[ejabberd] SSL/TLS with ICA
stpeter at jabber.org
Thu Dec 14 19:52:09 MSK 2006
Jaco Kroon (of TLUG in South Africa) and I have been looking into
ejabberd's support for intermediate certification authorities, such
as the one we just launched at https://www.xmpp.net/
Unfortunately, it seems that ejabberd does not correctly present the
full certificate chain using the new intermediate CA. For example,
run this command:
openssl s_client -connect jabber.org:5223
openssl s_client -connect jabber.org:5223 -CAfile /path/to/ca.crt
... where ca.cert is the StartCom root certificate:
You will receive an error because ejabberd is not presenting the entire
certificate chain. SSL-aware Jabber clients will also show an error and
refuse to connect.
Jaco is running ejabberd 1.1.2 and jabber.org is running 1.1.1, both
versions seem to display this behavior.
Philipp Hancke of the PSYC project told me that you can probably solve
this problem by using SSL_CTX_use_certificate_chain_file instead of
SSL_use_certificate_file when calling OpenSSL. YMMV.
Jabber Software Foundation
More information about the ejabberd