* Tomasz Sterna <[email protected]> [2009-02-03 10:34]:
> Dnia 2009-02-03, wto o godzinie 08:54 +0100, Wolfram Schlich pisze:
> > http://jabberd2.xiaoka.com/ticket/256
> >
> > Hi,
> >
> > when will this be fixed? It actually prevents jabberd2 from
> > talking with OpenFire servers which is really really bad.
>
> I'm not fond of working around other software bugs, so unless someone
> submits a working patch, it's not going to be anytime soon.
If I understood it correctly, the problem is that you want to
allow TLSv1 compression and are therefore forcing TLSv1 handshakes
instead of allowing SSLv3 or TLSv1 handshakes.
Currently my personal "fix" for that problem is this...
--8<--
diff -urN jabberd-2.2.5.orig/sx/ssl.c jabberd-2.2.5/sx/ssl.c
--- jabberd-2.2.5.orig/sx/ssl.c 2009-01-19 13:28:58.000000000 +0100
+++ jabberd-2.2.5/sx/ssl.c 2009-02-03 09:03:13.197593507 +0100
@@ -523,7 +523,9 @@
sc->ssl = SSL_new(ctx);
SSL_set_bio(sc->ssl, sc->rbio, sc->wbio);
SSL_set_connect_state(sc->ssl);
- SSL_set_ssl_method(sc->ssl, TLSv1_client_method());
+ //SSL_set_ssl_method(sc->ssl, TLSv1_client_method());
+ SSL_set_ssl_method(sc->ssl, SSLv3_client_method());
+ //SSL_set_ssl_method(sc->ssl, SSLv23_client_method());
/* empty external_id */
sc->external_id = NULL;
--8<--
...which makes it just juse SSLv3 instead, as I don't care about
compression (I care more about being able to talk to OpenFire
users).
I believe it would be best if this was user configurable,
just as the SSL verify depth option.
--
Regards,
Wolfram Schlich <[email protected]>
Gentoo Linux * http://dev.gentoo.org/~wschlich/
--
To unsubscribe send a mail to [email protected]
