel comfortable sharing these type of info in bugreports.I'd like an option to hide vital data like password hash and roster contents when I'm issuing "gajim -v". I don't feel comfortable sharing these type of info in bugreports.https://dev.gajim.org/gajim/gajim/-/issues/9179HTTP Upload does not respect trusted (self-signed) SSL/TLS certificates2022-08-18T13:23:44ZGajim UserHTTP Upload does not respect trusted (self-signed) SSL/TLS certificates## Versions
- OS: All
- Gajim version: 1.0.3
- GTK version: 3.22.30
- Python-nbxmpp version: 0.6.6
## Steps to reproduce the problem
1. Use own Jabber Server with TLS encryption and self signed certificate
2. Connect to ow...## Versions
- OS: All
- Gajim version: 1.0.3
- GTK version: 3.22.30
- Python-nbxmpp version: 0.6.6
## Steps to reproduce the problem
1. Use own Jabber Server with TLS encryption and self signed certificate
2. Connect to own server using Gajim
3. Get unknown certificate warning
4. Verify fingerprint and accept new certificate
5. Use Send File -> HTTP Upload or receive File via HTTP Upload
## Expected behavior
Image is uploaded or received
## Actual behavior
Image is not uploaded or displayed
## Background information
The HTTP Upload uses the certificates from the python distribution located in Gajim program folder under Gajim\lib\python3.6\site-packages\certifi\cacert.pem
The connection cerfificate is not added to this list, nor a "local" list of trusted certificates is used.
## Bug evasion
Add your certificate to Gajim\lib\python3.6\site-packages\certifi\cacert.pem
(Problematic under Windows, as this file is owned by the system)
## Bug solving proposal
Make HTTP Upload use the locally accepted certificates list in addition to the python list.1.2.0https://dev.gajim.org/gajim/gajim/-/issues/8592Inform user about not being able to connect to a server due to missing tls/ss...2019-04-24T21:01:27ZVincent FlysonInform user about not being able to connect to a server due to missing tls/ssl authentication methodBy default gajim is forbidden to connect to plain (non-tls/ssl) servers.
It took me some time to figure out why I couldn't connect to my server.
Related issue: https://dev.gajim.org/gajim/gajim/issues/8559
Found the issue by runni...By default gajim is forbidden to connect to plain (non-tls/ssl) servers.
It took me some time to figure out why I couldn't connect to my server.
Related issue: https://dev.gajim.org/gajim/gajim/issues/8559
Found the issue by running gajim via `python -OOt gajim.py --verbose`:
```
...
03/30/2017 21:06:08 (I) nbxmpp.client_nb While connecting with type = "tls": TLS unsupported by remote server
03/30/2017 21:06:08 (I) gajim.c.connection Connecting to next type beacuse desired is tls and returned is plain
03/30/2017 21:06:08 (D) gajim.c.connection Connection to next host
03/30/2017 21:06:08 (D) gajim.c.connection Out of hosts, giving up connecting to XMPP-server-bot
...
```
I believe that having a more detailed UI error message rather than "Unable to connect to server ..." is very important in this case, since non-encrypted connections mostly exist on self-hosted servers used for various bots and setting them up can be a pain in the neck when the client's not reporting why exactly the connection has not been established.https://dev.gajim.org/gajim/gajim/-/issues/7675New "autoimprove_security" option.2018-06-28T18:41:25Zfedor.brunnerNew "autoimprove_security" option.# problem
Most users don't touch advanced options and because Gajim has to support older servers, the default settings in Gajim are TLS 1.0 support, weaker RC4 (because of Google Talk servers [#7](https://python-nbxmpp.gajim.org/ticket/...# problem
Most users don't touch advanced options and because Gajim has to support older servers, the default settings in Gajim are TLS 1.0 support, weaker RC4 (because of Google Talk servers [#7](https://python-nbxmpp.gajim.org/ticket/7)) and 3DES ciphers are supported, authentication mechanisms PLAIN, DIGEST-MD5 are enabled.
# enhancement recommendation
When the "autoimprove_security" option is enabled, Gajim will detect current security settings of XMPP server during login (supported TLS version (1.2), current cipher (AES) and authentification mechanism (SCRAM-SHA-1)). After a successful login, Gajim will disable older TLS versions (1.0, 1.1), disable weak ciphers (3DES, RC4) and disable weaker authentication mechanisms (PLAIN, DIGEST-MD5) for the connected server.
I think that this is a good behavior because absolutely most cases XMPP
server operators don't downgrade to a software with weaker security. So
security features of XMPP servers only improves over time.
This option will enable in combination with XMPP server supporting [SCRAM-SHA-1-PLUS](https://python-nbxmpp.gajim.org/ticket/16) that users will be protected from active MiTM attacker with valid SSL certificates. This protection work without any changes in setting by user. It's only required that the user will choose a good password.
Next idea is to have a database (or just a plain text table) of security
features of known XMPP public servers. (http://xmpp.net)
This table will contain:
- The highest supported TLS version
- Information if ciphers stronger than RC4, 3DES are supported.
- The strongest supported authentification mechanism (and supported by Gajim)
When user creates a new account in Gajim with one of the these servers the security settings for this account will be copied from the database.
https://dev.gajim.org/gajim/gajim/-/issues/9568Not able to login on nimbuzz.com server2019-02-05T07:54:38ZAmandeepNot able to login on nimbuzz.com server**Please first check if another issue has been opened for your problem**
## Versions
- OS: Ubuntu 18.04.1 LTS
- Gajim version: 1.1.2+14b4488b0
- GTK version: 3.22.30
- Python-nbxmpp version: 0.6.9
## Steps to reproduce the pro...**Please first check if another issue has been opened for your problem**
## Versions
- OS: Ubuntu 18.04.1 LTS
- Gajim version: 1.1.2+14b4488b0
- GTK version: 3.22.30
- Python-nbxmpp version: 0.6.9
## Steps to reproduce the problem
NA, I dont know how to fix it. I am attaching screenshot of XML console. Plese help.
## Expected behavior
I should able to login using my nimbuzz account. I am able to login using PSI app. But I like gajim more. Plese help.![Screenshot_from_2019-02-02_18-14-54](/uploads/fb4d974e5d96d593a586a2b58f33d454/Screenshot_from_2019-02-02_18-14-54.png)
## Actual behavior
Not able to login. It shows cannot connect to nimbuzz.com popup.https://dev.gajim.org/gajim/gajim/-/issues/11654Notify about certificate fingerprint changes2024-02-11T21:29:13ZPolarianpolarian@polarian.devNotify about certificate fingerprint changes**Please note by far the quickest way to get a new feature is to file a Merge Request.**
## Description of the new feature
In light oh the [MitM attack](https://notes.valdikss.org.ru/jabber.ru-mitm/) which is going around XMPP communit...**Please note by far the quickest way to get a new feature is to file a Merge Request.**
## Description of the new feature
In light oh the [MitM attack](https://notes.valdikss.org.ru/jabber.ru-mitm/) which is going around XMPP communities over the past few days, I suggest that gajim warns the user when the server fingerprint changes and forcing them to manually acknowledge this change.
[Claws mail](https://www.claws-mail.org/) does this when the server fingerprint changes. I feel this would be a first point at which a MitM attack could be caught, if a certificate is renewed too soon (say if it still has 60 days left on it, it would be pretty unusual to renew it until it hits 30 days).