[ejabberd] ejabberd 0.7 and config

Leif Johansson leifj at it.su.se
Fri Jul 23 12:47:45 MSD 2004


Mickaël Rémond wrote:
> On Thu, 22 Jul 2004 16:10:04 +0400, <sgolovan at nm.ru> wrote:
> 
>> For now, web interface doesn't work over SSL because of erlang SSL  
>> limitations.
> 
> 
> Hum. I think SSL Erlang/OTP implementation is sufficent to implement a 
> web  server using HTTPS. Yaws and Inets are two example web server that 
> are  implementing HTTPS.
> 

There is at least one Erlang bug which is pretty serious - Erlang does
not send the entire certificate chain:

--- erlang-R9C-0-i386_linux24/lib/ssl/c_src/esock_openssl.c     Mon Jul 
  7 14:33:18 2003
+++ erlang-R9C-0-i386_linux24-su/lib/ssl/c_src/esock_openssl.c  Wed May 
  5 21:39:25 2004
@@ -838,9 +838,8 @@
         keyfile = certfile;

      if (certfile) {
-       DEBUGF(("set_ssl_parameters: SSL_CTX_use_certificate_file\n"));
-       if (SSL_CTX_use_certificate_file(ctx, certfile,
-                                        SSL_FILETYPE_PEM) <= 0) {
+       DEBUGF(("set_ssl_parameters: 
SSL_CTX_use_certificate_chain_file\n"));
+       if (SSL_CTX_use_certificate_chain_file(ctx, certfile) <= 0) {
             DEBUGF(("ERROR: Cannot set certificate file\n"));
             MAYBE_SET_ERRSTR("ecertfile");
             goto err_end;


More information about the ejabberd mailing list