Package: prosody
Version: 0.9.11-1
Severity: important

Dear Maintainer,

I use exactely the same configuration than with prosody 0.9.10, and when
I upgraded to 0.9.11, this bug happened.

I force using TLS one most of the servers talking to me. Now, my prosody
rejects all incoming connexions from these servers and because my
prosody cannot check if certificats are valid or not. The log says

Dec 01 10:17:19 s2sinb7730c88 info  incoming s2s stream 
example1.com->example.com closed: Your server's certificate is invalid, 
expired, or not trusted by example.com


-- System Information:
Debian Release: stretch/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: armhf (armv7l)

Kernel: Linux 3.4.79-sun7i (SMP w/2 CPU cores; PREEMPT)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)

Versions of packages prosody depends on:
ii  adduser                             3.115
ii  libc6                               2.24-5
ii  libidn11                            1.33-1
ii  libssl1.1                           1.1.0c-2
ii  lsb-base                            9.20161101
ii  lua-expat [lua5.1-expat]            1.3.0-3
ii  lua-filesystem [lua5.1-filesystem]  1.6.3-1
ii  lua-sec [lua5.1-sec]                0.6-2
ii  lua-socket [lua5.1-socket]          3.0~rc1+git+321c0c9-1
ii  lua5.1                              5.1.5-8.1+b2
ii  ssl-cert                            1.0.38

Versions of packages prosody recommends:
ii  lua-event [lua5.1-event]  0.4.3-2

Versions of packages prosody suggests:
pn  lua-dbi-mysql       <none>
pn  lua-dbi-postgresql  <none>
pn  lua-dbi-sqlite3     <none>
pn  lua-zlib            <none>

-- Configuration Files:
/etc/prosody/conf.avail/example.com.cfg.lua [Errno 13] Permission non accordée: 
u'/etc/prosody/conf.avail/example.com.cfg.lua'
/etc/prosody/conf.avail/localhost.cfg.lua [Errno 13] Permission non accordée: 
u'/etc/prosody/conf.avail/localhost.cfg.lua'
/etc/prosody/prosody.cfg.lua:

admins = { "ad...@example.com" }
plugin_paths = {"/src/prosody-modules"}
modules_enabled = {
  "roster";
    "saslauth";
    "tls";
    "dialback";
    "disco";
    "private";
    "vcard";
    "version";
    "uptime";
    "time";
    "ping";
    "pep";
    "register";
    "adhoc";
    "admin_adhoc";
    "bosh";
    "posix";
    "watchregistrations";
    "cloud_notify";
};
modules_disabled = {
};

consider_bosh_secure = true
cross_domain_bosh = true;
bosh_max_inactivity = 30

allow_registration = false;
daemonize = true;
pidfile = "/var/run/prosody/prosody.pid";
ssl = {
  key = "/etc/ssl/private/example.com.key";
  certificate = "/etc/ssl/certs/example.com.pem";

  options = {
    "no_sslv2",
    "no_sslv3",
    "no_ticket",
    "no_compression",
    "cipher_server_preference",
    "single_dh_use",
    "single_ecdh_use"
  };
  ciphers = "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384
  EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH EDH+aRSA
  !RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS";
}
c2s_require_encryption = true
s2s_secure_domains = {
  "example1.com",
  "example2.com",
  "example3.com",
  "example4.com"
}
authentication = "internal_hashed"
log = {
  info = "/var/log/prosody/prosody.log";
  error = "/var/log/prosody/prosody.err";
  { levels = { "error" }; to = "syslog"; };
}
Include "conf.d/*.cfg.lua"

-- no debconf information

Reply via email to