Fabian,
Fabian Wenk writes:
>Hello Joe
>
>On 30.12.2013 00:44, Joe Malcolm wrote:
>> Anyone else running into a problem with 5222 & starttls for Adium? I'm
>> running jabberd2 2.2.17 on FreeBSD-10RC2.
>
>I am using Adium 1.5.9 now (1.5.7 before) with jabberd-2.2.17_1
>on FreeBSD 9.1 and it works.
>
>> Adium says:
>> 17:47:20: (Libpurple: cdsa) SSLHandshake failed with error -9806
>> 17:47:20: (Libpurple: connection) Connection error on 0x10e056c50
>> (reason: 5 description: SSL Handshake Failed)
>
>Is the SSL configuration correct in the c2s.xml?
Thanks for the clue - this turned out to be the answer.
I had verify-mode set to 7. From the example config, this at least
required client certificates.
verify-mode
SSL verify mode - see SSL_CTX_set_verify(3), mode parameter.
Sum of the following options:
SSL_VERIFY_NONE 0x00
SSL_VERIFY_PEER 0x01
SSL_VERIFY_FAIL_IF_NO_PEER_CERT 0x02
SSL_VERIFY_CLIENT_ONCE 0x04
Use 7 to require all clients to present _valid_
certificates.
>Did you create the correct file .pem file with the following order of
>the certificates / keys in PEM format?
>
>host certificate
>host private key
>issuse CA certificate
>root CA certificate
I'm using a self-signed certificate for the moment, so this didn't
matter.
>Is your configuration correct and is jabberd (c2s) able to ready
>the file with the certificates? Check permissions and path to
>file. Also check your options in the c2s.xml for <id realm= part.
>
>> It all works if I force 5223 & old-style SSL.
>
>Can not test, this is not active on my system.
5223 worked as there doesn't seem to be a verify-mode equivalent.
Joe
