Fabian, Fabian Wenk writes: >Hello Joe > >On 30.12.2013 00:44, Joe Malcolm wrote: >> Anyone else running into a problem with 5222 & starttls for Adium? I'm >> running jabberd2 2.2.17 on FreeBSD-10RC2. > >I am using Adium 1.5.9 now (1.5.7 before) with jabberd-2.2.17_1 >on FreeBSD 9.1 and it works. > >> Adium says: >> 17:47:20: (Libpurple: cdsa) SSLHandshake failed with error -9806 >> 17:47:20: (Libpurple: connection) Connection error on 0x10e056c50 >> (reason: 5 description: SSL Handshake Failed) > >Is the SSL configuration correct in the c2s.xml?
Thanks for the clue - this turned out to be the answer. I had verify-mode set to 7. From the example config, this at least required client certificates. verify-mode SSL verify mode - see SSL_CTX_set_verify(3), mode parameter. Sum of the following options: SSL_VERIFY_NONE 0x00 SSL_VERIFY_PEER 0x01 SSL_VERIFY_FAIL_IF_NO_PEER_CERT 0x02 SSL_VERIFY_CLIENT_ONCE 0x04 Use 7 to require all clients to present _valid_ certificates. >Did you create the correct file .pem file with the following order of >the certificates / keys in PEM format? > >host certificate >host private key >issuse CA certificate >root CA certificate I'm using a self-signed certificate for the moment, so this didn't matter. >Is your configuration correct and is jabberd (c2s) able to ready >the file with the certificates? Check permissions and path to >file. Also check your options in the c2s.xml for <id realm= part. > >> It all works if I force 5223 & old-style SSL. > >Can not test, this is not active on my system. 5223 worked as there doesn't seem to be a verify-mode equivalent. Joe