[ejabberd] SSL/TLS with ICA
jsiegle at psu.edu
Thu Dec 14 23:39:43 MSK 2006
Albert Holm said the following on 12/14/06 12:11 PM:
> Thursday 14 December 2006 17:52 skrev Peter Saint-Andre:
>> Philipp Hancke of the PSYC project told me that you can probably solve
>> this problem by using SSL_CTX_use_certificate_chain_file instead of
>> SSL_use_certificate_file when calling OpenSSL.
> Apparently it is not quite as easy. It was attempted about 18 months ago and
> documented at <http://www.jabber.ru/bugzilla/show_bug.cgi?id=46>.
Oh geesh. Is that it? Well I'll get my linux box fired up and test this
patch. That second error they get implies someone is trying to talk to
an ssl port in plain text. Now reading my OpenSSL Oreilly book, the
auther claims that you must have the entire chain in the file. This
doesn't seem right, but it could be from the way it was presented to me.
The server software must pass the whole chain except the root. So
perhaps openssl is just verifying a root exists or something.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 3357 bytes
Desc: S/MIME Cryptographic Signature
Url : http://lists.jabber.ru/pipermail/ejabberd/attachments/20061214/765514a0/smime.bin
More information about the ejabberd