i found the error by myself. IMHO this is a bug within jabberd2 not responding 
to openssl s_client calls while using the FQDN instead of the domain part of 
the JID. especially because some xmpp clients give you the ability to connect 
to another host instead of your domain part of your JID.


while using the FQDN of my host i am not getting a response from openssl 
s_client:

root@cargo:/etc/jabberd2 2015/05/10 03:21:31 # openssl s_client -CApath 
/etc/ssl/certs -starttls xmpp -connect xmpp.guuk.eu:5222
CONNECTED(00000003)
^C

using the domain part of the JID is giving me a response:

root@cargo:/etc/jabberd2 2015/05/10 03:22:59 # openssl s_client -CApath 
/etc/ssl/certs -starttls xmpp -connect guuk.eu:5222                       
CONNECTED(00000003)
depth=2 C = IL, O = StartCom Ltd., OU = Secure Digital Certificate Signing, CN 
= StartCom Certification Authority
verify return:1
depth=1 C = IL, O = StartCom Ltd., OU = Secure Digital Certificate Signing, CN 
= StartCom Class 2 Primary Intermediate Server CA
verify return:1
depth=0 C = DE, ST = Hessen, L = Wiesbaden, O = G\C3\BCnther K\C3\BCnzel, CN = 
xmpp.guuk.eu, emailAddress = p... @guuk.eu
verify return:1
---
Certificate chain
 0 s:/C=DE/ST=Hessen/L=Wiesbaden/O=G\xFCnther 
K\xFCnzel/CN=xmpp.guuk.eu/emailAddress=p... @guuk.eu
   i:/C=IL/O=StartCom Ltd./OU=Secure Digital Certificate Signing/CN=StartCom 
Class 2 Primary Intermediate Server CA                               
 1 s:/C=IL/O=StartCom Ltd./OU=Secure Digital Certificate Signing/CN=StartCom 
Class 2 Primary Intermediate Server CA                               
   i:/C=IL/O=StartCom Ltd./OU=Secure Digital Certificate Signing/CN=StartCom 
Certification Authority                                              
 2 s:/C=IL/O=StartCom Ltd./OU=Secure Digital Certificate Signing/CN=StartCom 
Certification Authority                                              
   i:/C=IL/O=StartCom Ltd./OU=Secure Digital Certificate Signing/CN=StartCom 
Certification Authority                                              
---                                                                             
                                                                  
Server certificate                         

the certification chain is only working, because my certificate is signed for 
both, xmpp.guuk.eu and guuk.eu.

not sure how to proceed with that, but it looks like it was a nice try to use 
username @ domainname.tld for JIDs. it's just not working. looks like i have to 
use username @ hostname.domainname.tld ...

greetings
-mog



Reply via email to