-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wed, Oct 28, 2015 at 1:00 PM, <[email protected]> wrote: >>> Hi, >>> >>> On Tue, 27 Oct 2015, Daniele Ricci wrote: >>> >>>> Hello list, >>>> I've been having issues with the certification tool at xmpp.net with my server. >>>> The reported error is: "Connection failed". >>>> >>>> I use CACert and I'm pretty sure I have a correct certificate chain (have I?): >>>> http://pastebin.com/pVu2EUjP >>>> >>>> IIRC CACert certificates are accepted by this tool, right? >>> >>> when I try that with the new openssl-1.1.0-dev I get the following error: >>> >>> CONNECTED(00000003) >>> depth=2 O = Root CA, OU = http://www.cacert.org, CN = CA Cert Signing Authority, emailAddress = [email protected] >>> verify return:1 >>> depth=1 O = CAcert Inc., OU = http://www.CAcert.org, CN = CAcert Class 3 Root >>> verify return:1 >>> depth=0 CN = beta.kontalk.net >>> verify return:1 >>> 33728576:error:1409018E:SSL routines:ssl3_get_server_certificate:ca md too weak:s3_clnt.c:1365: >>> >>> Maybe openssl is not very happy with the md5 signature of the CAcert root >>> certificate, but I don't know what xmpp.net is actually using. >>>
Interesting. I use a CAcert certificate on wyrddreams.org and the IM Observatory doesn't seem to have any problems with it. I don't see anything obviously wrong in what you pasted, and attempting to connect from here didn't yield anything useful: http://pastebin.com/BBhDJejA This is using OpenSSL 1.0.1f from the Ubuntu repos. JT - -- - ---------------------------------------+-------------------------------- James Tait, BSc | xmpp:[email protected] Programmer and Free Software advocate | Tel: +44 (0)870 490 2407 - ---------------------------------------+-------------------------------- -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iEYEARECAAYFAlYw+ocACgkQyDo4xMNTLiZLBQCeNF7EIIyZHZ/3uz3K4aZ9MAkv T7cAoKWlo1INPEmqL5K+tkH3RpnkbMct =hiXs -----END PGP SIGNATURE-----
