Hi, On Tue, 27 Oct 2015, Daniele Ricci wrote:
> Hello list, > I've been having issues with the certification tool at xmpp.net with my > server. > The reported error is: "Connection failed". > > I use CACert and I'm pretty sure I have a correct certificate chain (have I?): > http://pastebin.com/pVu2EUjP > > IIRC CACert certificates are accepted by this tool, right? when I try that with the new openssl-1.1.0-dev I get the following error: CONNECTED(00000003) depth=2 O = Root CA, OU = http://www.cacert.org, CN = CA Cert Signing Authority, emailAddress = [email protected] verify return:1 depth=1 O = CAcert Inc., OU = http://www.CAcert.org, CN = CAcert Class 3 Root verify return:1 depth=0 CN = beta.kontalk.net verify return:1 33728576:error:1409018E:SSL routines:ssl3_get_server_certificate:ca md too weak:s3_clnt.c:1365: Maybe openssl is not very happy with the md5 signature of the CAcert root certificate, but I don't know what xmpp.net is actually using. Matthias
