[ejabberd] SSL/TLS with ICA

Jonathan Siegle jsiegle at psu.edu
Thu Dec 14 23:39:43 MSK 2006


Albert Holm said the following on 12/14/06 12:11 PM:
> Thursday 14 December 2006 17:52 skrev Peter Saint-Andre:
>> Philipp Hancke of the PSYC project told me that you can probably solve
>> this problem by using SSL_CTX_use_certificate_chain_file instead of
>> SSL_use_certificate_file when calling OpenSSL.
> 
> Apparently it is not quite as easy. It was attempted about 18 months ago and 
> documented at <http://www.jabber.ru/bugzilla/show_bug.cgi?id=46>.
> 
Oh geesh. Is that it? Well I'll get my linux box fired up and test this 
patch. That second error they get implies someone is trying to talk to 
an ssl port in plain text. Now reading my OpenSSL Oreilly book, the 
auther claims that you must have the entire chain in the file. This 
doesn't seem right, but it could be from the way it was presented to me. 
The server software must pass the whole chain except the root. So 
perhaps openssl is just verifying a root exists or something.



--
Jonathan



-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3357 bytes
Desc: S/MIME Cryptographic Signature
Url : http://lists.jabber.ru/pipermail/ejabberd/attachments/20061214/765514a0/smime.bin


More information about the ejabberd mailing list